Lesson 16 Data Privacy and Documentation Flashcards
Information Life Cycle
Creation/Control
- data needs to be classified and tagged
Distribution/Use
- data is available to authorized and authenticated users including 3rd parties
Retention
- data is archived past the date when it is still used for regulatory reasons
Disposal
- data no longer needed, media storing data asset must be SANITIZED to remove any remnants
PHI
Personal Health Information or protected health information
refers to medical and insurance records, as well as associated hospital and lab tests
extremely sensitive
PII
Personally Identifiable Information
info that can identify, contact or locate an individual
can depend on context
data owner
Manager/Senior role with the ultimately responsible for confidentiality, integrity, and availability (CIA) of the information asset
Responsibilities:
- labeling the asset
- who should have access to the data
- determine the criticality and sensitivity of data
- ensures data is protected with correct controls
Selects a steward and custodian of the data, directing their actions
sets the budget and resource allocation for controls
data steward
Appointed by the data owner
Responsibilities:
- ensures data quality
- labels/classifies the data
- data has appropriate metadata
- ensures data is collected and stored in accordance with applicable laws and regs
data custodian
Appointed by the Data Owner
Responsibilities:
- manages the system on which the data assets are stored
- enforces access control, encryption, and backup/recovery measures
DPO
data privacy officer
Responsibilities:
- oversees any PII assets managed by the company
- ensures processing, disclosure, and retention of PII complies with legal and regulatory frameworks
data controller
Institutional role
Responsibilities:
- determines why and how data is stored, collected and used
- ensures these purposes and methods are lawful
- responsible for privacy breach which can not transfer
data processor
Institutional role
Assistant to the Data Controller and follows the instructions of a data controller with regard to collection or processing data
Responsibilities:
-assist with the technical collection, storage, and analysis tasks
Data Classification based degree of confidentiality
Schema based on confidentiality required by the data
Public/unclassified - no restrictions on viewing
Confidential/secret - highly sensitive for viewing, possible NDA for 3rd parties
Critical/top secret - viewing is severely restricted
Data Classification based on kind of info
Proprietary or intellectual property (IP) - company owned about their products or how it is made
Private/personal data - individual identification data
Sensitive - usually used in the context of personal data which could harm the person if made public or create prejudice against them
Privacy Notices
must use informed consent to use the data collected
purpose must be clearly stated to the user
Purpose limitation will restrict ability to transfer the data to a 3rd party
Data Protection Impact Assessment
A process designed to
- identify the risks of collecting and processing personal data in the context of a business workflow or project
- identify the mechanisms to mitigate these risks
Data Retention
with regard to business policy or regulations this controls the length of time data can be retained
- may impact data archives and backups if PII is included
- may impact financial data and security logs
Data Sovereignty
a jurisdiction preventing or restricting processing and storage from taking place on systems do not physically reside with in that jurisdiction
- may demand using location specific storage facilities in a cloud service
- for employees in different geographical locations needing data may need to validate their location prior to gaining access to the data
Data Breach Consequences
Reputation damage
identity theft
Fines
Intellectual Property theft
Must provide notification of breach
Must escalate breach to senior decision makers
Data Sharing Agreements
Service Level Agreement (SLA)
Interconnection Security Agreement (ISA)
NonDisclosure Agreement (NDA)
Data Sharing and Use Agreement
-mitigate the risk of reidentification (data used in combination with other data sets)
Data minimization
A principle that data should only be processed and stored if that is necessary to perform the purpose for which it is collected
Also includes the principle of sufficiency or adequacy, meaning you should collect the data required for the stated purpose in a single transaction to which the subject can give clear consent. Do not collect data later on.
Tokenization
A de-identification method where a unique token is substituted for real data
Non-destructive
Used as a substitute for encryption because from a regulatory perspective and encrypted field is the same value as the original data
Anonymize
completely and permanently removing identifying data from a data set even when combined with other data sources
Pseudo-annoymization
modifying or replacing identifying information s that reidentification depends on an alternate data source, which must be kept separate. With the other data source, this method can be reversed to recover the original data
Aggregation/Banding
A deidentification technique to generalize the data such as substituting specific age wit ha broader age band
Hashing and Salting
Hashing is used for two main purposes:
- an indexing method to speed ups searches and provide deidentified references to records
- as a storage method for data such as passwords where the original plaintext does not need to be retained
Salting adds an additional value stored with the hashed data field
-frustrates attempts to crack with tables
Data masking
part or all of the contents of a data field in the data set are redacted by substituting strings with a new value
considered an irreversible deidentification technique
tokenization can be undone as need
data @ rest
stored data, should be encrypted, full disk encryption or database encryption or file/folder level encryptions
file permissions are set
ACLs can be used to ensure authorized users can read/modify the data
data in transit
data being sent across the network
needs to be protected by transport encryption protocol, like TLS or IPSec
Data in use
in RAM or Data in a DB currently being modified
need to protect
Can use trusted execution environment (TEE) mechanisms which are able to encrypt data in memory
data exfiltration
unauthorized copying or retrieval of a system
Many mechanisms but a few are: removable media network protocols RAT to transfer data over non standard network port oral communication picture or video
Mitigation techniques
- all sensitive data is encrypted at rest
- create and maintain offsite backups
- implement access controls for storage or transmitting systems
- restrict types of network channels attacks can use to gain access to the network
- disconnect systems storing archived data from network
- train users in these methods of protecting sensitive data
DLP
Data Loss Prevention (DLP) products which automate the discovery and classification of data types and enforcement of rules so that data is not viewed or transferred without proper authorization
Consists of components on the network
- Policy server
- Endpoint agents
- Network agents
Can be extended to cloud solutions via use of a proxy to mediate access or CSP API to perform scanning and policy enforment
DLP Remediation
An action the DLP takes when a policy violation takes place
Alert Only - copy is allowed but alert an admin
Block - prevents copy
Quarantine - file is no longer accessible
Tombstone - file is quarantined and replaced with a file which tells the user how to recover the file
Microsofts IRM
Information Rights Management (IRM)
- assign file permissions for different document roles, such as author, editor, reviewer
- restrict printing and forwarding of document, even when sent as an attachment
- restrict printing and forwarding of email messages
Works with Active Directory Right Management Services (RMS) or the cloud based Azure Information Protection