"If you do not need that information, you need to destroy it because it represents a risk to the organizations everyday that you keep it." says Miller, principal and national practice leader for cybersecurity and privacy at the business and financial services advisory company.
Destroying unneeded data is one of the six components of a data security lifecycle that also includes creating, storing, using, sharing and archiving data.
In an interview with Information Security Media Group, Miller says organizations should:
- Classify data so they know what to protect. "We're not talking about a very sophisticated or complicated classification schema," he says. "I'm really talking about just a few buckets of, if you will, or categories of data."
- Understand that not all data are created equal. "E-mails between two colleagues shouldn't be secured same way as financial reports," Miller says.
- Divvy the responsibilities to manage the lifecycle among technical, security and business organizations. "It's not a difficult thing to educate business data owners ... how to do this," he says.
Miller joined Grant Thornton in 2004, and has served as principal and national practice leader for cybersecurity and privacy for nearly 4½ years. Before joining Grant Thornton, Miller was at partner at a consulting firm where he was responsible for all client delivery operations, quality assurance and information technology.