SNIA Developer Conference September 15-17, 2025 | Santa Clara, CA
Data Protection & Privacy Committee (DPPC)
The DPPC exists to further the awareness and adoption of data protection technology, and to provide education, best practices and technology guidance on all matters related to the protection and privacy of data.
Data Privacy and Why It Matters
Failing to protect sensitive information can put a lot of people at risk of being exploited by cybercriminals, and can make a company face enormous legal penalties.The way information is shared and stored can put the information at risk. It is risky to store personal information on portable devices, which are easily lost or stolen. In addition, the consequences of a data breach can be devastating. Identity theft could lead to financial losses, and a company could face lawsuits and legal penalties. This presentation covers what kinds of personal information must be protected & guidelines for keeping this info safe.
Technical Work
The SNIA Storage Security TWG just released the new Storage Security:
Data Protection whitepaper that provides an overview of data protection and the associated guidance for the ISO/IEC 27040:2015 (Information technology - Security techniques - Storage security), which is a standard that provides detailed technical guidance on controls and methods for securing storage systems and ecosystems. Data protection is an essential element of storage security that can be nuanced, depending on industry requirements (e.g., storage, security, and privacy). This can be seen in the ISO/IEC 27040 (Storage security) standard, which while not directly addressing data protection, does identify relevant security controls. To raise awareness of data protection, this whitepaper highlights the relevant data protection guidance from ISO/IEC 27040 and then builds upon it, covering topics such as data classification, retention and preservation, data authenticity, and data disposition. As part of this expanded material, SNIA provides guidance and considerations that augment the existing storage security standard.
SNIA on Data Governance & Security
White Papers and Reports
Data Protection Best Practices
October 2017
Industry Advisory 2022 #3 - ISO 27000 Series Storage Security Standard
May 2022
Industry Advisory 2022 #2 - ISO 27040 Storage Security Standard
May 2022
Industry Advisory 2022 #1 - IEEE2883 Media Sanitization Standard
March 2022
Data protection encompasses much more than backup and recovery techniques, extending to issues related to data corruption and data loss, data accessibility and availability, data confidentiality, and compliance. This SNIA technical white paper covers factors to consider when it comes to data protection at the storage level and offers detailed best practices.