The security principle requires that agencies must protect data under their stewardship with reasonable measures to prevent loss, unauthorized access, or disclosure. Determining which security measures are reasonable will vary depending on the data collection methods, data types, and other variables. Agencies should assess their specific situation, and conduct security assessments to determine which practices are reasonable and appropriate. The use of appropriate security safeguards to provide necessary privacy protection includes:
- Physical measures: restricting access to technology system hardware and software systems
- Technological tools: passwords, encryption, firewalls
- Organizational controls: limiting access, staff training, agreements with subcontractors and consultants.
The security policy should also include a procedure for dealing with a potential data breach in which PII data are disclosed. Individuals or firms whose data have been disclosed must be notified if the disclosure exposes them to some risk and steps should be taken to protect against that risk. The International Organization for Standardization (ISO) 27001 is a recognized information security standard upon which a thorough security policy can be based. It comprises information security standards published jointly by ISO and the International Electrotechnical Commission and provides best practice recommendations on information security management, risks and controls within the context of an overall information security management system (ISMS), similar in design to management systems for quality assurance (the ISO 9000 series) and environmental protection (the ISO 14000 series). It is applicable to organizations of all and sizes and encourages them to assess their information security risks, then implement appropriate information security controls according to their needs, using the guidance and suggestions where relevant. Given the dynamic nature of information security, the ISMS concept incorporates continuous feedback and improvement activities, summarized by Deming’s “plan-do-check-act” approach, that seek to address changes in the threats, vulnerabilities or impacts of information security incidents. Perhaps the most common method is the use of role and credential-based security. This practice entails agencies granting access to sensitive data only to members of the staff that need the access, and restricting this access through computerized credentials. For example, an individual that needs access to sensitive information would be granted rights through his or her computer log-in information, while individuals whose jobs did not require it would not be granted such access. The application of technological controls, like encryption, is a much less typical practice.
The Transportation Analysis and Simulation System (TRANSIMS), illustrates a selectively open access environment (Brecher et al, 2012). TRANSIMS is an integrated set of tools that were identified to conduct regional transportation system analyses. In this system, an open source community has been developed into an independent and self-governing collaboration of TRANSIM users, researchers and developers. A web-based infrastructure provides access to TRANSIMS core assets (software, data sets and documentation) and supports community interaction. Members collaborate by sharing code, enhanced documentation and submitting proven data sets back into a public clearinghouse. Access controls adopted by the allowed members to conduct regional transportation system analyses.
- Does your agency collect information that should not be released publically, like PII or sensitive information?
- Does your agency have security protocols in place for each data set that protect against loss or unauthorized access?
- Will individuals or firms be harmed if information collected by your agency is not properly protected from loss?
- If a data breach occurs, does your agency have procedures in place for timely notification of affected individuals/commercial firms relating to a potential data breach?
Answering these questions can help your agency understand if the principle of security applies to your data collection and use activity, and identify possible actions or tools to aid implementation. If answers to any of these questions are “yes,” then the principle of security could apply to your agency.