Data Protection & Privacy (DPPC) Committee
Our Goals
The DPPC exists to further the awareness and adoption of data protection technology, and to provide education, best practices and technology guidance on all matters related to the protection and privacy of data.
Within SNIA, Data Protection is defined as the assurance that data is usable and accessible for authorized purposes only, with acceptable performance and in compliance with applicable requirements. The technology behind data protection will remain a primary focus for the DPPC. However, there is now also a wider context which is being driven by increasing legislation to keep personal data private. The term data protection also extends into areas of resilience to cyber attacks and to threat management.
This charter expands the mission of the DPPC from being entirely focused on data protection technology and into areas of data privacy and regulatory compliance as well as taking a more holistic view of protecting data in collaboration with the SNIA Security TWG.
Data Privacy and Why It Matters
Failing to protect sensitive information can put a lot of people at risk of being exploited by cybercriminals, and can make a company face enormous legal penalties.The way information is shared and stored can put the information at risk. It is risky to store personal information on portable devices, which are easily lost or stolen. In addition, the consequences of a data breach can be devastating. Identity theft could lead to financial losses, and a company could face lawsuits and legal penalties. This presentation covers what kinds of personal information must be protected & guidelines for keeping this info safe.
Storage Security Data Protection Technical White Paper
The SNIA Storage Security TWG just released the new Storage Security: Data Protection whitepaper that provides an overview of data protection and the associated guidance for the ISO/IEC 27040:2015 (Information technology - Security techniques - Storage security), which is a standard that provides detailed technical guidance on controls and methods for securing storage systems and ecosystems. Data protection is an essential element of storage security that can be nuanced, depending on industry requirements (e.g., storage, security, and privacy). This can be seen in the ISO/IEC 27040 (Storage security) standard, which while not directly addressing data protection, does identify relevant security controls. To raise awareness of data protection, this whitepaper highlights the relevant data protection guidance from ISO/IEC 27040 and then builds upon it, covering topics such as data classification, retention and preservation, data authenticity, and data disposition. As part of this expanded material, SNIA provides guidance and considerations that augment the existing storage security standard.
Download the white paper here.
SNIA on Data Governance & Security
Whitepaper:
Storage Security: Data Protection
Article:
Understanding Ransomware
More Information
