Need help with your Assignment?

Get a timely done, PLAGIARISM-FREE paper
from our highly-qualified writers!

Implementation Strategy for Privacy and Security of Information

Implementation Strategy for Privacy and Security of Information

The increased attention to data privacy has necessitated developing and implementing different regulations, such as the General Data Protection Regulation (GDPR). This has served to increase the need for companies to know how they can go about implementing data protection and best privacy practices before the occurrence of a breach or being exposed to a hefty fine as a result of non-compliance. An implementation strategy for the privacy and security of information is based on the five steps that will be explained in this paper.

Do you need an original copy of “Implementation Strategy for Privacy and Security of Information “ ?Get in touch with us.

The first step of the implementation strategy involves recording the data’s inventory. The asset inventory and maps dictate the privacy and security of information. In this regard, data sets should provide valuable information about the data collected and where it is stored and transmitted. It is also important for the third parties with access to this data to be aware. These types of mappings are important because it helps an organization to have a clear view of how the data flows from one location to another (Bu et al., 2020, p. 465). During this phase, organizations should take stock of servers, devices, and cloud services used in data collection, storage, and transmission. The organization should also ensure that it includes information being stored on mobile devices and personal devices as well as hard drives and flash drives (Bu et al., 2020, p. 533). This is vital as it necessitates meeting subject data requirements, training opportunities, identifying employee-related risks, and fostering proper data security management.

The second phase in designing an implementation strategy relates to minimizing the data an organization keeps. In this regard, less data indicates fewer opportunities for hackers to capitalize on. The collected data should be limited to only the minimum necessary information required to meet the intended purposes. Personally identifiable information should only be held for as long as the information can be used to meet the required tasks (Bu et al., 2020, p. 657). The best practice in this phase is that the organization should only collect the required information. If personal information not required for the intended purpose has been gathered, the organization should scrub data sets to remove these data fields. This is important because holding personal data increases the risk of a data breach. However, if the amount of data stored is minimal, the risk of personal information fraud is substantially reduced.

Because of a high-level design plan, the third phase of the implementation strategy relates to safeguarding data with a trifecta of controls. Organizations must implement physical, technical, and administrative controls to safeguard personal information from loss. These safeguards also reduce the risk of unauthorized access, data damage, or alteration (Tawalbeh et al., 2020, p. 736). In this regard, a simple compromise often begins at the ground level through physical access. The breaches may involve unauthorized access to stored documents, files being left in an unlocked cabinet, or a public printer. Some of the measures that can be adopted in this phase to guarantee the privacy of information relating to storing physical drives in locked cabinets, training employees on the importance of keeping their computers locked when they are not working on them, and developing access restrictions for all the employees in an organization as far as using the network is concerned (Tawalbeh et al., 2020, p. 745).

The fourth and fifth phases are that the organization should avoid making its data “trash” another person’s treasure and be proactive in its endeavours. An organization can prevent a situation where its data “trash” is another person’s treasure by ensuring that personally identifiable information is securely stored and that data disposal occurs more appropriately. Furthermore, the organization should ensure that it wipes data from devices, flash drives, and hard drives before setting off its disposal procedures (Tawalbeh et al., 2020, p. 849). Lastly, being proactive entails developing and implementing an incident response plan. Senior staff in the organization should be allocated the role of coordinating these response efforts and keeping a written document that indicates the contingency plan to be taken to ensure that operations are maintained. It is vital for an organization to have a strategic incident response plan as it fosters swift response, reduces the negative impacts on the operations of the business, and reduces the risks associated with additional expenses.


Bu, F., Wang, N., Jiang, B., & Liang, H. (2020). “privacy by design” implementation: Information system engineers’ perspective. International Journal of Information Management, 53, 102124.

Tawalbeh, L., Muheidat, F., Tawalbeh, M., & Quwaider, M. (2020). IoT privacy and security: Challenges and solutions. Applied Sciences, 10(12), 4102.


We’ll write everything from scratch


Implementation Strategy for Privacy and Security of Information

Implementation Strategy for Privacy and Security of Information

Create a 2- to 3-page MS Word report detailing the following:

Design an implementation strategy for the privacy and security of information.
Consider a bird’s eye view and develop a high-level design plan. Tip: Think of a high-level, overarching approach. Avoid getting too tactical.

Cite any sources to support your assignment.

Format your citations according to APA guidelines.

Order Solution Now