Skip to main content
Sign In |
  Help (new window)
MISMO Logo

ISWG

Go Search
Home
  
MISMO Wiki > ISWG > Wiki Pages > ISWGNPPIDiscusion  

ISWGNPPIDiscusion

View All Site Content

Recent Changes
A product of the Identifying and Safeguarding Personal Information (PI) activity was the flagging (or tagging) of MISMO Logical Data Dictionary (LDD) elements or attributes as sensitive. The ISWG used the State Breach Notification Data Elements matrix to identify and flag MISMO elements or attributes. This consisted of a column in the 2.x LDD (Excel Spreadsheet) as there was no better mechanism within the Data Type Definition (DTD) construct. The term used for the flag was “non-public personal information”, with an acronym NPPI. All reference material to the elements/attributes contains a disclaimer that the flag has no mandatory or compliance requirement for MISMO users. The flagged fields are for awareness and for parties to determine the own mitigation techniques.

The migration to 3.0 allows the ISWG to redefine the term and establish logical processing support. The recommendation is for the flag to become an attribute in the 3.0 schema model, which would permit systems to detect and process those flagged data elements. There is general agreement within the ISWG that the flag/attribute should be better named and the need for continued discussion on the characteristics of the attribute; e.g. binary (yes/no) or enumerate (personal, business, etc.) This page will represent the focal point of those discussions and decisions.

There are two main discussion topics:

  1. Name of the attribute – Initial discussion proposed Personal Identifiable Information (PII). The term received positive support; however the name may have dependence to the resolution to Topic 2 (attribute characteristics). Primary concern is that potential enumerations could include items such as business characteristics than the term “personal” would not be expansive for all named enumerations.
  2. Attribute Characteristics - This discussion revolved around two sub-topics:
    1. Binary (yes/no)- Attribute would be yes or no (no or off). This would greatly simplify naming or the need for any classification of enumerations. A binary attribute will reduce risk or confusion related to enumerations
    2. Enumerations - Enumerations will provide additional process context to flagged data elements. This would create more work for the ISWG to label every flagged element, create an activity to keep enumeration relevant and potential for misuse or wrong labeling by MISMO users.
What is the business value and risk of enumerations?
RJS 02/11/08 - This text represents an example of a comment. You will need to add the two backslashes (new paragraph) and then your text. Please label your name and date.

ISWG Teleconference 02/20/08 - John Jones: MISMO should not classify degrees, but enable that capability for trading partners. Todd Berman: Use one attribute to indicate if a data point is sensitive, and use another attribute to indicate other information.

RJS: Needs to check with David Krause to verify that user extensions could be created for User defined information.

RJS 03/06/08 - Recommend terms:

  1. Private Information (PI)
  2. Confidential Information (CI)
  3. Sensitive Information (SI)
  4. Confidentiality, Integrity and Availability (CIA)

Any term would be inclusive to personal or business information.

RJS 03/04/08 - Pending Architecture WG discussion (eta 3/13/08).

RJS 03/13/08 - The 3.0 architecture will support the ability for Users to extend elements without any special feature for sensitive information. For example, Users can add their own (corporate) NameSpace to any element.

Sample names; either full spelling or acronym (ISWG choice):

  1. PrivateInformation or PI
  2. ConfidentialInformation or CI
  3. SensitiveInformation or SI
  4. ConfidentialityIntegrityAvailability (CIA)

RJS 04/02/08 - The workgroup passed a motion to use the full name of “SensitiveInformation” as the name for the field. The new field name will be notified to AWG.

RJ 04/02/08 - email from David Krause (Chair of Architecture Workgroup)

Slight modification to the name: “SensitiveInformationIndicator”. The “Indicator” is necessary because even attributes need class words. The next step is to bring it to D3 and then we will make it so in the model.

RJS 04/14/08 - See MISMO Engineering Guide (MEG)
Remaining task is to review and monitor new version 3 data elements for sensitive tag (attribute).

Last modified at 8/12/2010 6:10 PM  by PROD-SPOINT\administrator