Disassociated Processing

00:00

Welcome to less than 4.3 control disassociated processing.

00:05

So in this video we're going to cover the control function category # three disassociated processing and look at types of disassociate ability.

00:16

So under the control function um This is the final category and it's a disassociated processing.

00:23

So C. T. For control dP for disassociated processing. And then we have five subcategories. So what this is really getting at is ways in which you can protect an individual's privacy um through data minimization. So really trying to disassociate

00:40

a specified individual from the personal data that you're gathering on them.

00:44

So all five of the subcategories speak to that. So from limiting observe ability and link ability um uh which means data actions are taken take place on local devices and privacy preserving cryptography is utilized

01:02

um to limiting the identification of the of the individual. So d identification tokenization is utilized

01:10

as well as uh data is processed. To limit the formulation of inferences about someone's behavior activities. And then you're also

01:19

um your systems or devices are uh configurations permit selective collection or disclosure of data elements um as well as finally, attribute references are substituted for attribute values.

01:32

Um So in the next slide we're really going to look at a definition of what is disassociate bility. So its privacy engineering objective, which enables the processing of data or events without association to individuals or devices beyond the operational requirements of the system. So as I mentioned before, it's really trying to um you know,

01:52

unlinked the specified individual to the personal data that you've collected, really anonymous. Izing the data

02:00

and you can see an anonymity is really one of the first examples of disassociate ability. Um There are several here and these are,

02:07

this is probably not an exhaustive list of your options to disassociate the personal data from a specified individual. Um As I mentioned, you have the identification, so possibly being able to utilize um a piece of personal data that doesn't necessarily specify that it belongs to that individual um Unlinked ability. Maybe you're

02:30

um storing uh one piece of a data element in one database and maybe another piece of somewhere else so that they're not linked together. Um And they're not stored may be in the same sequence um to un observe ability. Um And then finally students uh student in the movie um So that basically you're making sure that

02:52

and whatever data sets or databases you may be containing personal data um that there's no way to link that data back to a specified individual. Sometimes this isn't always um able to be done. There may be a reason that you need to keep the personal data associated with an individual. Um And a lot of times we see that for hr reasons um with prospective employees or even um actual employees or even from a finance standpoint you may not be able to separate the personal data from the individual. Um But sometimes this can be done in a research setting.

03:30

Um If you're collecting certain types of personal data, you may not need to know who um it belongs to. Especially if you're trying to look at um something from a large dataset standpoint to determine a percent of individuals um that are doing x. Or percent of of a percentage of individuals

03:49

that may be subscribed to your marketing newsletter.

03:52

You may not need to keep all uh pieces of uh the personal data that belonged to an individual. You may not need to keep all those data elements together. Um So there are reasons why you would use this assoc ability versus why you may not use it.

04:08

Um But in the event that you can it's always a good idea to try to do that

04:13

um because then you have less implications of possibly having someone's privacy violated um or their data breach within your system.

04:25

So quiz question, which method is not a way to disassociate data from an individual.

04:30

One pseudonym itty to link ability or three D. Identification.

04:39

So the answer here is link ability. If you remember correctly from our list of um ways that you could disassociate uh the personal data from a specified individual, it was unlike ability. Um So you wanted to be able to unlinked um someone's personal data

04:58

from being able to directly tell you

05:00

that that belongs to john doe. Um So it's not link ability but delink ability.

05:06

So

05:08

like I said before in the previous slide that is not an exhaustive list of all the ways that you can disassociate um that data element from an individual. But this is just a few of the ways that we do currently see enterprises try to deceive disassociate the data from individuals.

05:29

So in this video we looked at the sub categories of of the disassociated processing category, and then we also looked at definitions and types of disassociate ability.