5.8 Carry out data security and privacy practices Flashcards
Data destruction and media sanitization
A
Degaussing
exposing the disk to a powerful electromagnet disrupts the magnetic pattern that stores the data on the disk surface
Purging
removing the confidential information but leaving the media intact for reuse
Data sensitivity labeling and handling
The process of managing information over its lifecycle (from creation to destruction)
Confidential
The information is highly sensitive, for viewing only by approved persons within the organization (and possibly by trusted third parties under NDA).
Private
Viewing is restricted to the owner organization or to third parties under an NDA.
Public
There are no restrictions on viewing the document.
PII
(personally identifiable information) Data that can be used to identify or contact an individual (or in the case of identity theft, to impersonate them).
PHI
(protected health information) Information that identifies someone as the subject of medical and insurance records, plus associated hospital and laboratory test results.
Data Owner
A senior (executive) role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of the information asset.
Data Steward/custodian
This role is primarily responsible for data quality. This involves tasks such as ensuring data is labelled and identified with appropriate metadata and that data is collected and stored in a format and with values that comply with applicable laws and regulations.
Privacy officer
This role is responsible for oversight of any personally identifiable information (PII) assets managed by the company. The privacy officer ensures that the processing and disclosure of PII complies with legal and regulatory frameworks.
Data retention
The process of an organization maintaining the existence of and control over certain data in order to comply with business policies and/or applicable laws and regulations.
