Imagine that confidential information unintentionally becomes accessible during the process of data integration and harmonization. Such information could contain corporate secrets or privacy information. Now imagine this happening in a carve-out or M&A scenario. Would your company be ready for this challenge?
During the 49th CC CDQ workshop, this topic was addressed in a breakout session entitled “Information security and privacy”. As a result, experts from different companies identified several challenges and requirements:
Aggregation of data may produce more information than just the sum of it, which may require stricter control.
There is a need for precise business process definitions and a robust data architecture.
To what extent employee information may be legally used is unclear.
Role management should be business oriented, not system oriented. But business oriented role management is not sufficiently supported by leading software solutions.
Approaches for information security and privacy must address “information objects”, which may also contain contextual metadata.
Following the discussion, the participants started to develop a shared terminology and possible approaches for solutions. CC CDQ members are invited to continue the discussion in the forum. If you are interested in the topic, you are welcome to join the breakout session "information security management" during the second day of the upcomming CC CDQ Workshop in Gottlieben.
For further information, please contact Clement Labadie.