Much of the data a business stores is redundant, obsolete, or trivial.
But this still presents a problem, should a leak occur. The data lost doesn’t have to be bank accounts or debit cards to cause consumers to lose confidence in a brand.
Data deletion should happen a minimum of several times a year.
Several types of data should be purged immediately, such as passwords stored in plain text and data related to production systems no longer in use (including outdated websites).
When distributing data for use in testing and analysis, be sure only masked data is tested. This avoids created duplicates of crucial consumer data that could then be found and leaked. Every duplicate created is another bit of data the company must account for.
Keep PII Vague
Personally identifiable information (PII) is often used in training machine learning models, among other use cases.
The General Data Protection Regulation (GDPR) set in place by the European Union sets strict limits on what PII a company is allowed to collect, who’s allowed access to it, and how long a company can hold on to it.
However, there remains a myth that it’s possible to remove the identifiable characteristics of PII to keep people virtually anonymous.
This is a dangerous assumption—it’s still possible for identifiable information to be found in most cases. Consumers may fill out their name in fields not marked for it or present other identifiable information without intending to. The correct string of queries put together will still provide identifiable information.
Try to keep PII as vague as possible when collecting. For example, do you need to know a client’s home address, or will their city or county fulfill your needs?
Data breaches are a regular threat. If an organization sticks only to data that is pertinent and necessary and deletes everything else at regular intervals, especially information with any identifiable features, they can maintain the cybersecurity and the faith of their consumers. It’s not the whole of cybersecurity procedures, but it is a crucial part.
After all, a business doesn’t need to protect what it doesn’t have.