OK, so having an episode of old-timers today. What is the proper term for a set of data that collectively constitutes PII? For example, the individual data points alone are not PII, but collectively, provide a picture that is "linkable" to an individual? PII that is derived from the sum of non-PII data.
I found this in NIST SP 800-122
"PII data composed of individuals‘ names, fingerprints, or SSNs uniquely and directly identify individuals,
whereas PII data composed of individuals‘ ZIP codes and dates of birth can indirectly identify individuals
or can significantly narrow large datasets"
I didn't find anything specifically to what you're after but somebody else might find it.
Hi there, @tmekelburg1 the answer I gave about data aggregation and derived PII is based on personal experience. I'm pretty sure that was the term my new friends @CV_SEC were looking for. I was just trying to update my CPE's and then I saw the message board and was like oh he's trying to think of Aggregate LOL.
The best relatable I can think of is the Cambridge Analytica data analytics. They took individual data points for use with influencing outcomes specified by the Cambridge Analytica customers. Recommend the Netflix documentary The Great Hack for the details about methods, and techniques.
There is a case to be made that data in aggregate has a higher "value" than independent data points. Is there a correlation in value / sensitivity? In the late 1990's Netscape (the web browser company) was among the first to monetize data about a customer. They could charge something like $50 for a collection of data points aggregated with a high degree of confidence that those individual data points when taken in aggregate form a whole person.
The invented term PII is arguable treated as more sensitive data than traditional sensitive data types. So...back to the original question about Derived PII. While not an answer to a test question exactly I would like to hear other thoughts about the subject matter.
@tmekelburg1 you made reference to inference attacks in databases and I think that hits the mark accurately. I'm not sure if this message board is designed to help people study and pass exams or if it's intended to share real world experience and examples.
I'm not sure if this message board is designed to help people study and pass exams or if it's intended to share real world experience and examples.
I like to think of this place as a way to 'aggregate' theory with real world experience and examples. Also, Welcome! Stick around and share occasionally.