Information about events such as hiring, firing, retiring and date of occurrence, date of a disabling event and the relating data that can reasonably prove the severity of such disability, proof of age for retirement benefits, birth and relationship of spouse and/or children who may be entitled to benefits only as auxiliaries of the primary beneficiary, and other related information needed to process a claim for benefits. The overall accountability rating for this information classification is Moderate.
Confidentiality level = Moderate
The confidentiality impact level is based on the effects of unauthorized disclosure of entitlement event information on the ability of the organization to establish qualifications of individuals to receive organizational benefits - and to protect individuals and the organization against fraud. Unauthorized disclosure of raw data and other source information for entitlement operations is likely to violate the various state and international privacy laws and other regulations applicable to the dissemination of personal information. Unauthorized disclosure of centrally managed entitlement event information can have a serious adverse effect on organizational missions. Significant hardships for individuals and very large aggregate tort awards against the organization can result from large-scale disclosure of some entitlement event information. Therefore for entities that manage large income information involving records of staff and/or clients, the provisional confidentiality impact level can be expected to be at least moderate.
Integrity level = Moderate
The integrity impact level is based on the specific use of the entitlement event information and not on the time required to detect the modification or destruction of information. In the case of very large databases containing entitlement event information relating to staff and/or clients, there is a significant probability that erroneous actions will be taken affecting the benefits entitlements of large numbers of individuals. This can result in at least short-term financial hardship for staff and/or clients. It can also be expected to result in serious disruption of the organization operations due to the time and resource requirements for taking corrective actions. In such cases, the integrity impact level would be at least moderate.
Known mitigating factors toward changing the integrity level
In the case of smaller organizations, and where the information affected is limited to employees, the consequences may justify only a low provisional impact rating.
Availability level = Moderate
The availability impact level is based on the specific use of the entitlement event information and not on the time required to reestablish access to the income information. Benefits determination processes are generally tolerant of reasonable delays. In many cases, disruption of access to entitlement event information can be expected to have only a limited adverse effect on organizational operations, organizational assets, or individuals.
Known mitigating factors toward changing the availability level
In the case of very large data bases containing entitlement event information relating to staff and/or clients, there is a significant probability that processing delays will affect the benefits entitlements of large numbers of individuals. The larger the number of records affected, the longer the delays that can be expected to result. This can result in financial hardship for staff and/or clients. It can also result in very serious disruption of the organization operations due to large time and resource requirements for backlog processing. In such cases, the availability impact level would be at least moderate. In the case of permanent loss of records, the impact might even be high.