Page 154 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 154
personal or confidential
Freedom from being observed, monitored, or examined without
consent or knowledge
A concept that comes up frequently in discussions of
privacy is personally identifiable information (PII). PII is any data
item that can be easily and/or obviously traced back to the person
of origin or concern. A phone number, email address, mailing
address, social security number, and name are all PII. A MAC
address, Internet Protocol (IP) address, OS type, favorite vacation
spot, name of high school mascot, and so forth are not typically
considered to be PII. However, that is not a universally true
statement. In Germany and other member countries of the
European Union (EU), IP addresses and MAC addresses are
considered PII in some situations (see
https://www.whitecase.com/publications/alert/court-confirms-ip-
addresses-are-personal-data-some-cases).
When addressing privacy in the realm of IT, there is usually a
balancing act between individual rights and the rights or activities of
an organization. Some claim that individuals have the right to control
whether information can be collected about them and what can be
done with it. Others claim that any activity performed in public view—
such as most activities performed over the LC internet or activities
performed on company equipment—can be monitored without
knowledge of or permission from the individuals being watched and
that the information gathered from such monitoring can be used for
whatever purposes an organization deems appropriate or desirable.
Protecting individuals from unwanted observation, direct marketing,
and disclosure of private, personal, or confidential details is usually
considered a worthy effort. However, some organizations profess that
demographic studies, information gleaning, and focused marketing
improve business models, reduce advertising waste, and save money
for all parties.
