CT.DP-P: Disassociated Processing
Description
Data processing solutions increase disassociability consistent with the organization’s risk strategy to protect individuals’ privacy and enable implementation of privacy principles (e.g., data minimization).
Framework Subcategories
CT.DP-P1: Data are processed to limit observability and linkability (e.g., data actions take place on local devices, privacy-preserving cryptography)
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.DP-P2: Data are processed to limit the identification of individuals (e.g., de-identification privacy techniques, tokenization)
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.DP-P3: Data are processed to limit the formulation of inferences about individuals’ behavior or activities (e.g., data processing is decentralized, distributed architectures).
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.DP-P4: System or device configurations permit selective collection or disclosure of data elements
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.DP-P5: Attribute references are substituted for attribute values
[csf.tools Note: Subcategories do not have detailed descriptions.]