Alan Brill Discusses Ransomware Attack with Information Security Media Group
As organizations begin to consider reopening in the wake of COVID-19, many companies are tracking which employees are healthy, and which have been infected with the disease. In doing so, companies obtain and collect sensitive personal data that requires proper protection. Chief information security officers and data protection officers are challenged with the task of deciding what data to collect and how to protect it. Jason Smolanoff, Senior Managing Director and global leader of the Cyber Risk practice at Kroll, a division of Duff & Phelps, spoke with CSO Online regarding the collection of sensitive, health-related data and best practices for storing it.
Jason highlights the importance of collecting only the minimal, necessary data an employee or team needs to successfully accomplish their functions within an organization. When storing the data, Jason states its best to “avoid moving a lot of existing data into a new data structure, but rather have a value that can be used to link the COVID data to your existing HR or medical department systems.” It is important for companies to be transparent regarding the how long they will hold employee health data and are encouraged to have a decommissioning plan in place at the end of the process. The longer an organization holds sensitive data, the more at risk they are of having it stolen or misused.
The full article is available here for CSO subscribers.