Data Privacy

Data Sensitivity Labeling and Handling

  • Data / Info classified according to its value and level of sensitivity.
  • The appropriate level of security can be applied.
  • Process should be:
    • Easy to Apply
    • Consistent
    • Visible

Data Sensitivity Classifications

  • Common Labels:
    • Public / Unclassified - No harm if disclosed.
    • Confidential - Limited harm if disclosed.
    • Secret - Grave harm if disclosed.
    • Proprietary - Limited to internal use only. Restricted externally.
    • Private - Information regarding people.
  • Classification terms and labeling is determined by the organization.
  • PII - Personally Identifiable Information
    • Data that identifies or is traceable to a specific individual.
    • Name, SSN, Bio, Address
  • PHI - Protected (or Personal) Health Information
    • HIPAA, "any information about health status, provision of health care, or payment for health care that is created or collected by a "Covered Entity" that can be linked to a specific individual."

Data Roles

  • Data Owner
  • Data Custodian
  • Privacy Officer

Data Retention & Disposal

  • Retention
    • US Federal Rules of Civil Procedure (FRCP)
    • Keep information for only as long as you need it and no longer.
    • Set in a Data Protection Policy
  • Disposal
    • Properly disposing of data and associated hardware.

Data Destruction and Media Sanitation

  • Trusting third parties for destruction.
  • Observe destruction process.
  • Transportation to destruction facility.
  • Use of media after destruction.
  • Best practice is to combine methods.
  • Burning - Use of heat or fire.
    • Not environmentally friendly.
  • Shredding - Reduces the size of objects with the intent of making them no longer usable.
    • Items may still be re-assembled.
  • Pulping - Reduces paper to liquid slurry.
    • Can be safely recycled.
  • Pulverizing - Using hydraulic or pneumatic action to reduce the materials to loose fibers and shards.
    • High cost.
  • Degaussing - Using a large magnet to remove data from magnetic storage media such as hard drives and magnetic tapes.
  • Purging - Removing files and all traces of data.
    • Sanitary.
  • Wiping - Overwriting data.
    • Data is replaced and then removed.
Copy link
On this page
Data Sensitivity Labeling and Handling
Data Sensitivity Classifications
Sensitive Data Types - Legal
Data Roles
Data Retention & Disposal
Data Destruction and Media Sanitation