- Policy and Process Life Cycle Management
- Support Legal Compliance and Advocacy
- Common Business Documents to Support Security
- Security Requirements for Contracts
- General Privacy Principles for Sensitive Information
- Support the Development of Policies Containing Standard Security Practices
- Exam Preparation Tasks
- Review All Key Topics
- Define Key Terms
- Review Questions
This chapter is from the book
This chapter is from the book
This chapter is from the book
General Privacy Principles for Sensitive Information
When considering technology and its use today, privacy is a major concern of users. This privacy concern usually involves three areas: which personal information can be shared with whom, whether messages can be exchanged confidentially, and whether and how a user can send messages anonymously. Privacy is an integral part of an organization’s security measures.
As part of the security measures that organizations must take to protect privacy, personally identifiable information (PII) must be understood, identified, and protected.
PII is any piece of data that can be used alone or with other information to identify a single person. Any PII that an organization collects must be protected in the strongest manner possible. PII includes full name, identification numbers (including driver’s license number and Social Security number), date of birth, place of birth, biometric data, financial account numbers (both bank account and credit card numbers), and digital identities (including social media names and tags).
Keep in mind that different countries and levels of government can have different qualifiers for identifying PII. Security professionals must ensure that they understand international, national, state, and local regulations and laws regarding PII. As the theft of this data becomes even more prevalent, you can expect more laws to be enacted that will affect your job.
Figure 2-1 lists examples of PII.
)
Figure 2-1 PII Examples
