User Tools

Site Tools


Sidebar

Welcome to DIDO WIKI

dido:public:ra:1.4_req:2_nonfunc:25_security:confidentiality

4.3.4.1 Confidentiality

About

Confidentiality is usually covered by the use of a Confidentiality Agreement or Non-Disclosure Agreement (NDA), which defines a set of rules or a promise limiting access or places restrictions on certain types of information. Areas that have legal agreements covering confidentiality are:

  • Legal Confidentiality
  • Medical Confidentiality
  • Clinical and Counseling Psychology
  • Commercial Confidentiality
  • Banking Confidentiality
  • Public Policy Concerns
  • Religious Confidentiality

As a rule of thumb, it is best to treat all Personal Identifiable Information (PII) as confidential and to secure it (i.e., require authentication both to access the data and log access to the data).

The US National Institute of Standards and Technology (NIST) describe the kinds of data that should be treated as PII1) as:

  • Name, such as full name, maiden name, mother‘s maiden name, or alias
  • Personal Identification Number (PIN), such as:
    • Social security number (SSN),
    • Passport number,
    • Driver‘s license number,
    • Taxpayer identification number,
    • Patient identification number,
    • Financial account number, and
    • Credit card number

NIST also identifies information which potentially can be used to identify people:

  • Address information, such as street address or email address
  • Asset information, such as Internet Protocol (IP) or Media Access Control (MAC) address or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people
  • Telephone numbers, including mobile, business, and personal numbers
  • Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, or other Biometric image or template data (e.g., retina scan, voice signature, facial geometry)
  • Information identifying personally owned property, such as vehicle registration number or title number and related information
  • Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators, employment information, medical information, education information, financial information).

DIDO Specifics

Return to Top

To be added/expanded in future revisions of the DIDO RA
1)
Erika McCallister Tim Grance and Karen Scarfone, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), Special Publication 800-122, April 2010, Accessed on 13 August 2020, https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf
dido/public/ra/1.4_req/2_nonfunc/25_security/confidentiality.txt · Last modified: 2021/08/06 13:59 by murphy
Translations of this page: