Data Security Compliance Training Module
Learn essential data security principles and test your knowledge to ensure compliance.
What is Sensitive Data?
Sensitive data, including Personally Identifiable Information (PII) and Protected Health Information (PHI), is any information that could be used to identify a specific individual. Unauthorized disclosure could result in harm to the individual and legal penalties for the organization.
- Examples of PII: Full name, Social Security number, driver's license number, financial account numbers, email address.
- Examples of PHI: Medical records, health insurance information, any data covered under HIPAA in the USA.
Key Security Principles
- Confidentiality: Ensuring that data is accessible only to authorized individuals.
- Integrity: Maintaining the accuracy and completeness of data throughout its lifecycle.
- Availability: Ensuring that data is accessible and usable upon demand by an authorized user.
Common Threats & Best Practices
Phishing: Fraudulent emails disguised as legitimate messages to trick you into revealing sensitive information. Best Practice: Never click on suspicious links or download attachments from unknown senders. Verify the sender's email address.
Weak Passwords: Easy-to-guess passwords are a primary vector for unauthorized access. Best Practice: Use strong, unique passwords for each system. A password manager is highly recommended. Enable Two-Factor Authentication (2FA) wherever possible.
Physical Security: Leaving devices or documents unattended can lead to data breaches. Best Practice: Lock your screen when you step away from your computer. Store physical documents securely and dispose of them properly using a shredder.