Data hygiene consists of actions that organizations can, and should, take as a matter of following not only compliance requirements, but also as part of basic risk management program practices. Consistent, risk-specific data hygiene practices supports not only a very wide range and number of data protection compliance requirements, but performing data hygiene activities also demonstrably improves an organization’s data security effectiveness without significantly increasing IT or information security costs. Most of these actions involve people performing activities that all personnel within an enterprise can take. No specialized tools are typically needed—just some training and ongoing awareness reminders, or periodic use of data management tools.
These actions serve to:
- limit the amount of data collected to only that which is necessary to support the purposes of the data collection
- keep data from being modified in unauthorized ways, or accidentally
- destroy/delete data when it is no longer needed to support the purpose(s) for which it was collected and to meet legal retention requirements
- prevent access to data to only those entities (devices, individuals, accounts, etc.) that have a business/validated need to access the data
- not share data with others unless necessary and with the consent of those about whom the data applies, as applicable
- keep your own personal and business data from being used and posted in ways for which you did not consent or is not necessary to support the purposes for which you originally allowed the data to be collected or derived
- keep unauthorized entities from accessing data
Source: Best Practices for Data Hygiene
