Welcome to “Security and Information Privacy.” After watching this video, you will be able to define intellectual property, explain how to turn data into information, and list the different types of confidential information. An information asset is information or data that is of value. Examples include patient records, customer information, and intellectual property. Information assets can exist physically, on paper, disks, or other media, or they can exist electronically in databases and files. Data analytics is when raw data like values or facts are used to create meaningful information. Data is the raw values and facts, usually collected by automated systems. For example, page visits, link clicks, monthly sales. Information is a summary of the raw data. For example, positive or negative results that happen after some specific change. Insights are conclusions based on the results of information analysis. Meaningful business decisions are based on insights. For example, If a positive trend occurs after store hours are changed, the right business decision would be to maintain those new hours. Intellectual property (or IP) refers to creations of the mind and generally are not tangible. It's often protected by copyright, trademark, and patent law. Industrial designs, trade secrets, and research discoveries are all examples of IP. Even some employee knowledge is considered intellectual property. Companies use a legally binding document called a Non-Disclosure Agreement (or an NDA) to prevent the sharing of sensitive information. Digital products are non-tangible assets a company owns. Examples include software, online music, online courses, e-Books or audiobooks, and web elements like WordPress or Shopify themes. A company must protect digital products from piracy and reverse-engineering. Source codes, licenses, and activation keys also need protection from hackers and insider threats. Digital Rights Management, or DRM, is code added directly to files that helps prevent digital assets from being copied or pirated, but there are tools that can remove DRM code. The Digital Millennium Copyright Act, or DMCA, makes it illegal to bypass copy protections or to develop technology that helps bypass copy protections. Data-driven business decisions help companies respond to real events. For example, sales and marketing data helps identify trends and customer interests. And production and fulfilment data helps identify productivity issues in areas like manufacturing, billing systems, transportation, and more. Getting the right information is key to data-driven business decisions. Data capture is the collection of data from multiple sources and storing the secure storage of it securely in relational databases, or more commonly semi-structured data warehouses. Data may be captured by: Server logs showing where customers browse, IoT sensors in home appliances and business technology, customer and employee surveys or rating systems. Data correlation is when raw data points are analyzed to find connections or links. For example, Netflix uses tools that compare searches, views, and ratings so they can predict which movies and shows will be successful on their platform. AI and machine learning algorithms automate parts of the analysis. Meaningful reporting is the presentation of analyzed information in ways that help people further analyze and interpret. Reporting tools use captured and correlated data to provide charts, keyword search, and graphs that help companies achieve business insights. Confidential information is information that must be kept secret. Employees are trained to recognize and deal with confidential information so that it remains secure. Companies rank information and files by how sensitive each one is. Each company ranks their information differently, but there are four main types of confidential information that should be universally protected: Personally Identifiable Information (PII) is any information that can be used to identify someone, like government ID numbers, birthdates, addresses, and phone numbers. Company Confidential information is any information that is used to run a company, like intellectual property, product designs, procedures, plans, employee records, and financial data. Customer Confidential Information is information customers or partners provide to companies, which includes PII and also things like purchase histories, credit card information, Protected Health Information (PHI) is any information added to a person’s medical record during diagnosis or treatment that can be used to identify them, like PII, medical history, prescription lists, photos, and more. Examples of careless data handing include things like entering a customer’s credit card information into an unencrypted database, leaving a patient’s medical file unattended at the front desk, or letting a work friend borrow your password to download files because they forgot theirs. Properly handling confidentiality means restricting access to only those who need the information, not allowing unauthorized views or copies, storing information securely with encryption, firewalls, permissions, and more, destroying any file copies that are no longer needed—not just discarding them, getting explicit consent before processing or storing information, including a disclosure about how long it will be kept, ensuring employees create strong passwords that they do not write down or share, and that they change those passwords regularly (for example, once per quarter) PII is sometimes confused with PCI and SPI. Here are the differences between them. Personally Identifiable Information (PII) is information that identifies a person. Personal Customer Information (PCI) is information that identifies and describes a customer. It includes much of the same types of data as PII. Like name, address, contact information, account login, and demographics. It can also include descriptive data like age, gender, job title, and marital status. Sensitive Personal Information (SPI) is information that does not identify but can cause harm if made public. As you can see, PII, PCI, and SPI are very similar. In most non-legal situations, these terms are often used interchangeably. In this video, you learned that when raw data is refined it becomes information. Intellectual property (or IP) includes designs, trade secrets, research discoveries, and even employee knowledge. Digital products are non-tangible asserts that a company owns, like software, eBooks, or web elements. Data driven business decisions are based on capturing data, correlating it, and then using it to create meaningful reports. The classes of data that companies, and organizations must protect are personally identifiable information (or PII), company confidential information, customer confidential information, and protected health information (or PHI).
