Beruflich Dokumente
Kultur Dokumente
Walter Clay
17 May 2018
1
P U T T I N G T H E
EBC F A M I L Y B A C K T O G E T H E R
Lesson Objectives
2
P U T T I N G T H E
EBC F A M I L Y B A C K T O G E T H E R
Lesson Overview
Rules of Engagement:
Participate
Ask questions
3
EBC
What Is Privacy?
Privacy also:
Allows individuals a choice in how their information is used or disclosed.
Assures that personal data will be used and viewed for official purposes only.
Enables trust between an organization and the public.
4
EBC
Definition of PII
PII is any information which can be used to distinguish or trace an individual’s identity, such as
their name, social security number, date and place of birth, mother’s maiden name, as well as
biometric records, in addition to any other personal information which is linked or linkable to an
individual that permits the identity of an individual to be directly or indirectly inferred.
PII is any data that could potentially identify a specific individual. Any information that can be
used to distinguish one person from another and can be used for de-anonymizing anonymous
data can be considered PII.
5
EBC
Definition of Linked and Linkable
6
EBC
Key Laws Governing PII
Privacy Act of 1974: Provides guidance for the collection, use, management, and disclosure
of personal information.
Health Insurance Portability and Accountability Act (HIPAA) of 1996: Restricts use and
disclosure of protected health information (PHI) and grants individuals access to records.
Children’s Online Privacy Protection Act COPPA 1998: Requires that parental consent be
obtained for websites that gather personal information on kids under the age of 13.
E-Government Act of 2002, Title II and III: Requires federal agencies to assess impact of
privacy for systems that collect information about members of the public.
7
EBC
Key Privacy Guidance
Office of Management and Budget Mandate M-07-16 2007: Requires safeguards for PII in
electronic or paper format and policies and procedures for privacy incident reporting and
handling.
National Institutes of Standards and Technology (NIST) Special Publication 800-53,
Revision 4, Security and Privacy Controls for Federal Information Systems and
Organizations: In Appendix J, NIST provides a structured, standardized set of privacy
controls that all systems and organizations must address.
8
EBC
Categories of PII
PII which is any information that permits the identity of an individual to be directly or
indirectly inferred, including any information that is linked or linkable to that individual.
Sensitive PII, is PII, which if lost, compromised, or disclosed without authorization, could
result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.
Protected Health Information (PHI), under US law is any information about health status,
provision of health care, or payment for health care that is created or collected by a
"Covered Entity" (or a Business Associate of a Covered Entity), and can be linked to a
specific individual.
Indirect (Anonymous) PII, Information that can be combined with other information to
identify a specific individual
9
EBC
Common Examples of PII
Name
Social Security number (SSN)
Date of birth (DOB)
Mother’s maiden name
Financial records
Email address
Driver’s license number
Passport number
Health information
10
P U T T I N G T H E
EBC F A M I L Y B A C K T O G E T H E R
“Rolodex Exception”
11
P U T T I N G T H E
EBC F A M I L Y B A C K T O G E T H E R
Indirect (Anonymous) PII
12
EBC
What Identity Thieves Want (Your PII)
You should take the time to inventory your relationships with companies, organizations and
individuals your trust with your personally identifiable information or PII. See how your identity is
a PII Chart or a picture of relationships you have created. Once you visualize the slices of your
PII, managing your identity becomes easier.
13
Need to Know
Protect PII:
Collect, access, use, and disclose personal information only for reasons that are for a
legitimate job function and allowed by law.
Safeguard personal information in your possession.
Properly dispose of documents containing PII.
Report suspected privacy violations or incidents.
14
EBC
Possible Consequences of Privacy Violations
15
EBC
16
EBC
Lesson Summary
17
P U T T I N G T H E
EBC F A M I L Y B A C K T O G E T H E R
18
P U T T I N G T H E
EBC F A M I L Y B A C K T O G E T H E R
19
P U T T I N G T H E
EBC F A M I L Y B A C K T O G E T H E R
20
EBC
EBC