Add enumeration for type of data to capture Sensitive Personal Information #437
Comments
|
(also if we add the new enumeration, should we create a hierarchy with personal information at the top and sensitive personal information and another new enumeration for the email/ssn/etc as the other. This helps manage the historical aspect as well as where they type of personal information is unclear And if we make 'personal' hierarchical, should all the other things that include personal information (medical, financial, etc) be children as well? (of course that then makes a different mess of the historical data as 'personal' is now very hierarchical and not clear if it's known or not if things like financial were unknown or known not to be included) |
|
Sensitive Personal Information (Data not meant to be publicly available that impacts a person's livelihood, quality of life, and ability to participate in daily activities such as SSNs or other National ID) - Dave will suggest tweaks Common Person Information (Information that is uniquely identifiable but widely known/knowable) We will rename "Personal" data to "Common Personal Information" and add "Sensitive Personal Information". |
Issue: currently Personal data is leveraged as a catch all data type that incorporates things like Email addresses, SSN numbers and even contextually sensitive things (Like political refugee location and confidential informant names) in one bucket. This sorta limits our way of separating data breaches that are mildly impactful (compromise of an email address used to register on a manga reading app) and breaches that can be significantly impactful.
Solution: Propose the creation of a a new enumeration, "Sensitive Personal Information: data that if compromised could cause harm to the individual, such as SSNs, location of political refugees and confidential informants for reporters"
The text was updated successfully, but these errors were encountered: