Chapter 4: Information Management from a U.S. Perspective Flashcards
What types of risks should be considered when using PI ?
- Legal Risks
- Reputation Risks
- Operational Risks
- Investment Risks
What do the Legal Risks stem from?
Failure to comply with applicable law, contractual commitments, privacy promises, and industry standards.
What do the Reputational Risks stem from?
Legal enforcement and if they announce privacy policies but do not carry them out. .
What do the Operational Risks stem from?
Administrative efficiency and cost effectiveness.
What do the Investment Risks stem from?
The ability to receive an appropriate return on it investments in information, information technology, etc.
What are the 4 basic steps for Information Management?
- Discover
- Build
- Communicate
- Evolve
Discover
- Issue identification and self-assessment
- Determine the best practices
Build
- Procedure development and verification
- Full implementation
Communicate
- Documentation
- Education
Evolve
- Affirmation and monitoring
- Adaptation
What should practices and controls that organizations use for managing PI address?
- Data Inventory
- Data Classification
- Documenting Data Flows
- Determining Data Accountability
What does Data Inventory involve?
An inventory of the PI (employee and customer) that the organization collects, stores, uses, or discloses. It should document data location and flow as well as evaluate how, when, and with whom the organization shares such information - and the means for data transfer used.
What does Data Classification involve?
Classifying data according to its level of sensitivity. It should define the clearance of individuals who can access or handle the data, as well as the baseline level of protection that is appropriate for that data.
What does Documenting Data Flows involve?
The mapping and documenting of the systems, applications, and processes handling data.
What does Determining Data Accountability involve?
The responsibility to assure compliance with privacy laws and policies.