Data encryption and minimization required
For any restricted transaction, as per data-level requirements, adopting data minimization and obfuscation techniques has been proposed.
“Apply data minimization and data masking strategies to reduce the need to collect, or sufficiently obfuscate, respectively, covered data to prevent visibility into that data, without precluding the US persons engaging in restricted transactions from conducting operations with the data,” CISA added.
CISA recommended techniques including aggregation, pseudonymization, de-identification, or anonymization for processing data so that the data is not linkable to US person entities while it is accessed by a country of concern.
