IDSO TOPICS
Personally Identifiable Information (PII)

The purpose of the PII Working Group and the PII Publications is to develop and maintain processes and risk management for personally identifiable information (PII) associated with the use of Alternative Data for investment management.
 

The publications include general background, considerations, best practices, risk assessment frameworks, categorization, and compliance requirements for investors dealing with PII or datasets that may contain PII.
 

PUBLICATIONS

 

PII BEST PRACTICES

 

Overview: This document explains the importance of protecting the confidentiality of the PII and provides guidance in its use, access, and disclosure. The primary target audience of this document are managers and compliance teams within an investment company interested in regulatory guidance and process management of personally identifiable information (PII).

 

Current Status:           DRAFT                               Last Revision Date:    5/15/2018

Number of Pages:      35                                       Version:   1.0                                                   

Document ID:              IDSO_PII_BP_001             Download

DATA ORIGINATOR QUESTIONNAIRE

Overview: The questionnaire should be used by PII assessment team to capture responses from interviews with data originator, review of associated documentation and of actual data fields. 

Current Status:           DRAFT                               Last Revision Date:    1/18/2018

Number of Pages:      1                                         Version:   1.0                                                   

Document ID:              IDSO_PII_QST_001          Download

PII SENSITIVITY LEVELS

 

Overview: This document provides categorization for the sensitivity of PII data in accordance with Department of Homeland Security definition of PII.  

 

Current Status:           DRAFT                               Last Revision Date:    1/18/2018

Number of Pages:      2                                         Version:   1.0                                                   

Document ID:              IDSO_PII_SL_001             Download

DATA RISK ASSESSMENT

 

Overview:  The objective of this risk assessment is to determine the impact level of PII to identify the appropriate security controls. The implementation of this assessment will help to prioritize the data fields with the highest impact level so that the organization can prepare to put the highest required level of security controls in place. There are three impact levels based on accepted frameworks established in NIST 800-122, 800-53 and FIPS 199.

 

Current Status:           DRAFT                               Last Revision Date:    1/18/2018

Number of Pages:      2                                         Version:   1.0                                                   

Document ID:              IDSO_PII_DRA_001          Download

SECURITY RISK ASSESSMENT

 

Overview:   The objective of this risk assessment is to determine the security risk of PII and to select the appropriate security access and controls. Factors used to identify impact level are access frequency, access location, number systems and a number of people who have access.

Current Status:           DRAFT                               Last Revision Date:    1/18/2018

Number of Pages:      2                                         Version:   1.0                                                   

Document ID:              IDSO_PII_SRA_001          Download

PII CHECKLIST

 

Overview:   This document provides a checklist of processes and considerations for investment teams working with Alternative Data.

 

Current Status:           DRAFT                               Last Revision Date:    1/18/2018

Number of Pages:      4                                         Version:   1.0                                                   

Document ID:              IDSO_PII_CHK_001          Download

Web Crawling

 

The purpose of the Web Crawling Working Group and the Web Crawling Publications is to develop and maintain processes and risk management for using data harvested or scraped from the web associated for use in investment management.
 

The publications include general background, considerations, and best practices for compliance with state, regional, and federal laws and data management.
 

PUBLICATIONS

 

WEB CRAWLING BEST PRACTICES

 

Overview: This document provides guidance in the use of web collected, harvested, or scraped data for driving investment decisions. The document provides a review of relevant regulations, prior cases, and legal requirements for the use, access, and disclosure of this data. The primary target audiences of this document are managers and compliance teams within an investment company interested in using web harvested data.

 

Current Status:           DRAFT                               Last Revision Date:    1/18/2019

Number of Pages:      17                                       Version:   0.1                                                   

Document ID:              IDSO_WC_BP_001           Download

DATA RISK ASSESSMENT

 

Overview:  The objective of this risk assessment is to determine the impact level of web harvesting to categorize the risk of using data from a website for driving investment decisions. The assessment identifies drivers of impact, including website terms, website operation, public information, copyright, and competition.

 

Current Status:           DRAFT                               Last Revision Date:    1/18/2019

Number of Pages:      2                                         Version:   0.1                                                   

Document ID:              IDSO_WC_DRA_001        Download (members only)

WEB CRAWLING CHECKLIST

 

Overview:   This document provides a checklist of processes and considerations for investment teams working with web harvested Alternative Data.

 

Current Status:           DRAFT                               Last Revision Date:    1/18/2019

Number of Pages:      3                                         Version:   0.1                                                   

Document ID:              IDSO_WC_CHK_001        Download

Dataset Compliance for Sensitive Information (SI)

 

The purpose of the Dataset compliance Working Group and Dataset Compliance Publications is to define the compliance-level of datasets that contain sensitive information (SI) in the Alternative Data industry.

​​

The publications include general background, considerations, and best practices.
 

PUBLICATIONS

 

DATASET COMPLIANCE BEST PRACTICES

 

Overview: This document enables organizations to evaluate their dataset compliance for SI handling, storage, and disclosure. The target audience of this document are managers and compliance teams in the Alternative Data industry who are interested in the regulatory guidance of SI.

 

Current Status:           DRAFT                               Last Revision Date:    1/18/2018

Number of Pages:      9                                         Version:   0.1                                                   

Document ID:              IDSO_DSSI_BP_001         Download (members only)