Closed dongately closed 3 years ago
This is the previous writup I did on PII handling principles that I posted in Slack https://docs.google.com/document/d/15g1zVyyJYLHLoCesaCuRD-Uvaa19KoFm5Sc_Y1ezr58/edit
It's not in your desired format, but we could probably reframe it into your desired format
Discussion for building risk assessment for holding PII. I'd like to focus on distilling this towards a format similar to:
Please be creative, threat analyze to your heart's content.
Project Decisions about PII, technical or non-technical - i.e. PDAP will do this approach to PII
Ex:
Thanks!