Information Life Cycle

35 Exposures

COLLECTION

  • No consent given
  • Illegal/Unfair/Excessive collection
  • Forced Consent/No choice
  • Prohibition of consent
  • Unsecured collection
  • Misleading purpose
  • Unauthorised secondary purpose
  • Indiscreet concersation
  • Tracking of usage

USAGE

  • Illegal access/usage
  • Sales of data
  • Negligent usage/Misuse
  • Invasion of privacy/analytics
  • Error in processing
  • Inaccurate/Outdated data
  • Data/Account hacked
  • Phishing
  • Identity theft
m

STORAGE/DISPOSAL

  • Lost archives
  • Loss of data
  • Improper disposal
  • Unlimited retention
  • Unsecured data
  • Virus/Malware
  • Data compromised
  • Lost device
  • Unprotected device

DISCLOSURE/TRANSFER

  • Social engineering
  • Unauthorised disclosure
  • Misrepresentation
  • Confidentiality breached
  • Cross-border violation
  • Illegal access
  • Denial of access
  • Insecure transmissions

Physical Audit
A simple physical audit at your organisation might highlight some of these exposures. Some of the common risks as below:

  • Submissions box – is it securely locked?
  • Sign-in books – are the personal data of the visitors exposed?
  • In/Out trays – any sensitive information easily accessible to anyone who walks past your table?
  • Work desks – any confidential information lying around (paper or portable drives), with no lock or password protection?
  • Scanners/copiers/fax machines – are there any sensitive documents unattended or forgotten?
  • Key press – how accessible are the keys?
  • File cabinets – are confidential documents locked, or are the keys still in the keyholes?
  • Recycle/waste bins – are the sensitive documents shredded, are there personal documents in the recycle bin available for reuse?