Founder of gtmars.com & plan2trip.com. Sharing knowledge in the digital world about Cybersecurity
★ In this article we will learn about how Personally identifiable information (PII) should be Identified, collected, analyzed, used, and PII/SPII handled on different projects of the Department of Homeland Security (DHS).
★ Today, many government organizations have been looking for a cloud computing solution to fulfill their IT requirements. At present, all sizes of the Organizations are increasingly adopting cloud computing-based solutions to drive core business value. That’s mainly because the cloud computing benefits are many, including enhanced flexibility and scalability, resource provisioning, and reduce total
The DHS Cloud Approach:
★ Cost of ownership (TCO), Time consuming, and time-to-market. Likewise, government organizations in the developed and developing countries' put government “cloud-first” approach to persuade the service departments and agencies to adopt the cloud-based solutions to support and centralize information sharing across the organization is the scalable, secure, and most cost-effective way. Due to the technology acceleration in the cloud industry, the traditional approach has been changed over the decades. Government departments are focused on core competencies while transferring IT services to external providers has also boosted the demand for cloud computing in the industry. As a result, the cloud has changed the way that IT services are sourced, delivered, and are driving business value.
★ The Department of Homeland Security (DHS), collects, records, use, Personally Identifiable Information (PII), from U.S citizens, Permanent Residents (PR), Public employees, service contractors, agency, and visitors (Tourist. The DHS obligated by congress and law to protect the PII of every people who reside in the U.S territory to prevent privacy, security, and sovereignty.
★ The PII exercised to handle how the data should be collected which increased the risk of harm if it is getting compromised. In DHS majority of the privacy incidents and incident response are accidental. So, the DHS introduced serious guidelines to prevent further incidents in the future. The specific DHS policy and regulations were inherited according to the sensitivity of the information of handling.
Why is it important?
★ The PII and SPII information is much more important to ensure adequate compliance and requirements to meet the privacy Act. If any private and public personal mishandle information of its customer and citizens can cause serious harm to the reputation.
Federal Statutes: A law that has been formally approved and written down in congress.
★ In recent years, risk and threats posed to an individual PII. The PII contains information that permits the identity of each and every individual lawful citizen directly or indirectly inferred. DHS should incorporate reasonable steps to identify, protect, collect, use, misuse, data loss, data theft, unauthorized access, data modification, data leak, and data disclosure. The guidelines focused on how the data is accessed such as data elements, SSN, non-immigration data, Health records, ethnic & religious data, internet data, and lifestyle information in conjunction with the identity of PII.
PII and SPII security:
★ When the DHS agency determines the overall sensitivity of the PII, how agencies should evaluate the data sensitivity, data classification, data labeling according to the sensitivity level of each data element. For instance, the data in the table defined the sensitivity approach on the data, level of required privacy, security, to the PII, and SPII. It helps to identify the particular individual or a group of individuals based on the reasonably identifiable data circumstances.
The information lifecycle:
★ The DHS and other federal agency’s follow the information protection lifecycle of Personally identifiable information (PII) through the lifecycle elements.
★ Federal agencies should aware of the data collection process on when, where, how the data are collected (online/offline), and how to hold it. As I said earlier, the PII/SPII data can be static or dynamic based on the data circumstances such as data at rest, data on transit, processing center, data stored on third party centers, or data destruction.
Factors affecting successful assessment:
★ If agencies did not take reasonable measures to ensure the security of the data it may affect these factors.
(i) Nature of your entity
(ii) Amount of data sensitivity
(iii) Consequences of data breaches
(iv) Security implications, and
(v) Data Privacy
★ Steps and strategies:
Appropriate security measures to take and consider while collecting the PII data.
Fair Information Practice Principles (FIPP):
★ The DHS defined 8 FIPP principles to enhance the information principles of the Agency's privacy, compliance, policies, and procedures governing the collection of PII and SPII to fulfill DHS’s vision & mission.
Why else we Need to Know:
★ The United States privacy Act authorizes the agency personally to protect and use the PII to fulfill their job responsibilities for necessary, purposes, and mission needs. It allows agency to agency to use, disclose, and protect the data according to the 552a(b)(1).
★ In the privacy Act, few information disclosures are not covered for general personal, few disclosures require security clearance to access certain information. To access the data you should inquiry about the officials of the supervisor to determine the PII/SPII.
Note: DHS important job: To secure the nation from the many threats we face!!!
The contents in this article do not use any images of a DHS nor introduced, modified DHS policies on data collection. It is solely represented the DHS privacy and standards on data collection of the US, non-residents, and visitors to the United States.
Quote of the day: 井の中の蛙、大海を知らず(I no naka no kawazu, taikai wo sirazu)
Explanation: A frog in a well never knows the vast ocean
Thanks for reading!
Have a pleasant day!
Previously published on Medium's subdomain
Create your free account to unlock your custom reading experience.