A common information security principle is that a person or organisation should be able to access the personal data for which they are responsible or accountable. The EU’s GDPR refers to data security as the ability to ensure the ‘ongoing confidentiality, integrity, availability and resilience’ of data processing systems, as well as the need to secure the ‘availability, authenticity, integrity and confidentiality’ of personal data. This builds on established industry standards – often summarised in the CIA Triad model – in which availability is a key element of secure system design.

See also: DATA CONTROLLER

Reference & Dictionaries