refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be directly ascertained by the entity holding the information

concerns the collection and use of data about individuals.

relates to the responsibility of those who collect data to ensure that the data is correct.

relates to who owns the data.

relates to the responsibility of those who have data to control who can use that data.

is a part of the data protection area that deals with the proper handling of data, with the focus on compliance with data protection regulations.

includes a set of standards and different safeguards and measures that an organization is taking to prevent any third party from unauthorized access to digital data or any intentional or unintentional alteration, deletion, or data disclosure.

an unauthorized or unintentional disclosure of confidential information.

the stealing of data or confidential information by electronic means, including ransomware and hacking.

is a model designed to guide an organization’s policies on information security. The elements of the triad are considered the three most crucial components of security. The following are the three (3) elements of data security.

ensures that data is accessed only by authorized individuals.

ensures that information is reliable as well as accurate; and

ensures that data is both available and accessible to satisfy business needs.

Right of an individual to be left alone and have control over their data o Procedures for proper handling, processing, collecting, and sharing of personal data o Compliance with data protection laws

the process of ingesting, storing, organizing, and maintaining the data created and collected by an organization.

Information privacy is considered an important aspect of information sharing. With the advancement of the digital age, personal information vulnerabilities have increased

All personal data shared over the Internet is subject to privacy issues. Most websites publish a privacy policy that details the website's intended use of collected online and/or offline collected data.

Financial information is particularly sensitive, as it may easily use to commit online and/or offline fraud

All medical records are subject to stringent laws that address user access privileges. By law, security and authentication systems are often required for individuals that process and store medical records.

is information that can be used to distinguish or trace an individual’s identity, such as: o Information about birth, race, religion, weight, activities, geographic indicators, employment information, medical information, education information, and financial information; o Personal characteristics, including photographic images, x-rays, fingerprints, or biometric image; and o Asset information, such as Internet Protocol (IP) or media access control (MAC) address or other host- specific persistent static identifier that consistently links to a particular person or a small, well-defined group of people.

In dealing with the privacy of PII, two (2) new concepts have emerged: privacy by design (PbD) and privacy engineering. • The goal of ___________ is to take privacy requirements into account throughout the system development process, from the conception of a new IT system through detailed system design, implementation, and operation.

These are system requirements that have privacy relevance.

PbD is an approach that anticipates privacy issues and seeks to prevent problems before they arise

This principle requires an organization to ensure that it only processes the data that is necessary to achieve its specific purpose and that PII is protected during collection, storage, use, and transmission.

Privacy protections should be core, organic functions, not added on after a design is complete.

Designers should seek solutions that avoid requiring a trade-off between privacy and system functionality or between privacy and security.

This principle encompasses two concepts. The terms end-to-end and life cycle refer to the protection of PII from the time of collection through retention and destruction. During this life cycle, there should be no gaps in the protection of the data or accountability for the data. The term security highlights that security processes and controls are used to provide not just security but privacy

PbD seeks to assure users and other stakeholders that privacy-related business practices and technical controls are operating according to state commitments and objectives.

The organization must view privacy as primarily being characterized by personal control and free choice.

The objective of a ___________________ is to enable organization executives to determine an appropriate budget for privacy and, within that budget, implement the privacy controls that optimize the level of protection.

are safeguards or countermeasures prescribed for an information system or an organization that are designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements

involves taking account of privacy during the entire life cycle of ICT (information and communications technology) systems

is an expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result

includes a disciplined, structured, and flexible process for organizational asset valuation; security and privacy control selection, implementation, and assessment; system and control authorizations; and continuous monitoring. Risk management is an iterative process,

are system requirements that have privacy relevance. System privacy requirements define the protection capabilities provided by the system, the performance and behavioral characteristics exhibited by the system, and the evidence used to determine that the system privacy requirements have been satisfied. Privacy requirements are derived from various sources, including laws, regulations, standards, and stakeholder expectations.

is an analysis of how information is handled: to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy;

focus on the types of capabilities the system needs to demonstrate the implementation of an organization’s privacy policies and system privacy requirements.

name of this layer?

name of this layer ?

what model is this?

which side circle is the privacy?

which side is security?