*Guides & Playbooks

Data Protection Principles

Financial companies need to collect and share sensitive information to run their everyday business. Members of SIFMA’s Data Protection Working Group have developed a set of principles for the protection of sensitive data that aligns to the Cyber Risk Institute’s Financial Services Cybersecurity Profile and the NIST Cybersecurity Framework.

Data collection: Limit the collection of sensitive data to that which is directly relevant and
necessary to accomplish a specified purpose
Data usage: Implement preventative and detective controls limiting access to sensitive
data to authorized users only
Data sharing: Develop policies to protect information when it needs to be shared with
external entities
Data Disposal: Securely eradicate, dispose, or destroy sensitive data when appropriate
Overarching Best Practices: Implement controls and policies to maintain a robust
information security environment

Resources

PDF

Readiness ExercisesNov 04, 2025
Quantum Dawn Cybersecurity Exercises
- Operational Resilience and Cybersecurity
Readiness ExercisesOct 25, 2025
Industry-Wide Business Continuity Test
- Operational Resilience and Cybersecurity
Guides & PlaybooksSep 05, 2025
Market Guide to the Implementation of SEC Rule 192
- Securitization and Housing Finance

Readiness ExercisesNov 04, 2025
Quantum Dawn Cybersecurity Exercises
- Operational Resilience and Cybersecurity
Readiness ExercisesOct 25, 2025
Industry-Wide Business Continuity Test
- Operational Resilience and Cybersecurity
Guides & PlaybooksSep 05, 2025
Market Guide to the Implementation of SEC Rule 192
- Securitization and Housing Finance