Help Center/ Well-Architected Framework/ Well-Architected Framework and Practices/ Security Pillar/ Data Security and Privacy Protection/ SEC08 Data Privacy Protection/ SEC08-01 Specifying Privacy Protection Policies and Principles
Updated on 2025-05-22 GMT+08:00
View PDF
Share

SEC08-01 Specifying Privacy Protection Policies and Principles

It refers to the general policies and principles established and adhered to in the protection of personal privacy data.

  • Risk level

    High

  • Key strategies

    Specify the classification and impact of personal data. Personal data includes the natural person's email address, phone number, biometric identifiers (such as fingerprints), location data, IP address, medical information, religious belief, social security number, and marital status. Based on impact level, personal data can be categorized into high-impact, medium-impact, and low-impact personal data (as listed in the following table).

    Impact Level

    Description

    High Impact

    Improper disclosure of such data may violate laws and pose serious adverse impacts on the company's reputation, finance, or operations and pose major negative impacts on the entity of personal data. For example, ID number and fingerprints.

    Medium Impact

    Improper disclosure may have serious adverse impact on the company and result in a major adverse impact on the data subject. Personal data at this level includes account, address, and age.

    Low Impact

    Improper disclosure of such data will pose certain impacts, which are controllable to the company, and minor impacts on the subject of personal data, for example, gender.
    Factors that affect the privacy risk level include: personal data level (high, medium, or low), whether the data subject can be directly or indirectly identified, data volume, data attributes (for example, the disease history is more sensitive than the phone number), whether other data can be associated in the storage area, purposes of personal data collection/storage/processing/disclosure (for example, statistical analysis, research, tax management, and legal requirements), and role (controller/processor/equipment supplier).
    • Sensitive personal data is strictly protected. Generally, sensitive personal data includes life information (such as racial or ethnic origin and political opinions), identity information (such as ID card number and social security number), property information (such as bank account information and deposit information), health information (such as medical history, and diagnosis and treatment information), biometric feature information (such as fingerprint and iris), and other information (such as precise location information).
    • Specify the roles involved in personal data, including data subjects, data controllers, data processors, and third parties.
    • Specify privacy protection principles and comply with the principles of legitimacy, transparency, and security.
      • Lawfulness, fairness and transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject.
      • Purpose limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
      • Data minimization: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. Personal data shall be anonymized or pseudonymized wherever possible to reduce the risks to data subjects concerned.
      • Accuracy: Personal data shall be accurate and, where necessary, kept up to date. Every reasonable step shall be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.
      • Storage period minimization: Personal data shall be kept for no longer than the period that is necessary to achieve the purposes for which it is processed.
      • Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against accidental or unlawful destruction, loss, and alteration or unauthorized access and disclosure, using appropriate technical or organizational measures based on the state of the art, the implementation costs, and the impact and likelihood of privacy risk.
      • Accountability: The data controller shall be responsible for, and be able to demonstrate compliance with the aforesaid principles.
    • Privacy protection shall be implemented throughout the full lifecycle of personal data. Each phase of the personal data lifecycle shall have corresponding privacy protection requirements, and mitigation measures shall be developed based on privacy risks in different phases.