5.5 Explain privacy and sensitive data concepts in relation to security. Flashcards
Information Life cycle
- Creation and receipt
– Create data internally or receive data
from a third-party - Distribution - Records are sorted and stored
- Use
– Make business decisions, create products
and services - Maintenance
– Ongoing data retrieval and data transfers - Disposition
– Archiving or disposal of data
PIA
Privacy impact assessment (PIA)
* Almost everything can affect privacy
– New business relationships, product updates, website
features, service offering
* Privacy risk needs to be identified in each initiative
– How could the process compromise customer privacy?
* Advantages
– Fix privacy issues before they become a problem
– Provides evidence of a focus on privacy
– Avoid data breach
– Shows the importance of privacy to everyone
Proprietary
Proprietary
– Data that is the property of an organization
– May also include trade secrets
– Often data unique to an organization
PII
PII - Personally Identifiable Information
– Data that can be used to identify an individual
– Name, date of birth, mother’s maiden name,
biometric information
PHI
PHI - Protected Health Information
– Health information associated with an individual
– Health status, health care records, payments for
health care, and much more
Public/Unclassified
No restrictions on viewing the data
Private/Classified/Restricted/Internal use only
Restricted access, may require a non-disclosure
agreement (NDA
Sensitive
Intellectual property, PII, PHI
Confidential
Very sensitive, must be approved to view
Critical
Data should always be available
Tokenization
Tokenization is a database de-identification method where all or part of data in a field is substituted with a randomly generated token. The token is stored with the original value, separate from the production database.
Replace sensitive data with a non-sensitive placeholder
– SSN 266-12-1112 is now 691-61-8539
* Common with credit card processing
– Use a temporary token during payment
– An attacker capturing the card numbers can’t use
them later
* This isn’t encryption or hashing
– The original data and token aren’t
mathematically related
– No encryption overhead
The token is stored in a vault
Data minimization
Minimal data collection
– Only collect and retain necessary data
* Included in many regulations
– HIPAA has a “Minimum Necessary” rule
– GDPR - “Personal data shall be adequate, relevant
and not excessive in relation to the purpose or
purposes for which they are processed.”
* Some information may not be required
– Do you need a telephone number or address?
* Internal data use should be limited
– Only access data required for the task
Anonymization
- Make it impossible to identify individual data
from a dataset
– Allows for data use without privacy concerns - Many different anonymization techniques
– Hashing, masking, etc. - Convert from detailed customer purchase data
– Remove name, address, change phone number
to ### ### ####
– Keep product name, quantity, total, and sale date - Anonymization cannot be reversed
– No way to associate the data to a user
Data masking
Data masking is a de-identification tactic that takes all or part of the contents of a data field and substitutes character strings with a simple character to conceal the Personally Identifiable Information (PII).
- Data obfuscation
– Hide some of the original data - Protects PII
– And other sensitive data - May only be hidden from view
– The data may still be intact in storage
– Control the view based on permissions - Many different techniques
– Substituting, shuffling, encrypting, masking out, etc.
Pseudo-anonymization
- Pseudonymization
– Replace personal information with pseudonyms
– Often used to maintain statistical relationships - May be reversible
– Hide the personal data for daily use or in case of breach
– Convert it back for other processes - Random replacement
– James Messer -> Jack O’Neill -> Sam Carter -> Daniel Jackson - Consistent replacements
– James Messer is always converted to George Hammond
