| Data Privacy |
|
KHA’s Data Privacy cell will establish common processes, standards
and guidelines to use protect and share information through
physical, technical and organizational controls thereby assuring the
privacy, reliability and availability of data and systems.
When determining the amount of protection for a particular set of
information, each of the
three aspects of information (privacy,
reliability and accessibility) need to be considered
independently because they are not related, and each is important
for different reasons. Each aspect needs to be determined separately
in order to select and apply appropriate protective controls. Privacy, Reliability and availability are important for different reasons – the importance of one aspect has no bearing on the importance of the others. Based on the degree of negative impact from the loss of these factors the appropriate set of controls for the information can be determined. |
| Privacy |
|
Privacy requirements are based on sensitivity. The sensitivity of
information is determined by assessing the value, risk and potential
degree of negative impact that may occur as a result of loss of
confidentiality (e.g., unauthorized disclosure) of information.
Negative impact includes the potential harm, damage or other adverse
impact that might occur to the company’s competitive position,
reputation, bottom line, and/or the ability to stay in business.
This assessment results in the assignment of a sensitivity level of
high, medium or low to the information. |
| Reliability |
|
Compliance with KHA’s standard business processes, configuration
management, policies, procedures and standards is generally
sufficient to ensure that appropriate protections are in place to
preserve the integrity of information. |
| Availability |
|
The degree to which KHA depends on the availability of the
information for its continuing operations is the basis for
determining when additional or special availability controls are
required. It’s responsible for ensuring appropriate management of the privacy and security risks associated with the collection, use, protection, retention, disclosure and disposal of the Information of employees, partners and customers. Data Privacy cell will create and maintain the policies and processes to appropriately control personal information and ensure compliance with the organization standards. |
| Types of Information |
| Personnel Information |
|
Personal information that could cause significant harm to an
individual or to the company if isn’t properly protected, is not
collected for a lawful purpose or is lost or disclosed to
unauthorized persons.
Sensitive information includes data that can be used to commit fraud
or identity theft, as well as information that has been specifically
designated as sensitive by applicable laws and regulations. |
| Proprietary Information |
|
Specific to KHA and it can be KHA’s information or any third party
information that KHA has the obligation to protect. |
| Export Controlled Information |
|
Any information related to technology (including technical data and
processes), hardware or products, software, and services subject to
export and import laws in force around the world and/or in the |
| Classified or Non-Classified Information |
|
Any information required to be protected as such by laws in force in
the |
| Key Functions |
| Some of the Key functions include: |
|
| Access Control Policy (.doc) |
© 2009 CMU/Boeing Class - all rights reserved