Chapter 4: Information Management Flashcards
Data governance
Data handling practices are consistent with policies
PII
Information that uniquely identifies a person
PHI
Medical records
Financial Information
Personal financial records
Government information
Maybe subject to rules like data classification
Data classification
Categories of data based on sensitivity
Top Secret
Highest classification. Highest degree of protection
Unclassified information
Lowest classification. Still requires permission to release
Data flow mapping
Tracks how data is received, handled, shared, and disposed
Data flow mapping produces
Data flow diagrams
Data flow diagrams
Shows how data moves through a system/organization
Data minimization
Collecting the minimum data necessary
Purpose limitation
Data only used for original purpose that was consented
Data retention
Data is only kept as long as it remains necessary to fulfil the consented collection reason. Then it should be securely destroyed.
FACTA
Fair and Accurate Credit Transactions Act
FACTA disposal requirement
Reasonable measures to protect against unauthorized access or use of consumer information
FACTA disposal best practices
Policies and compliance monitoring
Contracting a records destruction service
Certificate of Destruction
Security event
An observable occurrence
Adverse event
Event that has negative consequences
Security incident
Violation or imminent violation of security policies or practices
Security playbooks
Step by step procedure to respond to incidents
Master Services Agreement
Umbrella contract. Includes security & privacy requirements
SOW
Project specific details
SLA
Conditions of service and remedies
MOU
Letter documenting aspects of a relationship
Business Partnership Agreement
Two orgs agree to do business in a partnership and may specify division of profits.
