Privacy Engineering

Privacy and security controls

In privacy it's about the information, the people represented by the information. In privacy, we look at incidents, but then we go one step further to ask what information was revealed. Is there a risk of harm to the person or reputation

Information security controls


eg ISO/IEC 27001 and 27002




Information security access controls

Classification

Example of a classification scheme: Is the  data 
identifiable, pseudonymous or anonymous.

Policy controls

Technical privacy controls

Obfuscation
Masking
Randomization
Noise
Hashing
Data minimization
Data segregation
Compression
Aggregation
Deletion
De- identification
Common security practices
Data loss prevention
Destruction
Encryption
Access controls for physical and virtual systems
Privacy engineering technologies
Differential privacy
Homomorphic encryption


Privacy by design (PbD)

GDPR compliance requirements 




No comments:

Post a comment