Enhanced privacy and security assessment
In the digital age, safeguarding personal information within data systems is crucial. With data incidents becoming more complex and frequent, it’s increasingly urgent to enhance security and privacy safeguards for Integrated Data Systems (IDS). Our focus extends beyond traditional security assessments focused on external actors; we prioritize the protection of individual privacy within integrated data systems.
Secure does not equal private
DISC’s enhanced privacy and security assessments examine the intersection of privacy and security. Traditional security reviews, while essential, often fall short. They typically focus on defending against external attacks and may overlook nuances in security or privacy to fully protect the privacy of individuals whose data are in these systems.
What is the difference between security and privacy?
Security
Ensuring that a data system and the specific data within it are protected from unauthorized access.
Enhanced reviews that supplement basic security checks including:
- Alignment with legal frameworks
- Review of potential human errors
Annual reviews for select IDSs at no cost, providing an improvement roadmap.
Privacy
Ensuring that the identity of individuals represented by the information in a data system are protected.
Curate resources tailored to your IDS needs, free from membership or political bias.
Refine policies and procedures for researcher access, disclosure avoidance, and privacy training.
Develop and enhance your data governance program.
Negotiate system features with key partners.
Get access to expert help with little to no cost.
Actionable advice that’s up-to-date and state-specific
As technology evolves, system modernization relies on advice that’s not only actionable but also tailored to the unique needs of your integrated data system. Our enhanced privacy and security assessments ensure that your IDS addresses both security and privacy risks as it moves forward.
DISC’s enhanced privacy and security assessments examine these IDS aspects to ensure privacy and security:
- alignment to legal framework and structuring documents
- privacy and security training
- modern technology and controls to manage human error
Leverage our expertise to validate your operations, mitigate risks, justify your strategies, and modernize your approach.
How to reduce risk and build a modernized, private, and secure IDS
Common recommendations from DISC’s Enhanced Privacy and Security Assessments aim to provide an IDS with actionable information to secure and modernize their system. These are the types of report recommendations you can expect from DISC’s Enhanced Privacy and Security Assessment.
Align decision makers
DISC advises developing updated legal agreements with your governing board to ensure alignment with current U.S. Department of Labor requirements.
Clarify system visibility
To increase transparency of your IDS, DISC recommends articulating clear cases for proper and improper use of IDS data aligned with state privacy requirements and guidelines approved by the governance advisory board.
Simplify processes
Modernize your IDS’s data linking and matching processes to reduce data quality errors and streamline fulfillment of data requests. Consider modern privacy enhancing technologies like secure enclaves to ensure auditability and compliance with regulatory requirements.
Automate basic tasks
Because of misrouted information associated with the current data movement within your system, DISC recommends that your agency establish an automated, auditable workflow to transfer data between partner agencies.
Comply with regulations
After a review of your researcher access procedures, DISC has determined that your legal framework and data sharing procedures do not meet the minimum requirements set in the 2011 FERPA regulatory changes. DISC recommends that your IDS reconcile data sharing agreements with participating education agencies to be consistent with the 2011 FERPA changes.