5.5 Explain privacy and sensitive data concepts in relation to security. Flashcards
Information Life cycle
- Creation and receipt
– Create data internally or receive data
from a third-party - Distribution - Records are sorted and stored
- Use
– Make business decisions, create products
and services - Maintenance
– Ongoing data retrieval and data transfers - Disposition
– Archiving or disposal of data
PIA
Privacy impact assessment (PIA)
* Almost everything can affect privacy
– New business relationships, product updates, website
features, service offering
* Privacy risk needs to be identified in each initiative
– How could the process compromise customer privacy?
* Advantages
– Fix privacy issues before they become a problem
– Provides evidence of a focus on privacy
– Avoid data breach
– Shows the importance of privacy to everyone
Proprietary
Proprietary
– Data that is the property of an organization
– May also include trade secrets
– Often data unique to an organization
PII
PII - Personally Identifiable Information
– Data that can be used to identify an individual
– Name, date of birth, mother’s maiden name,
biometric information
PHI
PHI - Protected Health Information
– Health information associated with an individual
– Health status, health care records, payments for
health care, and much more
Public/Unclassified
No restrictions on viewing the data
Private/Classified/Restricted/Internal use only
Restricted access, may require a non-disclosure
agreement (NDA
Sensitive
Intellectual property, PII, PHI
Confidential
Very sensitive, must be approved to view
Critical
Data should always be available
Tokenization
Tokenization is a database de-identification method where all or part of data in a field is substituted with a randomly generated token. The token is stored with the original value, separate from the production database.
Replace sensitive data with a non-sensitive placeholder
– SSN 266-12-1112 is now 691-61-8539
* Common with credit card processing
– Use a temporary token during payment
– An attacker capturing the card numbers can’t use
them later
* This isn’t encryption or hashing
– The original data and token aren’t
mathematically related
– No encryption overhead
The token is stored in a vault
Data minimization
Minimal data collection
– Only collect and retain necessary data
* Included in many regulations
– HIPAA has a “Minimum Necessary” rule
– GDPR - “Personal data shall be adequate, relevant
and not excessive in relation to the purpose or
purposes for which they are processed.”
* Some information may not be required
– Do you need a telephone number or address?
* Internal data use should be limited
– Only access data required for the task
Anonymization
- Make it impossible to identify individual data
from a dataset
– Allows for data use without privacy concerns - Many different anonymization techniques
– Hashing, masking, etc. - Convert from detailed customer purchase data
– Remove name, address, change phone number
to ### ### ####
– Keep product name, quantity, total, and sale date - Anonymization cannot be reversed
– No way to associate the data to a user
Data masking
Data masking is a de-identification tactic that takes all or part of the contents of a data field and substitutes character strings with a simple character to conceal the Personally Identifiable Information (PII).
- Data obfuscation
– Hide some of the original data - Protects PII
– And other sensitive data - May only be hidden from view
– The data may still be intact in storage
– Control the view based on permissions - Many different techniques
– Substituting, shuffling, encrypting, masking out, etc.
Pseudo-anonymization
- Pseudonymization
– Replace personal information with pseudonyms
– Often used to maintain statistical relationships - May be reversible
– Hide the personal data for daily use or in case of breach
– Convert it back for other processes - Random replacement
– James Messer -> Jack O’Neill -> Sam Carter -> Daniel Jackson - Consistent replacements
– James Messer is always converted to George Hammond
Data Controller
– Manages the purposes and means by which
personal data is processed
Data processor
– Processes data on behalf of the data controller
– Often a third-party or different group
Data custodian/steward
– Responsible for data accuracy, privacy, and security
– Associates sensitivity labels to the data
– Ensures compliance with any applicable laws
and standards
– Manages the access rights to the data
– Implements security controls
Data protection officer(DPO)
– Responsible for the organization’s data privacy
– Sets policies, implements processes and procedure
Impact assessment
An impact assessment identifies risks and vulnerabilities and the potential impact they could cause an organization or information technology asset. The assessment further identifies methods to limit or mitigate the risks.
