Lesson 16 Flashcards
Privacy
Privacy
•Personal data about data subjects
•Compliance with regulations
•Rights of data subjects
While data security is important, privacy is an equally vital factor. Privacy is a data
governance requirement that arises when collecting and processing personal data.
Personal data is any information about an identifiable individual person, referred
to as the data subject. Where data security controls focus on the CIA attributes of
the processing system, privacy requires policies to identify private data, ensure that
storage, processing, and retention is compliant with relevant regulations, limit access
to the private data to authorized persons only, and ensure the rights of data subjects to
review and remove any information held about them are met.
Information life cycle management
Information life cycle management •Creation/collection (classification) •Distribution/use •Retention •Disposal
An information life cycle model identifies discrete steps to assist security and privacy
policy design. Most models identify the following general stages:
• Creation/collection—data may be generated by an employee or automated system,
or it may be submitted by a customer or supplier. At this stage, the data needs to be
classified and tagged.
• Distribution/use—data is made available on a need to know basis for authorized
uses by authenticated account holders and third parties.
• Retention—data might have to be kept in an archive past the date when it is still
used for regulatory reasons.
• Disposal—when it no longer needs to be used or retained, media storing data assets
must be sanitized to remove any remnants.
Data Governance
A data governance policy describes the security controls that will be applied to protect
data at each stage of its life cycle. There are important institutional governance roles
for oversight and management of information assets within the life cycle:
Data owner
•Ultimate responsibility
Data steward
•Data quality and oversight
Data custodian
•Information systems management
Data privacy officer (DPO)
•Oversight of personally identifiable information (PII) assets
Organizational roles in privacy legislation
•Data controllers and data processors
- Data controller—the entity responsible for determining why and how data is
stored, collected, and used and for ensuring that these purposes and means are
lawful. The data controller has ultimate responsibility for privacy breaches, and is
not permitted to transfer that responsibility. - Data processor—an entity engaged by the data controller to assist with technical
collection, storage, or analysis tasks. A data processor follows the instructions of a
data controller with regard to collection or processing.
Data owner
Data owner
•Ultimate responsibility
Data steward
Data steward
•Data quality and oversight
this role is primarily responsible for data quality. This involves tasks
such as ensuring data is labeled and identified with appropriate metadata and that
data is collected and stored in a format and with values that comply with applicable
laws and regulations.
Data custodian
Data custodian
•Information systems management
this role handles managing the system on which the data assets
are stored. This includes responsibility for enforcing access control, encryption, and
backup/recovery measures.
Data privacy officer (DPO)
Data privacy officer (DPO)
•Oversight of personally identifiable information (PII) assets
Organizational roles in privacy legislation
•Data controllers and data processors
• Data controller—the entity responsible for determining why and how data is
stored, collected, and used and for ensuring that these purposes and means are
lawful. The data controller has ultimate responsibility for privacy breaches, and is
not permitted to transfer that responsibility.
• Data processor—an entity engaged by the data controller to assist with technical
collection, storage, or analysis tasks. A data processor follows the instructions of a
data controller with regard to collection or processing.
Data controller and processor tend to be organizational roles rather than individual
ones.
Data Classifiations
Public (unclassified)
•No confidentiality, but integrity and availability are important
Confidential (secret)
•Subject to administrative and/or technical access controls
Critical (top-secret)
Proprietary
•Owned information of commercial value
Private/personal data
•Data that can identify an individual
Sensitive
•Special categories of personal data, such as beliefs, ethnic origin, or sexual orientation
Public (unclassified)
Public (unclassified)
•No confidentiality, but integrity and availability are important
Confidential (secret)
Confidential (secret)
•Subject to administrative and/or technical access controls
the information is highly sensitive, for viewing only by
approved persons within the owner organization, and possibly by trusted third
parties under NDA.
Critical (top-secret)
Critical (top-secret)
the information is too valuable to allow any risk of its capture.
Viewing is severely restricted.
Proprietary (IP)
Proprietary (IP)
•Owned information of commercial value
Private/personal data
Private/personal data
•Data that can identify an individual
Sensitive
Sensitive
•Special categories of personal data, such as beliefs, ethnic origin, or sexual orientation
Data Types
Personally identifiable information (PII)
•Data that can be used to identify, contact, or locate an individual
Customer data
•Institutional information
•Personal information about the customer’s employees
Health information
•Medical and insurance records and test results
Financial information
•Data held about bank and investment accounts, plus information such as payroll and tax returns
Government data
•Legislative requirements
Privacy Legistlation and regulation
Legislation and regulations
•General Data Protection Regulation (GDPR)
•Rights of data subjects]
Data owners should be aware of any legal or regulatory issues that impact collection
and processing of personal data. The right to privacy, as enacted by regulations such
as the EU’s General Data Protection Regulation (GDPR), means that personal data
cannot be collected, processed, or retained without the individual’s informed consent.
GDPR (ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-generaldata-
protection-regulation-gdpr) gives data subjects rights to withdraw consent, and to
inspect, amend, or erase data held about them.
GDPR
The right to privacy, as enacted by regulations such
as the EU’s General Data Protection Regulation (GDPR), means that personal data
cannot be collected, processed, or retained without the individual’s informed consent.
GDPR (ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-generaldata-
protection-regulation-gdpr) gives data subjects rights to withdraw consent, and to
inspect, amend, or erase data held about them.
Privacy notices
Privacy notices
•Purpose of collecting personal information
•Consent to declared uses and storage
nformed consent means that the data must be collected and processed only for
the stated purpose, and that purpose must be clearly described to the user in plain
language, not legalese. This consent statement is referred to as a privacy notice. Data
collected under that consent statement cannot then be used for any other purpose.
For example, if you collect an email address for use as an account ID, you may not send
marketing messages to that email address without obtaining separate consent for that
discrete purpose.
Purpose limitation
Purpose limitation will also restrict your ability to transfer data tothird parties.
Privacy Impact Assessment
Impact assessments
•Assess and mitigate risks from collecting personal data
Tracking consent statements and keeping data usage in compliance with the consent
granted is a significant management task. In organizations that process large amounts
of personal data, technical tools that perform tagging and cross-referencing of
personal data records will be required. A data protection impact assessment is a
process designed to identify the risks of collecting and processing personal data in the
context of a business workflow or project and to identify mechanisms that mitigate
those risks.
Data Retention
Data retention refers to backing up and archiving information assets in order to comply
with business policies and/or applicable laws and regulations. To meet compliance
and e-discovery requirements, organizations may be legally bound to retain certain
types of data for a specified period. This type of requirement will particularly affect
financial data and security log data. Conversely, storage limitation principles in privacy legislation may prevent you from retaining personal data for longer than is necessary.
This can complicate the inclusion of PII in backups and archives.
Data sovereignty
Data sovereignty
•Jurisdiction that enforces personal data processing and storage regulations
Data sovereignty refers to a jurisdiction preventing or restricting processing and
storage from taking place on systems do not physically reside within that jurisdiction.
Data sovereignty may demand certain concessions on your part, such as using locationspecific
storage facilities in a cloud service.
Geographical considerations
Geographical considerations
•Select storage locations to mitigate sovereignty issues
•Define access controls on the basis of client location
Geographic access requirements fall into two different scenarios:
• Storage locations might have to be carefully selected to mitigate data sovereignty
issues. Most cloud providers allow choice of data centers for processing and
storage, ensuring that information is not illegally transferred from a particular
privacy jurisdiction without consent.
• Employees needing access from multiple geographic locations. Cloud-based file and
database services can apply constraint-based access controls to validate the user’s
geographic location before authorizing access.
