Sensitive data requires careful consideration and adherence to best practices to ensure its confidentiality, integrity, and availability. Essential steps in handling sensitive data are identification and classification of sensitive data, implementation of data access control, encryption of sensitive data, secure storage and transmission, implementation of data breach response plan, backup and monitoring usage of data, complying with regulation, and disposing of data securely. Misconduct in handling sensitive data can compromise data confidentiality, integrity, and availability. These include data breaches (unauthorised access or disclosure, theft, insider threats, falsification, fabrication, imputation, and amputation of data), failure to comply with data protection regulations, inadequate data security practices, improper retention and disposal of data, and failure to report data breaches and incidents. This lecture will present how to manage sensitive data, desensitise it, and which are the most common breaches in handling sensitive data incidents.
