Security News > 2020 > January > Data ownership vs. data processing: A moral dilemma?

Data ownership vs. data processing: A moral dilemma?
2020-01-07 06:00

In terms of the state of data, it can be reduced to who owns data, aka, data ownership equates to data control.

In turn, further layers of the data onion will peel away to reveal more questions, such as, who owns the responsibility in complying with data regulations? And where does the responsibility for data security actually lie? If a customer uploads an image to your site - who owns that image? And, who is responsible for keeping it safe?

The data ownership vs. data processing dichotomy is a great place to understand where the data buck stops.

What is important to note is that a data processor has a strong security perspective; however, if cloud providers aren't exposed to data, they won't be labeled processors under GDPR. The CISO may similarly have to set up their own "Internal GDPR" equivalent to delegate ownership and help share data responsibility.

The CISO can turn this on its head by using encryption across the data lifecycle, no matter where the data goes, where it is stored, how it is used, if the encryption is part of the whole journey of the data, ownership becomes mute.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/WscQMu2jLGg/