Lesson 16 Data Privacy and Documentation

Question 1

Information Life Cycle

Answer 1

Creation/Control
- data needs to be classified and tagged

Distribution/Use
- data is available to authorized and authenticated users including 3rd parties

Retention
- data is archived past the date when it is still used for regulatory reasons

Disposal
- data no longer needed, media storing data asset must be SANITIZED to remove any remnants

Question 2

PHI

Answer 2

Personal Health Information or protected health information

refers to medical and insurance records, as well as associated hospital and lab tests

extremely sensitive

Question 3

PII

Answer 3

Personally Identifiable Information

info that can identify, contact or locate an individual

can depend on context

Question 4

data owner

Answer 4

Manager/Senior role with the ultimately responsible for confidentiality, integrity, and availability (CIA) of the information asset

Responsibilities:

• labeling the asset
  
  • who should have access to the data
  • determine the criticality and sensitivity of data
• ensures data is protected with correct controls

Selects a steward and custodian of the data, directing their actions

sets the budget and resource allocation for controls

Question 5

data steward

Answer 5

Appointed by the data owner

Responsibilities:

• ensures data quality
  
  • labels/classifies the data
  • data has appropriate metadata
• ensures data is collected and stored in accordance with applicable laws and regs

Question 6

data custodian

Answer 6

Appointed by the Data Owner

Responsibilities:

• manages the system on which the data assets are stored
• enforces access control, encryption, and backup/recovery measures

Question 7

DPO

Answer 7

data privacy officer

Responsibilities:

• oversees any PII assets managed by the company
• ensures processing, disclosure, and retention of PII complies with legal and regulatory frameworks

Question 8

data controller

Answer 8

Institutional role

Responsibilities:

• determines why and how data is stored, collected and used
• ensures these purposes and methods are lawful
• responsible for privacy breach which can not transfer

Question 9

data processor

Answer 9

Institutional role

Assistant to the Data Controller and follows the instructions of a data controller with regard to collection or processing data

Responsibilities:
-assist with the technical collection, storage, and analysis tasks

Question 10

Data Classification based degree of confidentiality

Answer 10

Schema based on confidentiality required by the data
Public/unclassified - no restrictions on viewing
Confidential/secret - highly sensitive for viewing, possible NDA for 3rd parties
Critical/top secret - viewing is severely restricted

Question 11

Data Classification based on kind of info

Answer 11

Proprietary or intellectual property (IP) - company owned about their products or how it is made

Private/personal data - individual identification data

Sensitive - usually used in the context of personal data which could harm the person if made public or create prejudice against them

Question 12

Privacy Notices

Answer 12

must use informed consent to use the data collected

purpose must be clearly stated to the user

Purpose limitation will restrict ability to transfer the data to a 3rd party

Question 13

Data Protection Impact Assessment

Answer 13

A process designed to

• identify the risks of collecting and processing personal data in the context of a business workflow or project
• identify the mechanisms to mitigate these risks

Question 14

Data Retention

Answer 14

with regard to business policy or regulations this controls the length of time data can be retained

• may impact data archives and backups if PII is included
• may impact financial data and security logs

Question 15

Data Sovereignty

Answer 15

a jurisdiction preventing or restricting processing and storage from taking place on systems do not physically reside with in that jurisdiction

• may demand using location specific storage facilities in a cloud service
• for employees in different geographical locations needing data may need to validate their location prior to gaining access to the data

Question 16

Data Breach Consequences

Answer 16

Reputation damage
identity theft
Fines
Intellectual Property theft

Must provide notification of breach

Must escalate breach to senior decision makers

Question 17

Data Sharing Agreements

Answer 17

Service Level Agreement (SLA)

Interconnection Security Agreement (ISA)

NonDisclosure Agreement (NDA)

Data Sharing and Use Agreement
-mitigate the risk of reidentification (data used in combination with other data sets)

Question 18

Data minimization

Answer 18

A principle that data should only be processed and stored if that is necessary to perform the purpose for which it is collected

Also includes the principle of sufficiency or adequacy, meaning you should collect the data required for the stated purpose in a single transaction to which the subject can give clear consent. Do not collect data later on.

Question 19

Tokenization

Answer 19

A de-identification method where a unique token is substituted for real data

Non-destructive

Used as a substitute for encryption because from a regulatory perspective and encrypted field is the same value as the original data

Question 20

Anonymize

Answer 20

completely and permanently removing identifying data from a data set even when combined with other data sources

Question 21

Pseudo-annoymization

Answer 21

modifying or replacing identifying information s that reidentification depends on an alternate data source, which must be kept separate. With the other data source, this method can be reversed to recover the original data

Question 22

Aggregation/Banding

Answer 22

A deidentification technique to generalize the data such as substituting specific age wit ha broader age band

Question 23

Hashing and Salting

Answer 23

Hashing is used for two main purposes:

• an indexing method to speed ups searches and provide deidentified references to records
• as a storage method for data such as passwords where the original plaintext does not need to be retained

Salting adds an additional value stored with the hashed data field
-frustrates attempts to crack with tables

Question 24

Data masking

Answer 24

part or all of the contents of a data field in the data set are redacted by substituting strings with a new value
considered an irreversible deidentification technique
tokenization can be undone as need

Question 25

data @ rest

Answer 25

stored data, should be encrypted, full disk encryption or database encryption or file/folder level encryptions
file permissions are set
ACLs can be used to ensure authorized users can read/modify the data

Question 26

data in transit

Answer 26

data being sent across the network

needs to be protected by transport encryption protocol, like TLS or IPSec

Question 27

Data in use

Answer 27

in RAM or Data in a DB currently being modified

need to protect

Can use trusted execution environment (TEE) mechanisms which are able to encrypt data in memory

Question 28

data exfiltration

Answer 28

unauthorized copying or retrieval of a system

Many mechanisms but a few are:
removable media
network protocols
RAT to transfer data over non standard network port
oral communication
picture or video

Mitigation techniques

• all sensitive data is encrypted at rest
• create and maintain offsite backups
• implement access controls for storage or transmitting systems
• restrict types of network channels attacks can use to gain access to the network
• disconnect systems storing archived data from network
• train users in these methods of protecting sensitive data

Question 29

DLP

Answer 29

Data Loss Prevention (DLP) products which automate the discovery and classification of data types and enforcement of rules so that data is not viewed or transferred without proper authorization

Consists of components on the network

• Policy server
• Endpoint agents
• Network agents

Can be extended to cloud solutions via use of a proxy to mediate access or CSP API to perform scanning and policy enforment

Question 30

DLP Remediation

Answer 30

An action the DLP takes when a policy violation takes place
Alert Only - copy is allowed but alert an admin
Block - prevents copy
Quarantine - file is no longer accessible
Tombstone - file is quarantined and replaced with a file which tells the user how to recover the file

Question 31

Microsofts IRM

Answer 31

Information Rights Management (IRM)

• assign file permissions for different document roles, such as author, editor, reviewer
• restrict printing and forwarding of document, even when sent as an attachment
• restrict printing and forwarding of email messages

Works with Active Directory Right Management Services (RMS) or the cloud based Azure Information Protection