Security is privacy's step-sibling and a critical element of realizing privacy by design. Privacy is not achievable without data, communication, application, device, and system level security controls. The security primitives of confidentiality (encryption), integrity, authentication, nonrepudiation, and data availability need to be implemented to support the overarching privacy goals for the deployment.
In order to specify the privacy-related security controls, the privacy data needs to be mapped to the security controls and security parameters necessary for protection. It is useful at this stage to identify all endpoints in the architecture in which the PII is:
- Originated
- Transmitted
- Processed
- Stored
Each PII data element then ...