Data Privacy
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> This domain is all about protecting data
00:00
but I want to bring up another
00:00
>> aspect of data protection,
00:00
>> data privacy, and explain how it is
00:00
linked to protecting data in Cloud environments.
00:00
The learning objectives are to describe data privacy,
00:00
define personally identifiable information,
00:00
and convey important considerations
00:00
regarding the privacy of data,
00:00
especially in Cloud environments.
00:00
Data privacy is really ensuring
00:00
the confidentiality of information in the Cloud.
00:00
There are different standards
00:00
and frameworks that define data privacy as
00:00
maintaining the confidentiality of
00:00
individuals' information or employees' information.
00:00
When it comes to the Cloud environments,
00:00
you want to really be able to put specific protections
00:00
around customers' information or
00:00
the information of your employees that
00:00
maybe have a sensitive nature.
00:00
Now, what do you mean information
00:00
that have a sensitive nature?
00:00
Well, there's a term referred to as
00:00
PII, personally identifiable information.
00:00
This information is used to
00:00
associate various pieces of data
00:00
or data to an individual's identity.
00:00
The top form of PII is name,
00:00
e-mail address, home address, and phone number.
00:00
These are piece of information
00:00
>> that should be protected,
00:00
>> secured in Cloud environments,
00:00
and there should also be special consideration
00:00
given to who really needs to access and
00:00
see that information in the context of
00:00
the Cloud when assigning roles and responsibilities.
00:00
We'll go more into different techniques to protect
00:00
the privacy and security of information and force
00:00
that concept at least privilege later.
00:00
But for now, another thing we should
00:00
consider is sensitive PII,
00:00
which is another category of
00:00
personally identifiable information where,
00:00
this is the information that not only can
00:00
be used to identify the individual but
00:00
might cause some type of harm or
00:00
embarrassment or compromise if
00:00
that information were to be disclosed.
00:00
This is very important to
00:00
consider in the context of health care,
00:00
related data in Cloud environments.
00:00
We'll talk later about
00:00
HIPAA as one of the main health
00:00
>> care data protection and
00:00
>> information acts and how
00:00
that data is really
00:00
protected and what data it's predicted under HIPAA.
00:00
But for now consider that there may be information that
00:00
also in and of itself may not be PII,
00:00
but when coupled with another piece of information,
00:00
could be considered
00:00
>> personally identifiable information.
00:00
>> You want to think beyond just the typical what
00:00
is PII within my Cloud environment,
00:00
but what other information if coupled with
00:00
sensitive information could be
00:00
really PII or sensitive PII.
00:00
Some other things to consider
00:00
from a privacy perspective are
00:00
when you are running
00:00
a business or even if you're dealing with vendors,
00:00
you want to see a certain amount of transparency
00:00
regarding how and what data is being
00:00
collected when you use applications or if
00:00
you're running a business, what information are you
00:00
storing on users or customers.
00:00
This is very important from
00:00
a privacy perspective to ensure that
00:00
people really understand the purpose
00:00
of the data that's being collected,
00:00
how long it'll be retained for and what it
00:00
will be used for within the
00:00
>> context of your application.
00:00
>> This connects to this overall concept of
00:00
openness that in this digital age
00:00
where information so easily can
00:00
be transferred and provided and analyzed.
00:00
We really want to conduct ourselves
00:00
with integrity by showing how data is being used,
00:00
why its being used,
00:00
and any changes to that are
00:00
communicated to customers to respect their privacy,
00:00
and the fact that we have a responsibility
00:00
as security practitioners
00:00
to protect their data and maintain their privacy.
00:00
Then this also goes into this other factor
00:00
of accountability.
00:00
Organizations must be accountable for anything that may
00:00
disrupt the privacy of
00:00
individual customers or their employees.
00:00
This will, as we'll see later,
00:00
there are many regulations related to if
00:00
information becomes compromised, especially PII,
00:00
many states and jurisdictions within
00:00
the United States and abroad
00:00
>> have notification rules that
00:00
>> have very strict criteria for the period of time
00:00
that individuals whose information has been
00:00
exposed need to be notified of those incidents.
00:00
In some cases,
00:00
they may be provided with
00:00
additional mechanisms such as
00:00
credit monitoring to protect
00:00
their information after a breach that will
00:00
result in a disclosure of
00:00
PII or other sensitive information.
00:00
Quiz question. Which of the following is
00:00
not personally identifiable information?
00:00
Mother's maiden name, home address, e-mail address.
00:00
This one may or may not have been tricky to you.
00:00
Mother's maiden name is really not PII,
00:00
but it's a piece of information when tied to
00:00
a piece of personal identifiable information that
00:00
could help individuals identified them.
00:00
There's always a joke in
00:00
the security community that mother's maiden name as
00:00
such a common security password question
00:00
that you've forgotten this,
00:00
what's your mother's maiden name to
00:00
reset a password that it
00:00
should itself be guarded or sensitive information.
00:00
Home address and e-mail address are considered
00:00
personally identifiable information and
00:00
should be protected accordingly.
00:00
In summary, we talked about the concept of privacy,
00:00
we talked about what data is considered PII,
00:00
and then we also talked about
00:00
important privacy considerations and
00:00
ethics regarding how data
00:00
is used in protective of their environments,
00:00
such as transparency on data collection, its use.
00:00
Openness regarding any changes and accountability when
00:00
data becomes either
00:00
intentionally or accidentally disclosed.
00:00
I'll see you in the next lesson.
Up Next
Instructed By
Similar Content
