Data Protection Principles

Financial companies need to collect and share sensitive information to run their everyday business. Members of SIFMA’s Data Protection Working Group have developed a set of principles for the protection of sensitive data that aligns to the Cyber Risk Institute’s Financial Services Cybersecurity Profile and the NIST Cybersecurity Framework.

Data collection: Limit the collection of sensitive data to that which is directly relevant and
necessary to accomplish a specified purpose

Data usage: Implement preventative and detective controls limiting access to sensitive
data to authorized users only

Data sharing: Develop policies to protect information when it needs to be shared with
external entities

Data Disposal: Securely eradicate, dispose, or destroy sensitive data when appropriate

Overarching Best Practices: Implement controls and policies to maintain a robust
information security environment

Download Principles

Resources

PDF
Data Protection Principles

Download Data Protection Principles
Cybersecurity Resources
Privacy & Data Protection Resources