# O3.6 Establish multi-layered security controls to protect data throughout its lifecycle

{% tabs %}
{% tab title="Principle" %}
[O3 Ensure data privacy by design](/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design.md)
{% endtab %}

{% tab title="Risk" %}
[RI4 Disempowerment](/safeguards/universal-dpi-safeguards-framework/risks/risks-to-inclusion.md)

[SV4 Technical shortcomings](/safeguards/universal-dpi-safeguards-framework/risks/risks-to-structural-vulnerabilities.md)

[RS1 Privacy Vulnerability ](/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety.md)
{% endtab %}

{% tab title="Lifecycle Stage" %}
[L2 Strategy and Design](/safeguards/universal-dpi-safeguards-framework/responsible-authorities/r3-donor/l2-strategy-and-design-old.md)
{% endtab %}
{% endtabs %}

## Practices

> * Use best security practices, including enabling 2FA by default for users (and/or combining such practices with automated fraud detection practices to detect anomalous activity).
> * Implement encryption protocols that protect all data throughout its transmission and storage. Example: How Estonian xRoad is secured (data storage)

## Resources

<table data-view="cards"><thead><tr><th></th><th></th><th></th></tr></thead><tbody><tr><td></td><td><mark style="color:yellow;"><strong>Case Study</strong></mark></td><td>( to come soon..)</td></tr><tr><td></td><td><mark style="color:yellow;"><strong>References</strong></mark></td><td><a href="https://www.dhs.gov/privacy-impact-assessments">Department of Homeland Security. Privacy Impact Assessments.</a></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o3.6-establish-multi-layered-security-controls-to-protect-data-throughout-its-lifecycle.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.