Data Protection Policy / Kebijakan Perlindungan Data
Draft for review and discussion only / Draf untuk peninjauan dan pembahasan.
Purpose / Tujuan
This draft outlines the security and governance principles applied to approved dataset projects. / Draf ini menjelaskan prinsip keamanan dan tata kelola untuk proyek dataset yang disetujui.
Core controls / Kontrol utama
- Dataset-by-dataset approval
- Data minimization and purpose limitation
- Role-based access and audit logs
- Encryption in transit and at rest where implemented
- De-identification verification and human QA
- Incident response and secure deletion procedures
Important limitation / Batasan penting
Actual controls must be documented per project. Marketing claims must not exceed the controls actually implemented.