5.4.4 Privacy
Data subject, controller vs processor, right to be forgotten.
Privacy management involves the legal, ethical, and technical handling of sensitive information to ensure data subjects maintain control over their personal data.
Privacy Roles and Responsibilities - Data Subject: The individual to whom the personal data belongs (e.g., a customer or employee). - Data Owner: The entity with legal rights and ultimate responsibility for the data, typically an organization or senior executive. They define classification levels. - Data Controller: The entity that determines the purposes and means of processing personal data. Under GDPR, they are responsible for ensuring compliance and reporting. - Data Processor: A third party that handles data on behalf of the controller. They follow the controller’s instructions and do not own the data. - Data Custodian/Steward: The technical role responsible for the actual transport, storage, and security of the data set (e.g., a database administrator).
Key Privacy Concepts and Controls - Data Minimization: The practice of only collecting and retaining the specific amount of data necessary to fulfill a stated purpose. "If you don't have it, you can't lose it." - Data Masking: Hiding or obfuscating sensitive data by replacing it with modified content, such as using asterisks to hide credit card digits. - Tokenization: Replacing a sensitive data element with a non-sensitive surrogate called a token. The original data is stored in a secure vault, and the token is used for transactions. - Privacy Notice: A public document explaining how an organization collects, uses, retains, and discloses personal information. - Terms of Agreement: A legal contract defining the rules and expectations for parties using a service or providing data.
Privacy Rights and Obligations - Right to be Forgotten: Also known as the Right to Erasure, this allows a data subject to request that an organization delete all their personal data when it is no longer necessary or consent is withdrawn. - Purpose Limitation: Personal data must be collected for specified, explicit, and legitimate purposes and not processed further in a manner incompatible with those purposes. - Third-Party Considerations: Organizations must utilize legal agreements to ensure external vendors follow strict privacy safeguards for transmitted PII/PHI.
Quick recall - Controller vs. Processor: The controller decides *why* and *how*; the processor does the actual *handling*. - Tokenization: Uses a lookup table/vault; Masking just hides parts of the data. - GDPR: The primary regulation driving the definition of roles like Controller and Processor. - Minimization: Reduces the "blast radius" or impact of a potential data breach.