<< Click to Display Table of Contents >> Navigation: Other Information > Managing Personally Identifiable Information in EQuIS |
Personally identifiable information (PII) is any data, used alone or with other relevant data, that potentially identifies a specific person by either direct or indirect means. This includes privileged and confidential information as well as proprietary information. PII data require additional security or protection.
Which Data Are PII?
Personally identifiable information may be stored in EQuIS and should be protected. The first step in protecting PII data is to determine which data and where the data are stored in EQuIS. Identification of the data will require some understanding of regulations, policies, and requirements pertaining to the data. Some examples of PII that may be stored in EQuIS are:
•Property owner name
•Residential well owner name
•Property ID
•Tax parcel ID
•Address (Building #, City, State, Zip)
•Township/County
•Latitude and Longitude
•Sampling location
•Contact phone number
•Contact email address (could be used with EQuIS Information Agents)
Some EQuIS tables and fields that may be involved are:
•DT_FACILITY
•Address
•Phone number
•DT_LOCATION
•Driller name
•DT_PERSON
•Contact name
•Phone number
•DT_SAMPLE
•Sampler name
•Location (SYS_LOC_CODE)
Securing PII
Securing personally identifiable information in EQuIS requires an analysis of who should have access to the data, such as:
•EQuIS administrators
•Database administrator (DBA)
•Developers/programmers
•IT personnel
•Help Desk/Technical Support
•Managers
•EQuIS users
•Public (FOIA/FOIL)
Securing PII data in EQuIS may be achieved by either:
•Configuring and limiting the user via the assignment of roles and permissions in EQuIS Enterprise using the User Manager Widget and the Role Manager Widget.
•Data Masking – EQuIS can be configured to mask select fields that contain sensitive data by user or role (see Dynamic Data Masking section below).
Dynamic Data Masking
Dynamic data masking (DDM) is used for display purposes after data has been loaded and can limit sensitive data exposure by masking it to non-privileged users. Database administrators or IT personnel need to setup data masking on a field-by-field basis (via SQL Server Management Studio) and specify which ALS (application-level security) roles can see the un-masked data. Permissions are controlled per field.
Microsoft provides detailed information on dynamic data masking (see https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking?view=sql-server-ver15). Some key benefits of DDM are:
•Helps prevent unauthorized access to sensitive data.
•Allows administrators to specify how much sensitive data to reveal.
•The data in the database are not changed.
•Users can query production environments without violating compliance regulations.
Hashing Data
Personally identifiable information stored in EQuIS can be hashed. Hashing is a process where a hashing algorithm (formula) is applied to a data item that produces a result, called the hash value. The hashing algorithm always generates the same hash value for a given piece of data. The hashing algorithm converts the input data values, regardless of size, to a string of characters (hash value) that are always the same length. For example, the hashing algorithm might create a 16-character length string regardless of whether the input data was a single character or the text of an entire report.
The hashing process works in only one direction (i.e., is algorithmically irreversible). Thus, once the data are hashed in the database, the original data cannot be exported. To be able to export the original data, use data encryption rather than hashing.
In EQuIS, hashing can be used on incoming PII and built into an EQuIS format. The data in the database are changed. The data are hashed from EQuIS administrators, users, IT personnel, and database administrators. Hashed values are unique, and thus, can still be used to compare datasets.
Example:
Data Input |
Hash Value |
---|---|
John Smith |
16yn4N5erTQvp4s7 |
John Smith ⇒ 16yn4N5erTQvp4s7
Data Encryption
Personally identifiable information stored in EQuIS can be encrypted. Encryption is a process where an algorithm is applied that encodes the data according to a key, making the data unreadable to anyone who does not have the key. Encryption is a reversible process where the key can be used to decrypt the data and read the contents.
In EQuIS, encryption can be used on incoming PII and built into an EQuIS format. The data in the database are not changed. The data are encrypted from EQuIS administrators, users, or anyone who does not have access to the encryption key. Only approved personnel with the access to the encryption key will be able to decrypt the data. Unlike data hashing, the original data values can be exported from EQuIS when using encryption.
Example:
Data Input |
Encrypted Value |
---|---|
John Smith |
Z3G5E45K9F55W2M8 |
John Smith ⇔ Z3G5E45K9F55W2M8
Note: Adding data encryption for PII is a separate process from the normal data encryption applied to EQuIS databases. Data are encrypted at rest and in motion for all EQuIS Online databases. When using Enterprise EDP, encryption of EDDs depends on the transmission method (see the Managing EDDs article for more details). |
---|
Copyright © 2024 EarthSoft, Inc. • Modified: 08 Jun 2021