Privacy and Data Sensitivity Breach and Data types Flashcards
What are the organizational consequences of privacy breach?
- Reputation damage
- Identity theft
- Fines
- IP theft
What is the requirement for notification of breach?
- Secure your operations
- Fix vulnerabilities
- Notify Appropriate Parties
- Determine your legal requirements
- Notify Law enforcement
- Notify Affected businesses
- Notify individuals
What if in involved PHI in the breach?
Health breach notification rule - must notify the FTC and in some cases, the media.
HIPAA breach notification rule - must notify the secretary of the U.S department of health and human services and in some cases the media
What constitute a breach of personal data under the GDPR?
Personal data means any information realted to an individual that can be used to identification
A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized access.
How do we determine data types - catgeries?
Recognizing the impact if that data is loss or altered to categories
- Personally identifiable information
- protected health information
- Financial information
- Government data
- Customer data
How do we determine data types - clssififcation?
Government/military:
Top/secret - unauthorized disclosure can be expected to cause exceptionally grievous damage
Secret - unauthorized disclousure can be expected to cause significant damage
-Confidential - encompasses sentive, private, high value data
- Unclassified - available to anyone through procedures identified
Private sector data classifications?
Confidential - reserved to extremely sensitive data and internal data
Private - data internal use only whose significance is great and its disclosure may lead to negative impact on organization
Sensitive - data which is treated as classified in comparison to the public data
Public - disclosure serious negative consequences to the organization
