CT.DP-P: Disassociated Processing

Description

Data processing solutions increase disassociability consistent with the organization’s risk strategy to protect individuals’ privacy and enable implementation of privacy principles (e.g., data minimization).

Framework Subcategories

CT.DP-P1: Data are processed to limit observability and linkability (e.g., data actions take place on local devices, privacy-preserving cryptography)

[csf.tools Note: Subcategories do not have detailed descriptions.]

CT.DP-P2: Data are processed to limit the identification of individuals (e.g., de-identification privacy techniques, tokenization)

[csf.tools Note: Subcategories do not have detailed descriptions.]

CT.DP-P3: Data are processed to limit the formulation of inferences about individuals’ behavior or activities (e.g., data processing is decentralized, distributed architectures).

[csf.tools Note: Subcategories do not have detailed descriptions.]

CT.DP-P4: System or device configurations permit selective collection or disclosure of data elements

[csf.tools Note: Subcategories do not have detailed descriptions.]

CT.DP-P5: Attribute references are substituted for attribute values

[csf.tools Note: Subcategories do not have detailed descriptions.]