Enhanced Privacy and Security Assessments

Enhanced privacy and security assessment

In the digital age, safeguarding personal information within data systems is crucial. With data incidents becoming more complex and frequent, it’s increasingly urgent to enhance security and privacy safeguards for Integrated Data Systems (IDS). Our focus extends beyond traditional security assessments focused on external actors; we prioritize the protection of individual privacy within integrated data systems.

Secure does not equal private

DISC’s enhanced privacy and security assessments examine the intersection of privacy and security. Traditional security reviews, while essential, often fall short. They typically focus on defending against external attacks and may overlook nuances in security or privacy to fully protect the privacy of individuals whose data are in these systems.

Ensuring that a data system and the specific data within it are protected from unauthorized access.

Enhanced reviews that supplement basic security checks including:

  • Alignment with legal frameworks
  • Review of potential human errors

Annual reviews for select IDSs at no cost, providing an improvement roadmap.

Ensuring that the identity of individuals represented by the information in a data system are protected.

Curate resources tailored to your IDS needs, free from membership or political bias.

Refine policies and procedures for researcher access, disclosure avoidance, and privacy training.

Develop and enhance your data governance program.

Negotiate system features with key partners.

As technology evolves, system modernization relies on advice that’s not only actionable but also tailored to the unique needs of your integrated data system. Our enhanced privacy and security assessments ensure that your IDS addresses both security and privacy risks as it moves forward.

DISC’s enhanced privacy and security assessments examine these IDS aspects to ensure privacy and security:

  • alignment to legal framework and structuring documents
  • privacy and security training
  • modern technology and controls to manage human error

Identify current policy maturity levels while driving alignment to decisions

Validate that your policies and procedures reflect contemporary protective measures and best practices to ensure your IDS’s safeguards.

Provide Independent evidence to address identified risks

Provide independent, external validation from previously identified assessments and corroborate appropriate mitigation steps.

Reduced burden on your people and your budget

Justify modernization efforts guided by state-specific initiatives and ensure your IDS has the necessary resources to properly protect and secure data.

Future-focused vision that supplements mandated security reviews

Demonstrate how strategic updates and improvements to your IDS can boost efficiency and strengthen security and privacy controls, beyond what standard security reviews might suggest.

Common recommendations from DISC’s Enhanced Privacy and Security Assessments aim to provide an IDS with actionable information to secure and modernize their system. These are the types of report recommendations you can expect from DISC’s Enhanced Privacy and Security Assessment.

DISC advises developing updated legal agreements with your governing board to ensure alignment with current U.S. Department of Labor requirements.

To increase transparency of your IDS, DISC recommends articulating clear cases for proper and improper use of IDS data aligned with state privacy requirements and guidelines approved by the governance advisory board.

Modernize your IDS’s data linking and matching processes to reduce data quality errors and streamline fulfillment of data requests. Consider modern privacy enhancing technologies like secure enclaves to ensure auditability and compliance with regulatory requirements.

Because of misrouted information associated with the current data movement within your system, DISC recommends that your agency establish an automated, auditable workflow to transfer data between partner agencies.

After a review of your researcher access procedures, DISC has determined that your legal framework and data sharing procedures do not meet the minimum requirements set in the 2011 FERPA regulatory changes. DISC recommends that your IDS reconcile data sharing agreements with participating education agencies to be consistent with the 2011 FERPA changes.