IDSO
Investment Data Standards Organization
IDSO TOPICS
Personally Identifiable Information (PII)
The purpose of the PII Working Group and the PII Publications is to develop and maintain processes and risk management for personally identifiable information (PII) associated with the use of Alternative Data for investment management.
The publications include general background, considerations, best practices, risk assessment frameworks, categorization, and compliance requirements for investors dealing with PII or datasets that may contain PII.
PUBLICATIONS
PII BEST PRACTICES
Overview: This document explains the importance of protecting the confidentiality of the PII and provides guidance in its use, access, and disclosure. The primary target audience of this document are managers and compliance teams within an investment company interested in regulatory guidance and process management of personally identifiable information (PII).
Current Status: DRAFT Last Revision Date: 5/15/2018
Number of Pages: 35 Version: 1.0
Document ID: IDSO_PII_BP_001 Download
DATA ORIGINATOR QUESTIONNAIRE
Overview: The questionnaire should be used by PII assessment team to capture responses from interviews with data originator, review of associated documentation and of actual data fields.
Current Status: DRAFT Last Revision Date: 1/18/2018
Number of Pages: 1 Version: 1.0
Document ID: IDSO_PII_QST_001 Download
PII SENSITIVITY LEVELS
Overview: This document provides categorization for the sensitivity of PII data in accordance with Department of Homeland Security definition of PII.
Current Status: DRAFT Last Revision Date: 1/18/2018
Number of Pages: 2 Version: 1.0
Document ID: IDSO_PII_SL_001 Download
DATA RISK ASSESSMENT
Overview: The objective of this risk assessment is to determine the impact level of PII to identify the appropriate security controls. The implementation of this assessment will help to prioritize the data fields with the highest impact level so that the organization can prepare to put the highest required level of security controls in place. There are three impact levels based on accepted frameworks established in NIST 800-122, 800-53 and FIPS 199.
Current Status: DRAFT Last Revision Date: 1/18/2018
Number of Pages: 2 Version: 1.0
Document ID: IDSO_PII_DRA_001 Download
SECURITY RISK ASSESSMENT
Overview: The objective of this risk assessment is to determine the security risk of PII and to select the appropriate security access and controls. Factors used to identify impact level are access frequency, access location, number systems and a number of people who have access.
Current Status: DRAFT Last Revision Date: 1/18/2018
Number of Pages: 2 Version: 1.0
Document ID: IDSO_PII_SRA_001 Download
PII CHECKLIST
Overview: This document provides a checklist of processes and considerations for investment teams working with Alternative Data.
Current Status: DRAFT Last Revision Date: 1/18/2018
Number of Pages: 4 Version: 1.0
Document ID: IDSO_PII_CHK_001 Download
Web Crawling
The purpose of the Web Crawling Working Group and the Web Crawling Publications is to develop and maintain processes and risk management for using data harvested or scraped from the web associated for use in investment management.
The publications include general background, considerations, and best practices for compliance with state, regional, and federal laws and data management.
PUBLICATIONS
WEB CRAWLING BEST PRACTICES
Overview: This document provides guidance in the use of web collected, harvested, or scraped data for driving investment decisions. The document provides a review of relevant regulations, prior cases, and legal requirements for the use, access, and disclosure of this data. The primary target audiences of this document are managers and compliance teams within an investment company interested in using web harvested data.
Current Status: DRAFT Last Revision Date: 1/18/2019
Number of Pages: 17 Version: 0.1
Document ID: IDSO_WC_BP_001 Download
DATA RISK ASSESSMENT
Overview: The objective of this risk assessment is to determine the impact level of web harvesting to categorize the risk of using data from a website for driving investment decisions. The assessment identifies drivers of impact, including website terms, website operation, public information, copyright, and competition.
Current Status: DRAFT Last Revision Date: 1/18/2019
Number of Pages: 2 Version: 0.1
Document ID: IDSO_WC_DRA_001 Download (members only)
WEB CRAWLING CHECKLIST
Overview: This document provides a checklist of processes and considerations for investment teams working with web harvested Alternative Data.
Current Status: DRAFT Last Revision Date: 1/18/2019
Number of Pages: 3 Version: 0.1
Document ID: IDSO_WC_CHK_001 Download
Dataset Compliance for Sensitive Information (SI)
The purpose of the Dataset compliance Working Group and Dataset Compliance Publications is to define the compliance-level of datasets that contain sensitive information (SI) in the Alternative Data industry.
The publications include general background, considerations, and best practices.
PUBLICATIONS
DATASET COMPLIANCE BEST PRACTICES
Overview: This document enables organizations to evaluate their dataset compliance for SI handling, storage, and disclosure. The target audience of this document are managers and compliance teams in the Alternative Data industry who are interested in the regulatory guidance of SI.
Current Status: DRAFT Last Revision Date: 1/18/2018
Number of Pages: 9 Version: 0.1
Document ID: IDSO_DSSI_BP_001 Download (members only)