Providing security of places that containing personal data
If personal data is stored on paper media or on devices located in the territory of the data controllers, physical security measures must be taken against threats such as theft or loss of these devices and papers. Likewise, it is important to protect the physical environments containing personal data against external risks (fire, flood, etc.) with appropriate methods and to control the entry/exit to these environments.
πππClick Read more
If personal data is in electronic form, access can be restricted or separated between network components to prevent personal data security breach. For example, if personal data is processed in this area by limiting it to only a certain part of the network reserved for this purpose, the available resources may be reserved only to ensure the security of this limited area, not the entire network.
The same level of precautions should be taken for paper media, electronic media and devices located outside the territory of the data controller and containing personal data belonging to the data controller.
Personal data security breaches often occur due to theft and loss of devices containing personal data (laptop, mobile phone, flash disk, etc.). At the same time, personal data to be transferred by e-mail or post must be sent carefully and by taking adequate precautions. In addition, since the personal electronic devices of the employees access the information system network increases the risk of security breaches, adequate security measures must be taken for them as well.
In order to ensure personal data security, the documents in paper media containing personal data, servers, backup devices, CD, DVD and USB devices should be taken to another room with additional security measures. Measures should also be taken to increase physical security, such as keeping these items under lock and key when not in use, and keeping entry and exit records.
The use of access control authorization and/or encryption methods will help ensure personal data security in case of loss or theft of devices containing personal data. In this context, the encryption key should be stored in an environment that only authorized persons can access, and unauthorized access should be prevented. Similarly, paper documents containing personal data should be kept in a locked manner and in environments accessible only to authorized persons, and unauthorized access to these documents should be prevented.
Along with these, encryption is a security tool that is used in different forms and provides different conditions according to these forms. In this context, the entire device can be encrypted with full disk encryption or a file on the device can be encrypted. Some software, on the other hand, offers password protection to prevent changes to the data, but these software do not stop personal data from being read by unauthorized persons. For this reason, regardless of which encryption methods are used, it should be ensured that personal data is fully protected and for this purpose, the use of internationally accepted encryption programs should be preferred. If the preferred encryption method is asymmetric encryption, attention should be paid to key management processes.
No comments:
Post a Comment
Your comment will taken into consideration.