A real challenge to IT security is how do we deal with our data? Now there's data and there's data if you know what I mean. And in this episode, what I want to do is talk about the different types of data so that we can sort of label how careful we have to be with our data. And then also define the different types of roles that people play in terms of how they handle that data. So let's start off with data sensitivity and data labeling. In this case, all the different data that we are in control of has a different amount of importance to us.
And we have some pretty standard terms here. So let's go ahead and go through these real quick. First of all, we have what's known as public data. public data is data that has no restriction of any form. It is within the public domain. Everybody knows about it.
Your postal address, or at least the postal address, not necessarily who lives at the house would be an example of public data. Also GIS information, graphical information of a town and where the rivers and bridges are in such that would be an example of public data. So public data, basically, as far as we're concerned, has no restrictions. And it's the data that we're least concerned about. Next is going to be confidential data. confidential data is data that one party offers to a second party, but only to that party.
So I'm going to give you some information about me. But I'm not going to let I don't want you to have anybody else have it. In fact, these are the cases where we'll do things like make you or your organization fill out a non disclosure agreement that basically says, okay, as a vendor, you're going to know how much metal we're selling to everybody. So in that particular case, you don't tell anybody else and that's why we do the MBAs. private information is information that is private to an individual. In this one particular case, for example, would be your social security number.
So When we're dealing with private information, we also deal with something called PII or privately identifiable information. So privately identifiable information is private information. It's the same animal, but whereas private information might just be a social security number. PII would include your name, your address, your social security number, and your cell phone number. So, PII is most certainly private, but one piece of private information is not necessarily PII. Next is going to be proprietary.
Proprietary is kind of like private information, but really just for a corporation. So if a corporation has information that gives it some form of competitive advantage, we call that proprietary information. So the formula for Coca Cola would be a great example of proprietary information. Here at total seminars. My ability to stay good looking for all these many decades is the example of perfect dietary information. Okay, so I thought it was funny.
Anyway. So last we're going to have private health information. And private health information is any form of information that has to deal with the health of a particular person. This became a big deal not that long ago. When here in the United States about 15 years ago, we had our HIPAA laws that came out because basically, it was becoming really easy for insurance companies and health vendors to exchange information that well, they probably didn't need to have. So that's what we're talking about pH is going to be the health information.
Also keep in mind with PH I. Not only is it terms of your health itself, but it's also the PII so that we know that that health insurance has health information has to do with you personally. So pH I often includes some amount of PII as well. Okay, so now we've gone through some of the types of different types of data labels or data sensitivity, we hear That term a lot. What I want to do now is I want to start talking about the people who actually deal with this data in what we call data rolls. Your organization has lots of data.
Now the problem that we have here is that if we've labeled the data, that's great, but then we have all these different globs of data. No organization has one single database that everybody does everything from. We have all kinds of different chunks of data that different people within our organization have to deal with. So what I want to do real quick is go over what we call data roles. It's easy, there's only three of them. First of all, there is the owner of the data.
Now, the owner of the data is the person who has the legal responsibility the person who can actually make money the person who is responsible for that data. So in most corporate situations, the owner of the data is not a person but a corporation. itself. So we have to know who is owning that data in any given moment. Now, you would think well, all that is owned by the company, not necessarily. There could be situations where we're using vendor data, where we're taking personal information.
And in those types of situations, we can have multiple owners, sometimes even within the same database, although we try to avoid that, if at all possible. The next thing we're going to be dealing with is the steward or the custodian. The steward or the custodian is the group, the person, the other organization whose job is to maintain the accuracy and the integrity of that data. So who that person might be really depends a lot. In fact, later in this episode, when we talk about user awareness, we can break this down a lot more. But there's always going to be somebody who is actually in charge of the day to day care of that particular data.
And the last person who comes into play is a privacy officer. A privacy officer is The person who is in charge of ensuring that we're dealing with good personal health information, personally identifiable information for that particular database. So once we got these basics, let's really get into the fun part. And let's talk about user awareness and the many different types of users who use data. When it comes to data, we really have to categorize the people who are using that data. And we define this by what we call roles.
Now, I want to be careful here, because when we talk about this type of organization, we use it not only for data, but also for systems, it might depend in terms of who's in charge of a particular system. So there's a little bit of interlock between the idea of user roles for data and user roles for system. So if you hear me sneaking the word systems, these things are actually quite interchangeable within those two terms. So let's go ahead and run through this. Now. First of all, the most important one, we're going to have are just users, users have the standard amount of permissions to do whatever they need to do with that data or that system.
They understand how their data functions. And they're also aware of common problems. Like if they see corrupted data, or if they're worried about malware, they actually have procedures in place to deal with that, even if that procedure is nothing more than dialing up to it support. After users, you're going to have what we call privileged users. A privileged user has increased access and control over the data or system. But the big difference here is that now you need to be careful, a privileged user almost never has the opportunity to actually delete all the data, they might be able to delete a record, for example, or something like that, where a user can only Mark things for deletion.
But the big important thing is that a privileged user is going to have increased access, they'll be able to see more of the data. And they'll have increased control relative to a user. Now an executive user is kind of a unique type of user when it comes to data. An executive user is the user who makes strategic decisions about this. They'll be the person who sets policies for it. There'll be the person who verifies backups or being done.
They don't actually do it. But they're the person who actually watches over that type of stuff. So the executive is probably going to be the head of the sales department who's looking at certain strategic aspects of the data. So next, when it comes to backups, as we have system administrators, a system administrator, by definition will have complete control over the data or system and the system, the system administrator could delete the entire database. The system administrator could erase the entire system. They're in charge of the day to day manipulation and administration of that data set.
And they've got a big job. They're the one who sets the permissions for users and privileged users. They're the ones who get the executive users opportunities to make overviews. That particular data set, whatever it might be, they're the guys who are in charge of that. Last is the data owner or in this case system owner as well. Now, as we've already mentioned earlier in this episode, these are the people are usually organizations who actually have legal ownership of this particular data set or have this particular system.
So when we're talking about a owner, we're talking about, not only do they have ownership, but they also have all the legal responsibility. So when we're talking about organizing data, make sure you're familiar with every single one of these different terms because folks, you're going to see it on the exam.