27. Data Handling Practices
Data has value and must be handled appropriately.
Data should be classified and labeled so it is treated according to its sensitivity.
The data life cycle also includes retention requirements and ensuring that data no longer in use is destroyed.
Classification
Businesses classify information because it has value and must be protected from unauthorized disclosure.
Classification is the process of recognizing the organizational impact if information is compromised in terms of:
- Confidentiality
- Integrity
- Availability
Information is then labeled and handled accordingly.
Classifications are often based on laws, regulations, contractual standards, or business expectations.
The benefit of classification is that it allows organizations to apply the same security controls to similarly classified information.
Labeling
Security labels help implement controls to protect classified information by assigning levels of sensitivity to data.
Organizations typically use two or three classifications, since more than four can be difficult to manage.
Common sensitivity levels include:
- Highly restricted: compromise could threaten the organization’s future or cause serious damage.
- Moderately restricted: compromise could cause loss of competitive advantage, revenue loss, or disruption of activities.
- Low sensitivity (internal use only): compromise could cause minor disruptions or delays.
- Unrestricted public data: already published and further disclosure causes no harm.
Retention
Data should be kept only as long as necessary and no longer. Retention policies define:
- how long information must be maintained
- how records should be managed throughout the organization
Policies should ensure that:
- personnel understand retention requirements
- retention rules are documented
- systems and personnel follow the required retention schedule
Keeping information longer than necessary increases storage costs, exposure risk, and unnecessary data noise.
When records are no longer required, they must be destroyed according to organizational policies and legal requirements.
Destruction
Deleting data may leave data remanence (residual data remaining after deletion). Methods used to reduce the risk of data remanence include:
- Clearing: overwriting storage media with random values.
- Purging: removing data so that it cannot be recovered.
- Physical destruction: destroying the device or media.
In routine environments, clearing may be sufficient. When systems are removed or disposed of, purging or destruction may be required to protect sensitive information.