2. Data Handling Deep Dive

Data handling (how organizations manage and protect data) is important because data can be valuable and sensitive. Organizations must protect it from being stolen, changed, or destroyed.

First, organizations must identify data assets (important information that needs protection). The data owner (person or group responsible for the data) decides how valuable the data is. Based on that value, organizations analyze the risk (chance the data could be damaged or stolen) and vulnerabilities .

Data Life Cycle

Data goes through several stages during its lifetime:

• Create (producing new data)
• Store (saving data in systems or storage)
• Use (accessing or processing the data)
• Share (sending data to other people or systems)
• Archive (keeping data long-term but rarely using it)
• Destroy (permanently deleting the data)

At every stage there are different security risks (possible threats to the data).

Regulations and Laws

Organizations must follow certain regulations (laws or official rules about data protection).

Examples:

• OSHA (Occupational Safety and Health Administration – U.S. agency that protects worker safety)
• HIPAA (Health Insurance Portability and Accountability Act – protects medical information)
• PCI DSS (Payment Card Industry Data Security Standard – rules for protecting credit card data)
• GDPR (General Data Protection Regulation – European Union law protecting personal data)

These regulations often define how long data must be kept and how it must be protected.

Example:
Some medical records must be stored 10–30 years depending on the regulation.

Data Handling Practices

Organizations use several practices to manage data safely:

• Data classification (categorizing data by sensitivity such as public, internal, confidential)
• Labeling (marking data so users know its sensitivity level)
• Access control (restricting who can view or use certain data)
• Retention (how long data must be stored)

Data Destruction

When data is no longer needed, it must be destroyed safely.

Defensible destruction (legally approved process for deleting data) means the organization can prove the data was destroyed according to regulations.

Ways to destroy data:

• Digital wiping (software that permanently erases files)
• Physical destruction (destroying storage devices)
• Degaussing (using strong magnets to erase magnetic storage like hard drives or tapes)

Simply emptying the recycle bin does not fully delete data, because specialized tools can sometimes recover it.

Main Idea:
Organizations must protect data during its entire life cycle and follow all laws and regulations to ensure the data is stored, used, and destroyed securely.