Privacy and security controls
In privacy it's about the information, the people represented by the information. In privacy, we look at incidents, but then we go one step further to ask what information was revealed. Is there a risk of harm to the person or reputation
Information security controls
eg ISO/IEC 27001 and 27002
Information security access controls
Classification
Example of a classification scheme: Is the data
identifiable, pseudonymous or anonymous.
Policy controls
Technical privacy controls
Obfuscation
Masking
Randomization
Noise
Hashing
Data minimization
Data segregation
Compression
Aggregation
Deletion
De- identification
Common security practices
Data loss prevention
Destruction
Encryption
Access controls for physical and virtual systems
Privacy engineering technologies
Differential privacy
Homomorphic encryption
Privacy by design (PbD)
GDPR compliance requirements
No comments:
Post a Comment