How many times have you heard the following?
“First classify the data into internal, confidential, secret, etc. This determines how the data should be handled. Then assign a data owner who must approve who has access to the data and what they can do with them. Oh, and by the way, the data owner assumes the risk related to inappropriate disclosure and use of his or her data.”
Well, there is only one thing wrong with the above – everything! In the next three columns we will discuss the many fallacies contained in these common assertions.