1. ‫أكاديمية الحكومة اإللكترونية الفلسطينية‬
The Palestinian eGovernment Academy
www.egovacademy.ps
Tutorial 6: The Legal Framework of New Technologies
Session5
Privacy & Data Protection
Dr. Ismail M. Romi
Palestine Polytechnic University
Email: ismailr@ppu.edu
PalGov © 2011 1

2. About
This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the
Commission of the European Communities, grant agreement 511159-TEMPUS-1-
2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps
Project Consortium:
Birzeit University, Palestine
University of Trento, Italy
(Coordinator )
Palestine Polytechnic University, Palestine Vrije Universiteit Brussel, Belgium
Palestine Technical University, Palestine
Université de Savoie, France
Ministry of Telecom and IT, Palestine
University of Namur, Belgium
Ministry of Interior, Palestine
TrueTrust, UK
Ministry of Local Government, Palestine
Coordinator:
Dr. Mustafa Jarrar
Birzeit University, P.O.Box 14- Birzeit, Palestine
Telfax:+972 2 2982935 mjarrar@birzeit.eduPalGov © 2011
2

3. © Copyright Notes
Everyone is encouraged to use this material, or part of it, but should properly
cite the project (logo and website), and the author of that part.
No part of this tutorial may be reproduced or modified in any form or by any
means, without prior written permission from the project, who have the full
copyrights on the material.
Attribution-NonCommercial-ShareAlike
CC-BY-NC-SA
This license lets others remix, tweak, and build upon your work non-
commercially, as long as they credit you and license their new creations
under the identical terms.
PalGov © 2011 3

4. Privacy and Data Protection
Session ILOs
After completing this session trainees will be able to:
1. Understand the legal frame for access management
2. Enforcing security management through internal regulation
3. Widen the knowledge of privacy and data protection
4. Develop knowledge about international as well as EU best
practices and standards
5. Ensure public transparency of the processing of data.
6. Control of the processing of personal data by public bodies.
7. Team Work.
8. Analysis skills
PalGov © 2011 4

5. Overview
1. Protecting Personal Privacy
2. Ensuring Confidentiality
PalGov © 2011 5

6. 1. Protecting Personal Privacy
Personal Privacy.
Privacy Rights
Privacy and Technology
Privacy Protection
PalGov © 2011 6

7. Privacy ‫الخصوصية‬
• Privacy is the claim of individuals, groups and
institutions to determine for themselves, when, how
and to what extent information about them is
communicated to others, [Westin 1967].
• Who have the right to privacy?
– Natural (individuals).
– Legal persons (groups and institutions).
‫الخصىصية: هي حق األفراد والجماعات والمؤسسات في أن يقرروا كيفية التعامل‬
.‫مع المعلىمات الخاصة بهم، مه حيث التىقيث، والكمية، والجهة‬
PalGov © 2011 7

8. Aspects of Privacy
• Territorial privacy: :‫أوجه الخصوصٌة‬
– Protecting the close physical area surrounding a
‫1- الخصوصٌة المكانٌة‬
person, i.e. domestic and other environments
such as the workplace or public space). ‫2- الخصوصٌة الشخصٌة‬
• Privacy of the person: ‫3- خصوصٌة المعلومات‬
– Protecting a person against undue interference,
such as physical searches, drug testing or
information violating his/her moral sense).
• Informational privacy:
– Controlling whether and how personal data can
be gathered, stored, processed or selectively
disseminated.
PalGov © 2011 8

9. Personal Identifiable Information (PII) ‫المعلومات الشخصية المميزة‬
• Any information about an individual maintained
by an agency, including:
– Any information that can be used to distinguish or
trace an individual‗s identity.
– Any other information that is linked or linkable to an
individual.
،‫المعلومات التعرٌفٌة الممٌزة: هً معلومات األفراد التً تحتفظ بها المؤسسات‬
‫وتشمل المعلومات التً تمٌز األفراد عن غٌرهم‬
PalGov © 2011 9

10. Examples of PII Data‫أمثلة على المعلومات التعريفية المميزة‬
• Names: full name, mother‗s name, or alias.
• Personal identification number: social security
number (SSN), passport number, driver‗s license
number, taxpayer identification number, patient
identification number, and financial account or credit
card number.
• Address information: such as street address or email
address.
• Asset information: Internet Protocol (IP) or Media
Access Control (MAC) address, other host-specific
persistent static identifier that consistently links to a
particular person or small, well-defined group of
people.
...‫– االسم، اسم األم، الكنٌة، الرقم الوطنً، رقم الجواز، الرقم الضرٌبً، رقم رخصة القٌادة‬
‫– العنوان، االٌمٌل، عنوان االنترنت، رقم الهاتف، الصور، ....الخ‬
PalGov © 2011 10

11. Examples of PII Data ….Cont
• Telephone numbers, including mobile, business, and
personal numbers
• Personal characteristics, including photographic image
(especially of face or other distinguishing characteristic), x-
rays, fingerprints, or other biometric image or template
data (e.g., retina scan, voice signature, facial geometry).
• Information identifying personally owned property, such as
vehicle registration number or title number and related
information.
• Information about an individual that is linked or linkable to
one of the above (e.g., date of birth, place of birth, race,
religion, weight, activities, geographical indicators,
employment information, medical information, education
information, financial information).
PalGov © 2011 11

12. Privacy Rights ‫حقوق الخصوصية‬
• The right to be let alone to live one‘s own life with
the minimum degree of interference.
‫حق الفرد بأن ٌمارس حٌاته لوحده دون أي تدخل أو تشوٌش من الغٌر‬
• The right of the individual to lead his own life
protected against:
– Interference with his private, family and home life.
– Interference with his physical or mental integrity or his
moral and intellectual freedom.
– Attacks on his honor and reputation.
– Being placed in a false light.
– The disclosure of irrelevant embarrassing facts relating
to his private life.‫كشف حقائق محرجه‬
PalGov © 2011 12

13. Privacy Rights…Cont
– The use of his name, identity or likeness.
– Spying, prying, watching and besetting.
– Interference with his correspondence.
– Misuse of his private communications, written or oral.
– Disclosure of information given or received by him in
circumstances of professional confidence.
PalGov © 2011 13

14. Privacy and Technology ‫التكنولوجيا والخصوصية‬
• A number of privacy issues arise with the proliferation of digital
technologies: ‫مع دخول التكنولوجٌا ظهرت العدٌد من القضاٌا المتعلقة بالخصوصٌة‬
– Personalized services, such as reward programs
(supermarket cards, frequent flyer/buyer cards, etc.) require
collection, (uncontrolled) processing, and often even
distribution of personal data and sensitive information.
– With ubiquitous connectivity, people are increasingly using
electronic technologies in business-to-consumer and
business-to-business settings (are financial transactions,
credit card payments, business transactions, email,
document exchange, and even management of personal
health records).
– New technologies are being used for the purpose of
monitoring and recording behaviors of individuals who may
not even be aware of it, this data typically includes
personal information and is essentially privacy sensitive.
‫ٌتمثل تأثٌر التكنولوجٌا على الخصوصٌة فً إمكانٌة وسهولة تجمٌع المعلومات عن‬
.‫األفراد بطرق عدٌدة ومتنوعة‬
PalGov © 2011 14

15. Privacy and Technology: No Secrets
• Personal Data: All About You
 More than 15,000 specialized ‫تشٌر االحصائٌات إلى توفر‬
‫كمٌات هائلة من قواعد‬
marketing databases contain
‫البٌانات التً تحتوي على‬
2,000,000,000 names ‫بٌانات عن األفراد حول‬
 These databases contain ‫العالم‬
characteristics like age, income,
religion
PalGov © 2011 15

16. Privacy and Technology: No Secrets
Big Brother and Big Business
 Other information technologies amplify the ‫تعتبر الشبكات وقواعد‬
threat to personal privacy, too: ‫البٌانات الخدمٌة من‬
 Networks: make it possible for personal data to ‫العوامل التً سهلت‬
be transmitted almost anywhere instantly ‫الوصول لبٌانات‬
 Microsoft’s Passport, part of its .NET ‫األفراد‬
technologies, can optionally collect in a central
database controlled by Microsoft
 Passwords
 Credit card numbers
 Other consumer information
PalGov © 2011 16

17. Privacy and Technology: No Secrets
 Workplace monitoring technology: enables
managers to learn more than ever before about the
work habits and patterns of workers .
‫تكنولوجٌا مراقبة‬
 Surveillance cameras: increasingly used for
nabbing routine traffic violations and detecting ،‫العمل، الكامٌرات‬
security violators, can be combined with picture ‫األقمار‬
databases to locate criminals—and others ‫اإلصطناعٌة، أجهزة‬
 Surveillance satellites: can provide permanent ..‫الهاتف‬
peepholes into our lives for anyone willing to pay ‫جمٌعها أٌضا سهلت‬
the price
‫الوصول لبٌانات‬
 Cell phones: are now required by law to include
technology to determine and transmit their ‫األفراد‬
locations to emergency personnel responding to
911 calls.
PalGov © 2011 17

18. Privacy Protection in the Law
• The interest in privacy increased in the 1960´s and
1970´s with the advent of Information Technology and
its obvious surveillance potential.
• 1974, In the USA, the Privacy Act was adopted as an
acknowledgement that the development of complex
information systems posed a threat to personal
privacy.
• 1980, Organization for Economic Cooperation and
Development (OECD) adopted its Guidelines on the
Protection of Privacy and Transborder Flows of
Personal Data, which should help to harmonize the
different national laws and enforce some minimum
degree of privacy protection amongst member
countries.
‫اهتمت القوانٌن الدولٌة بقضٌة الخصوصٌة، وتطورت هذه القوانٌن فً العدٌد من‬
‫البلدان، حٌث تم وضع قوانٌن تضبط التعامل مع بٌانات األفراد والمؤسسات‬
PalGov © 2011 18

19. Privacy Protection in the Law …Cont
• 1981, the Council of Europe adopted the
Convention for the Protection of Individuals
with Regard to Automatic Processing of
Personal Data, which is legally binding on any
member state that ratifies it.
• 1990, The United Nations (UN) considers the
adoption of international data protection
guidelines as a natural extension of the 1966
International Covenant on Civil and Political
Rights. The Guidelines Concerning
Computerized Personal Data Files were
adopted by the General Assembly.
PalGov © 2011 19

20. Privacy Protection in the Law …Cont
• 1990, the European Community issued the first draft
proposal for a Directive on Personal Data
Protection, which was later revised.
• 1995, The final EU Directive 95/46/EC on the
protection of individuals with regard to the
processing of personal data and on the free
movement of such data.
• 1997, The EU Directive 97/66/EC on Data
protection in Telecommunications [EU
Telecommunications Directive 1997] was adopted.
PalGov © 2011 20

21. Privacy Protection in the Law…Cont
• The law protects privacy in many ways.
• The type of laws and the level of protection
may differ between countries and
jurisdictions.
• The following categories of legal protection
can be identified in most jurisdictions:
– Constitutional laws and international treaties
‫القوانٌن الدستورٌة والمعاهد الدولٌة‬demonstrate the
importance of the right to privacy. Legislators as
well as the courts have to take these
fundamental rights into account when drafting or
interpreting the laws.
PalGov © 2011 21

22. Privacy Protection in the Law…Cont
– Criminal laws define the minimum level of acceptable
behavior by a society. All privacy-intrusive behavior
below that threshold in punishable by society i.e.
stalking, the use of hidden cameras, illegal wire-tapping
of somebody else‘s telecommunications (such as
spyware), hacking into a computer system, entering
somebody‘s home without permission. ،‫التتبع، الكامٌرات‬
‫التنصت، اختراق الحاسوب، دخول المنازل‬
– Administrative laws on criminal procedure or laws on
background checking, give rules and procedures for
allowing certain types of privacy-intrusive behavior.
– Civil law and tort law provide obligations in the case of
(unreasonable) invasions of privacy, such as paying
damages or compensation, to undo harmful actions or
to refrain from certain privacy-invasive behavior.
PalGov © 2011 22

23. ‫‪Privacy Protection in the Palestinian Law‬‬
‫•غٌاب قانون فلسطٌنً ٌنظم حماٌة أمن المعاومات وحماٌة الخصوصٌة.‬
‫•ٌنظم القانون األساسً الفلسطٌنً لسنة 3002 الحقوق والحريات العامة، لكن‬
‫ال توجد قواعد مباشرة بخصوص حماٌة أمن المعلومات وحماٌة الخصوصٌة.‬
‫• توجد قواعد مبعثرة فً بعض القوانٌن الفلسطٌنٌة بخصوص حماٌة‬
‫الخصوصٌة، مثل قانون األحوال المدنٌة ، ففً المادة 01 المتعلقة بسرٌة‬
‫السجالت نص القانون على أنه تعتبر محتويات سجالت األحوال المدنية سرية‬
‫وال يجوز االطالع عليها لغير صاحب العالقة إال بموجب حكم قضائي ويكون‬
‫االطالع في المكان المحفوظ به السجالت.‬
‫.‪•Absence of privacy protection regulations‬‬
‫‪•No direct regulation in 2003 law that deals with privacy‬‬
‫.‪protection‬‬
‫1102 © ‪PalGov‬‬ ‫32‬

24. International Privacy Principles‫القواعد العالمية للخصوصية‬
‫معظم القوانٌن المتعلقة بالخصوصٌة تم اشتقاقها من مجموعة من القواعد العامة التً وضعتها‬
.‫منظمة االقتصاد للتعاون والتطوٌر‬
• Most privacy laws use commonly recognized
privacy principles as a basis.
• The most influential principles have been
developed by the Organization for Economic
Cooperation and Development (OECD).
• The OECD issued its guidelines on the
protection of privacy and transborder flows
of personal data in 1980.
• This document has played a leading role in
the development of privacy laws in the EU,
Canada, Australia and other jurisdictions.
PalGov © 2011 24

25. International Privacy Principles
• The main privacy principles: :‫القواعد العالمٌة للخصوصٌة‬
– Collection limitation ‫• قواعد تتعلق بتجمٌع البٌانات‬
– Purpose specification ‫• الغاٌة من تجمٌع البٌانات‬
– Use limitation ‫• استخدام البٌانات‬
– Data quality ‫• جودة البٌانات‬
– Security safeguards ‫• أمن البٌانات‬
– Openness ‫• مشاركة األفراد‬
– Individual participation ‫• الوضوح مع الفرد‬
– Accountability ‫• المسؤولٌة‬
PalGov © 2011 25

26. Collection Limitation, Purpose Specification and
Use Limitation
• Personal data should only be collected by lawful
means and in a fair manner, including - where
appropriate - with the knowledge or the consent
of the individual.
• Personal data can only be collected and used
for predefined legitimate purposes.
• Legitimate purposes for processing personal
data include:
– The performance of a contract with the individual
– Complying with a legal obligation
– Protecting the vital interests of the individual
– Legitimate business needs
– Legitimate public interest, which overrides the
(privacy) interests of the individual.
PalGov © 2011 26

27. Collection Limitation, Purpose Specification and
Use Limitation…..Cont
• Using data for other purposes (including
disclosure of data to third parties) is not
allowed.
• Secondary use is sometimes allowed if the
purpose for which the data have been
collected and the purpose for which the data
will be used are not incompatible.
PalGov © 2011 27

28. Data Quality
• Personal data should be relevant for the
purposes of processing, as well as accurate,
complete and up to date.
• So, there should, for instance, be a data
management process, which ensures that
data are kept up to date and are deleted
when the purposes are no longer there.
PalGov © 2011 28

29. Security Safeguards
• According to this principle personal data
have to be protected against unauthorized
access, use, destruction, modification or
disclosure.
• Reasonable means should be used
compared to the risks and the nature of the
data.
PalGov © 2011 29

30. Openness
• The party which collects and uses the data
has to inform the individual about:
– Who he is.
– Why he is collecting and using the data.
– Information that is necessary to ensure fair
processing:
• The right to object to the processing or to opt out
from it,
• The fact that data will be disclosed or sold to third
parties,
• The fact that data are stored and used in another
jurisdiction (with possibly different rules for privacy
protection).
PalGov © 2011 30

31. Individual Participation
• The individual has the right to access the data
stored about him, and has the right to ask for
correction, updates or removal of the data.
• Note that access could be granted in many
ways:
– Allowing the individual to retrieve the data from the
system himself (which requires extra security
measures such as identity verification and
authentication),
– Providing the individual with a copy or summary
overview of the data.
PalGov © 2011 31

32. Individual Participation ….Cont
• The disclosed data cannot include data about
other individuals.
• The individual also has the right to ask for an
explanation about the meaning of the data or
their origin.
PalGov © 2011 32

33. Accountability
• The party under whose authority the data
are collected, processed and used, can be
held accountable for complying with privacy
principles.
• This accountability may include civil or
criminal liability.
PalGov © 2011 33

34. 2. Ensuring Confidentiali ‫السرية‬
 Confidentiality
PII Confidentiality Impact Levels
Factors for Determining PII Confidentiality Impact Levels
PII: Personal Identifiable Information (PII).
PalGov © 2011 34

35. Confidentiality ‫السرية‬
• Preserving authorized restrictions on information access
and disclosure, including means for protecting personal
privacy and proprietary information.
• The security objectives of integrity and availability are
equally important for personal identifiable information
(PII). ‫مجموعة القٌود على الوصول للمعلومات ومعالجتها بما ٌضمن‬
.‫الخصوصٌة الفردٌة‬
• The confidentiality of PII should be protected based on
its impact level.
• Impact level:
– The harm (any negative or unwanted effects)
caused from a breach of confidentiality should be
considered when attempting to determine which
PII confidentiality impact level corresponds to a
specific set of PII.
PalGov © 2011 35

36. Three Impact Levels
• The following describe the ‫ترتبط السرٌة بمستوى التأثٌر‬ •
three impact levels—low, ،‫السلبً على الخصوصٌة‬
moderate, and high— :‫وهناك ثالثة مستوٌات‬
defined in FIPS 199: ‫التأثٌر القلٌل: عندما ٌكون‬ •
– Low: if the loss of .‫تأثٌر غٌاب السرٌة منخفضا‬
confidentiality, integrity, or ‫التأثٌر المتوسط: عندما ٌكون‬ •
availability could be expected ،‫تأثٌر غٌاب السرٌة متوسطا‬
to have a limited adverse .‫بمعنى أن الضرر متوسط‬
effect on organizational ‫التأثٌر العالً: عندما ٌؤدي‬ •
operations, organizational ‫غٌاب السرٌة إلى ضرر‬
assets, or individuals. .‫كبٌر‬
PalGov © 2011 36

37. Three Impact Levels ….Cont
– Moderate: if the loss of confidentiality, integrity, or
availability could be expected to have a serious
adverse effect on organizational operations,
organizational assets, or individuals.
– High: if the loss of confidentiality, integrity, or
availability could be expected to have a severe or
catastrophic adverse effect on organizational
operations, organizational assets, or individuals.
PalGov © 2011 37

38. Factors for Determining PII Confidentiality
Impact Levels
• Determining the impact from a :‫تحدٌد مستوى التأثٌر السلبً لفقدان السرٌة‬
loss of confidentiality of PII .‫• درجة تمٌٌز المعلومات للفرد‬
should take into account
‫• كمٌة المعلومات‬
relevant factors.
‫• حساسٌة المعلومات‬
1. Identifiability:
‫• سٌاق استخدام المعلومات‬
– How easily PII can be used to
identify specific individuals? ‫• درجة اإللتزام بالخصوصٌة‬
2. Quantity of PII: ‫• طرٌقة ومكان استخدام المعلومات‬
– consider how many individuals are
identified in the information.
3. Data Field Sensitivity:
– the sensitivity of each individual PII
data field, as well as the sensitivity
of the PII data fields together.
PalGov © 2011 38

39. Factors for Determining PII Confidentiality
Impact Levels….Cont
• Context of Use:
– Context of use is defined as the purpose for which PII
is collected, stored, used, processed, disclosed, or
disseminated (statistical analysis, eligibility for
benefits, administration of benefits, research, tax
administration, or law enforcement ).
• Obligation to Protect Confidentiality:
– An organization that is subject to any obligations to
protect PII should consider such obligations when
determining the PII confidentiality impact level.
– Many organizations are subject to laws, regulations,
or other mandates governing the obligation to protect
personal information.
PalGov © 2011 39

40. Factors for Determining PII Confidentiality
Impact Levels….Cont
• Access to and Location of PII:
– The nature of authorized access to PII.
– When PII is accessed more often or by more
people and systems, there are more opportunities
for the confidentiality of the PII to be compromised.
– Another aspect of the nature of access to PII is
whether PII is being stored on or accessed from
teleworkers devices or other systems, such as web
applications, outside the direct control of the
organization.
PalGov © 2011 40

41. Practice1:
Intranet Activity Tracking
• An organization maintains a web use audit log for
an intranet web site accessed by employees. The
web use audit log contains the following:
– The user‗s IP address
– The Uniform Resource Locator (URL) of the web site
the user was viewing immediately before coming to
this web site (i.e., referring URL)
– The date and time the user accessed the web site
– The web pages or topics accessed within the
organization‗s web site (e.g., organization security
policy).
• What is the confidentiality impact level of this
organization?
PalGov © 2011 41

42. Practice1 :…...Cont
• Identifiability: By itself, the log does not contain any
directly identifiable data. However, the organization has a
closely-related system with a log that contains domain
login information records, which include user IDs and
corresponding IP addresses. Administrators who have
access to both systems and their logs could correlate
information between the logs and identify individuals.
Potentially, information could be stored about the actions
of most of the organization‗s users involving web access
to intranet resources. The organization has a small
number of administrators who have access to both
systems and both logs.
• Quantity of PII: The log contains a large number of
records containing linked PII.
PalGov © 2011 42

43. Practice1 :…...Cont
• Data field sensitivity: The information on which
internal web pages and topics were accessed
could potentially cause some embarrassment if
the pages involved certain human resources-
related subjects, such as a user searching for
information on substance abuse programs.
However, since the logging is limited to use of
intranet-housed information, the amount of
potentially embarrassing information is minimal.
• Context of use: Creation of the logs is known to all
staff members through the organization‗s
acceptable use policies. The release of the
information would be unlikely to cause harm, other
than potential embarrassment for a small number
of users.
PalGov © 2011 43

44. Practice1 :…...Cont
• Access to and location of PII: The log is
accessed by a small number of system
administrators when troubleshooting operational
problems and also occasionally by a small
number of incident response personnel when
investigating incidents. All access to the log
occurs only from the organization‗s own systems.
• Conclusion:
• Taking into account these factors, the
organization determines that a breach of the log‗s
confidentiality would likely cause little or no harm,
and it chooses to assign the PII confidentiality
impact level of low.
PalGov © 2011 44

45. Practice 2: Fraud, Waste, and Abuse Reporting
Application
• A database contains web form submissions by individuals
claiming possible fraud, waste, or abuse of organizational
resources and authority.
• Some of the submissions include serious allegations,
such as accusing individuals of accepting bribes ‫رشوة‬or
not enforcing safety regulations.
• The submission of contact information is not prohibited,
and individuals often enter their personal information in
the form‗s narrative text field.
• The web site is hosted by a server that logs IP address
and referring web site information.
• What is the confidentiality impact level of this
organization?
PalGov © 2011 45

46. Practice 2: Fraud, Waste, and Abuse Reporting
Application …Cont
• Identifiability: By default, the database does not
request PII, but a significant percentage of users
choose to provide PII. The web log contains IP
addresses, which could be identifiable. However,
the log information is not linked or readily linkable
with the database or other sources to identify
specific individuals.
• Quantity of PII: A recent estimate indicated that
the database has approximately 50 records with
PII out of nearly 1000 total records.
• Data field sensitivity: The database‗s narrative text
field contains user-supplied text and frequently
includes information such as name, mailing
address, email address, and phone numbers.
PalGov © 2011 46

47. Practice 2: Fraud, Waste, and Abuse Reporting
Application …Cont
• Context of use: Because of the nature of the
submissions (i.e., reporting claims of fraud, waste,
or abuse), the disclosure of individuals‗ identities:
– would likely cause retribution by management and
peers. ‫العقوبات‬
– It could negatively impact individuals about whom
accusations‫ اتهامات‬are made.
– The harm may include blackmail‫ ,ابتزاز‬severe emotional
distress, loss of employment, and physical harm.
– A breach would also undermine employee and public
trust in the organization. ‫تقوٌض الثقة مع المؤسسة‬
PalGov © 2011 47

48. Practice 2: Fraud, Waste, and Abuse Reporting
Application …Cont
• Access to and location of PII: The database
is only accessed by a few people who
investigate fraud, waste, and abuse claims.
All access to the database occurs only from
the organization‗s internal systems.
• Conclusion:
• Taking into account these factors, the
organization determines that a breach of the
database‗s confidentiality would likely cause
catastrophic harm to some of the individuals
and chooses to assign the PII confidentiality
impact level of high.
PalGov © 2011 48

49. Summary
• The escalation of security breaches involving
personally identifiable information (PII) has
contributed to the loss of millions of records
over the past few years. Breaches involving
PII are hazardous to both individuals and
organizations.
• To appropriately protect the confidentiality of
PII, organizations should use a risk-based
approach.
• Organizations should identify all PII residing
in their environment.
PalGov © 2011 49

50. Summary
• Organizations should minimize the use,
collection, and retention of PII to what is
strictly necessary to accomplish their
business purpose and mission.
• Organizations should categorize their PII by
the PII confidentiality impact level, using
determined factors such as identifiability,
quantity of PII, data field sensitivity, context
of use, obligations to protect confidentiality,
and access to and location of PII.
PalGov © 2011 50

51. References
• ―Data Protection Act 1998: Legal Guidance‖, Retrieved: September,
18, 2011, From: http://www.ico.gov.uk.
• Fischer-Hubner, S., (2001), ―IT-Securityand Privacy: Design and
Use of Privacy-Enhancing Security Mechanisms‖, Springer.
• McCallister, E., Grance, T., Scarfone, K., (2010), ―Guide to
Protecting the Confidentiality of Personally Identifiable Information
(PII)‖, NIST Special Publication 800-122.
• Nemati, H. R., (2009), ―Techniques and Applications for Advanced
Information Privacy and Security: Emerging Organizational, Ethical,
and Human Issues‖ , IGI Global:USA. Petković, M. and Jonker, W.
(2007) ―Security, Privacy and Trust in Modern Data Management‖,
Springer.
• Wang, H., (2011), ―Protecting Privacy in China‖, Springer.
e-Government Lifelong 51

52. Session End
PalGov © 2011 52