Privacy and Information Assurance
Key Takeaways
- Privacy governs appropriate collection, use, retention, sharing, and protection of personal information, not just keeping attackers out.
- Information assurance is broader than secrecy: it covers confidence in confidentiality, integrity, availability, authenticity, and non-repudiation.
- Data classification (public, internal, confidential, restricted) drives handling rules that match sensitivity and value.
- Minimization, purpose limitation, and need-to-know reduce privacy risk BEFORE an incident occurs.
- In CC scenarios, beginners report privacy concerns through the approved process rather than making legal or notification decisions alone.
Privacy Is a Security Responsibility
Privacy is the appropriate handling of personal information. Security controls protect that information, but privacy is broader than keeping attackers out. An organization can create privacy risk by collecting too much data, keeping it too long, sharing it with the wrong party, using it for an unexpected purpose, or skipping required notices and consent.
Personally identifiable information (PII) can include names, addresses, email addresses, government identifiers, financial records, biometric data, precise location, and account activity, anything that identifies or can reasonably be linked to a person. A special subset, sometimes called sensitive PII or protected health information (PHI) under health rules, carries stricter handling. CC candidates are not lawyers, but they must recognize when data needs careful handling and escalation. Regulations the exam may reference at an awareness level include the EU General Data Protection Regulation (GDPR) and the U.S.
Health Insurance Portability and Accountability Act (HIPAA).
Privacy Principles in Beginner Language
| Principle | Practical meaning |
|---|---|
| Minimization | Collect only what an approved purpose needs |
| Purpose limitation | Use data only for the reason it was collected |
| Need-to-know | Grant access only to roles that require it |
| Retention limits | Do not keep data longer than required |
| Secure disposal | Destroy data safely when retention ends |
| Transparency | Honor notice, policy, and consent requirements |
Information Assurance
Information assurance is the discipline of maintaining confidence in information and systems. It extends CIA with two further goals the CC exam highlights: authenticity and non-repudiation. Think of it as the broad assurance that information can be protected, trusted, reached by authorized users, traced to the right source, and backed by evidence.
| Assurance goal | Example |
|---|---|
| Confidentiality | Only approved HR staff can view salary data |
| Integrity | A signed update package has not been altered |
| Availability | A backup restores a critical file after deletion |
| Authenticity | A user or system is genuinely who it claims to be |
| Non-repudiation | A signed transaction has provable origin |
Classification and Handling
Data classification labels information so handling rules match sensitivity. A public press release does not need the same protection as employee tax forms. Common government labels are Top Secret, Secret, Confidential, and Unclassified; common commercial labels are public, internal, confidential, and restricted. Names vary, but the exam logic is constant: the more sensitive the label, the stronger the required access control, encryption, sharing limits, retention discipline, and disposal method. Classification is normally assigned by the data owner, while a data custodian carries out the day-to-day protection.
Scenario: The Helpful Spreadsheet
A customer-support supervisor exports a spreadsheet of customer names, phone numbers, ticket notes, and partial account identifiers. They want to email it to a vendor from a personal account because the approved file-sharing portal is temporarily down.
The risks stack up: the file holds PII, personal email is not an approved channel, and the vendor may not have a need-to-know for every column. The correct beginner response is to stop the unsafe transfer, use the approved process, send only the columns the vendor genuinely needs (minimization), and escalate the portal outage if it is blocking business.
Never improvise legal advice in a CC scenario. If the question asks what to do after PII was sent to the wrong recipient, report it through the incident or privacy process with the facts. Authorized roles, not a beginner, decide notification, regulatory, and contractual steps.
Practical Exam Clues
| If the question says... | Think about... |
|---|---|
| "minimum necessary," "approved purpose" | Minimization, purpose limitation |
| "personal data," "consent," "retention" | Privacy principles and PII handling |
| "label," "sensitivity," "handling rules" | Data classification |
| "came from the sender and was not altered" | Authenticity, integrity, non-repudiation |
Read the clue before grabbing a familiar control. Privacy questions reward process discipline and least exposure, not the flashiest technology.
Roles, Retention, and Disposal Detail
The CC exam expects you to distinguish a few data-governance roles, because scenarios hinge on who is allowed to decide what.
| Role | Responsibility |
|---|---|
| Data owner | Sets classification and approves access (accountable) |
| Data custodian | Implements and maintains the protections (operational) |
| Data processor | Handles data on the owner's behalf, per instructions |
| Data subject | The individual the personal data describes |
Retention and disposal are tested literally. Keeping data past its retention schedule is a privacy and liability risk, not a safety margin, so "keep everything forever just in case" is a wrong answer. Disposal method must match sensitivity: routine deletion is fine for public data, but restricted media may require degaussing (erasing magnetic media with a strong field), cryptographic erasure (destroying the key so encrypted data is unrecoverable), or physical destruction such as shredding drives. Simply moving a file to the trash or reformatting a disk does not reliably remove sensitive data, a frequent exam distractor.
Finally, separate privacy from confidentiality on the exam. Confidentiality is a CIA goal about preventing unauthorized access; privacy is a governance discipline about whether the organization should have collected, kept, or shared the data at all. You can fully protect data from outsiders (strong confidentiality) and still create a privacy violation by using it for an unapproved purpose. When a scenario describes data that is well-secured but used or retained inappropriately, the answer is a privacy principle, not an access control.
A team wants to collect customers' birth dates even though the service does not need them. Which privacy principle is most relevant?
Match each concept to its practical meaning.
Match each item on the left with the correct item on the right
Which items are commonly part of information assurance? Select all that apply.
Select all that apply