A company configures their information system to have the following capabilities:
✑ Allow for selective disclosure of attributes to certain parties, but not to others.
Permit the sharing of attribute references instead of attribute values - such as `I am over 21` instead of birthday date.
✑ Allow for information to be altered or deleted as needed.
These capabilities help to achieve which privacy engineering objective?
The described capabilities align with the objective of Manageability in privacy engineering. Manageability involves the ability to administer personal information in a granular manner, including the modification, deletion, and controlled disclosure of attributes. It encompasses providing control over personal data, such as allowing selective sharing of attribute references instead of full attribute values, as well as the ability to alter or delete information as needed.
*it should be B - Manageability
NIST’s Privacy Engineering Program has proposed three privacy engineering objectives: predictability, manageability and disassociability. Disassociability is the minimization of connections between data and individuals to the extent compatible with system operational requirements. This minimization can take many forms, from maximally disassociated data in the form of high-level aggregated data, to de-identified records pertaining to distinct individuals. Disassociability can also take the form of architectural data separation, in which identifiable personal information is kept segregated from, but still linkable to, transactional data
Manageability refers to the ability to granularly administer personal information, including modification, disclosure and deletion. Disassociability is the minimization of connections between data and individuals to the extent compatible with system operational requirements. .is minimization can take many forms, from maximally disassociated data in the form of high-level aggregated data, for example, to de-identified records pertaining to distinct individuals. Disassociability can also take the form of architectural data separation, in which identifiable.
C is correct
C is correct