4 hours 7 minutes
Welcome to less than 4.3 control disassociated processing.
So in this video we're going to cover the control function category # three disassociated processing and look at types of disassociate ability.
So under the control function um This is the final category and it's a disassociated processing.
So C. T. For control dP for disassociated processing. And then we have five subcategories. So what this is really getting at is ways in which you can protect an individual's privacy um through data minimization. So really trying to disassociate
a specified individual from the personal data that you're gathering on them.
So all five of the subcategories speak to that. So from limiting observe ability and link ability um uh which means data actions are taken take place on local devices and privacy preserving cryptography is utilized
um to limiting the identification of the of the individual. So d identification tokenization is utilized
as well as uh data is processed. To limit the formulation of inferences about someone's behavior activities. And then you're also
um your systems or devices are uh configurations permit selective collection or disclosure of data elements um as well as finally, attribute references are substituted for attribute values.
Um So in the next slide we're really going to look at a definition of what is disassociate bility. So its privacy engineering objective, which enables the processing of data or events without association to individuals or devices beyond the operational requirements of the system. So as I mentioned before, it's really trying to um you know,
unlinked the specified individual to the personal data that you've collected, really anonymous. Izing the data
and you can see an anonymity is really one of the first examples of disassociate ability. Um There are several here and these are,
this is probably not an exhaustive list of your options to disassociate the personal data from a specified individual. Um As I mentioned, you have the identification, so possibly being able to utilize um a piece of personal data that doesn't necessarily specify that it belongs to that individual um Unlinked ability. Maybe you're
um storing uh one piece of a data element in one database and maybe another piece of somewhere else so that they're not linked together. Um And they're not stored may be in the same sequence um to un observe ability. Um And then finally students uh student in the movie um So that basically you're making sure that
and whatever data sets or databases you may be containing personal data um that there's no way to link that data back to a specified individual. Sometimes this isn't always um able to be done. There may be a reason that you need to keep the personal data associated with an individual. Um And a lot of times we see that for hr reasons um with prospective employees or even um actual employees or even from a finance standpoint you may not be able to separate the personal data from the individual. Um But sometimes this can be done in a research setting.
Um If you're collecting certain types of personal data, you may not need to know who um it belongs to. Especially if you're trying to look at um something from a large dataset standpoint to determine a percent of individuals um that are doing x. Or percent of of a percentage of individuals
that may be subscribed to your marketing newsletter.
You may not need to keep all uh pieces of uh the personal data that belonged to an individual. You may not need to keep all those data elements together. Um So there are reasons why you would use this assoc ability versus why you may not use it.
Um But in the event that you can it's always a good idea to try to do that
um because then you have less implications of possibly having someone's privacy violated um or their data breach within your system.
So quiz question, which method is not a way to disassociate data from an individual.
One pseudonym itty to link ability or three D. Identification.
So the answer here is link ability. If you remember correctly from our list of um ways that you could disassociate uh the personal data from a specified individual, it was unlike ability. Um So you wanted to be able to unlinked um someone's personal data
from being able to directly tell you
that that belongs to john doe. Um So it's not link ability but delink ability.
like I said before in the previous slide that is not an exhaustive list of all the ways that you can disassociate um that data element from an individual. But this is just a few of the ways that we do currently see enterprises try to deceive disassociate the data from individuals.
So in this video we looked at the sub categories of of the disassociated processing category, and then we also looked at definitions and types of disassociate ability.
So I hope you'll join me as we move into the next module.
NIST 800-53: Introduction to Security and Privacy Controls
This course will provide Executives, Assessors, Analysts, System Administrators and students with the foundational knowledge ...
2 CEU/CPE Hours Available
Certificate of Completion Offered
CIS Top 20 Critical Security Controls
This course will provide students with an overview of the CIS Top 20 Critical Security ...
4 CEU/CPE Hours Available
Certificate of Completion Offered