Here’s a cartoon I created. It involves several Fair Information Practice Principles (FIPPs) and privacy best practices. The ones involved (and not heeded) in this cartoon are doing a data inventory, informing people about the purposes of the collection of their data, using data for only those purposes, and not keeping data longer than necessary to accomplish those purposes.
For many organizations, there is a lot of data collected that gets stored and forgotten, or that is collected with no apparent purpose in mind. Data inventories are a great way to take stock of this data and determine whether it is really necessary and appropriate to keep it.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. This post was originally posted on his blog at LinkedIn, where Solove is a “LinkedIn Influencer.” His blog has more than 1 million followers.
Professor Solove is the organizer, along with Paul Schwartz of the Privacy + Security Forum (Oct. 24-26, 2016 in Washington, DC), an annual event that aims to bridge the silos between privacy and security.