Confidentiality level
Data that is considered as PII is any information that can be used to identify a person. The commonly stored data include social security numbers, email addresses, and phone numbers. The data is used to link the individual to the systems for easy identification. The NIST provides guidelines used in protecting PII. It provides guidance based on technical and context to evaluate PII and measure the level of protection needed for each instance of PII. The document also states the possible safeguards that are required to offer maximum levels of protection for PII and recommends a plan used to respond to breaches associated with PII. The factors included when determining the impact level of NIST on protecting PII is the accuracy required for fair information practices applied on PII. The accuracy level of the PII ensures its complete protection from any alteration by unauthorized personnel. Another factor used to determine the impact level of NIST is the confidentiality level of the PII. Confidentiality level helps in establishing the additional protection standards needed to be implemented.
The privacy safeguards considered to protect PII include minimizing the use, collection, and retention of PII. Reducing the use of PII safeguards possible alteration of the kept information, collecting should only be made when there is a need to meet the specific business purpose and organizational missions. The organization should maintain the collected data to re-use again if it is still relevant to be used, and if it is no longer useful should be destroyed to reduce risks of a breach to unauthorized individuals. Also, the organization should carry out privacy impacts assessment to mitigate risks that may invade the privacy of the data stored. Another safeguard considered is the risk that may occur from de-identifying information. The organization ensures that records that have had enough PII removed should no longer be used to identify individual anymore. PIA is required to complete the upgrade since it helps in mitigating the privacy risks that may affect the confidentiality of PII. After upgrading the test data, it is advisable to backup and reinstalls it to make it available for the next upgrade to be performed.