Data privacy
Information assets that contain personal details of people are classified as private or personal data. In other words, disclosure of personal data to third parties without the consent of the data owner is a breach of privacy requirements of such assets. The data owner is the individual associated with that data. The contents of data that can uniquely identify a person or group of persons is called Personally Identifiable Information (PII). There are legal and regulatory requirements that pertain to the collection, storage, transmission, disclosure, retention, and destruction of personal information. References and online links to such requirements are provided in Chapter 5, Day 5 – Exam Cram and Practice Questions, of this book.
In information security, the requirement for data privacy is to share personal data in a secure manner to third parties depending on the need and as required. This requirement is to ensure that PII is not disclosed to unauthorized entities...