Identify types of data.

Identification should include the following terms and definitions:

• Personally identifiable information (PII)―any information about an individual, directly, or indirectly, that suggests the identity of an individual (directly: name, address, Social Security number; indirectly: gender, race, birth date) 
• Personal financial information (PFI)―any financial information a financial company shares with affiliates (part of a customer’s financial group) or non-affiliates (outside of financial group)
• Non-public information (NPI)―any PFI that a financial institution collects when providing a service to a customer and does not include information that is accessible to the public.
• Personal health information (PHI)―any information about a person's medical history collected by medical professionals (e.g., tests, lab results, insurance information)
• Digital footprint―data collected about a person based upon ones online activity, which can include, but is not limited to
• Internet protocol address
• social media posts
• browsers
• websites visited
• Digital traces―defined by content (the message) and metadata (the context of the message).

Identification also should include examples of digital footprints that occur in everyday life and analyzing digital footprint examples to interpret information about individuals. 

Process/Skill Questions: 

• How can a digital footprint affect a person receiving a security clearance?
• How can PHI be affected if there is a cybersecurity breach?
• What is considered intellectual property?
• How can someone claim intellectual property?
• What measures can be taken to protect consumer data?
• How can a digital footprint and/or digital traces affect employment and/or college acceptance?