What practice should not be followed when storing confidential, sensitive, and/or personal data?

What practice should not be followed when storing confidential, sensitive, and/or personal data?

A.Keep personal information in the data files

B.Store signed consent forms separately from data

C.Encrypt data

D.Make data accessible only to authorized persons

E.Address storage during consent procedures

Answer: A.Keep personal information in the data files

To summarize, storing personal information in data files is one of the practices that should not be followed when dealing with confidential, sensitive, and/or personal data. This approach makes data security and privacy a problem because it reveals information that is otherwise adequately shielded. However, to avoid an individual’s information being easily identifiable, de-identification or pseudonymization of data is advised to be done. It also helps in avoiding nosing of personal information in case of leakage or breakage of the data as it is held separately. It also aids in following the regulations like GDPR which lays down importance on the minimization of data. On the one hand, personal data can be kept as separate files/records and main data set files can be labeled with codes/IDs that will serve as keys for linking of the data in case and only in cases where it is permitted by law.