[anyonecancode]

Which gets back to the original point, that the real answer is to minimize how much data is held in the first place. Controls will always be insufficient to prevent breaches. Companies and organizations should keep less data, keep it for less time, and try harder to avoid collecting PII in the first place.

[gregw2]

I don't disagree with you but as someone who has thought a moderate amount about data security at a "bigco", I will point out something I haven't seen people really talk about...

Audit trails (of who did/saw what in a system) and PII-reduction (so you don't know who did what) are fundamentally at odds.

Assuming you are already handling "sensitive PII" SSNs/payroll/HIPPA/creditcard# data appropriately, which constitutes security best practice: PII-reduction or audit-reduction?

[tsimionescu]

Let's say the CEO agrees with you and is horrified of any amount of unnecessary data being stored.

How would they then enforce this in a large company with 50k programmers? This was what the previous post was discussing.

Not to mention, a lot of this data is necessary. If you're invoicing, you need to store the names and many other kinds of sensitive data of your customers, you are legally required to do so.

[josephg]

Culture change. The CEO can push for top down culture change to get people to care about this stuff. Make it their job to care. Engage their passion to care.

It’s not easy, but it can move the needle over time.

[thayne]

That is easier said than done. In order to achieve that effectively every employee that has any relation to data needs to be constantly vigilant in keeping PII to a minimum, and properly secured.

It is often much easier to use an email address or a SSN when a randomly generated id, or even a hash of the original data would work fine.

I'm not saying that we shouldn't put more effort into reducing the amount of data kept, but it isn't as simple as just saying "collect less data".

And sometimes you can't avoid keeping PII.