Major Project: Privacy and Data Protection

 PRIVACY AND DATA PROTECTION  

First of all, what is Privacy?

The right to be left alone, or freedom from disturbance or intrusion, is known as privacy. The right to have some control over how your personal information is gathered and utilized is known as information privacy. (IAPP, 2022)

Different cultures have quite different ideas on what a person's privacy rights are and how they should be protected.

(EMOTIV, 2022)
Why Privacy is a great deal?

As more data is collected and exchanged, information privacy is getting increasingly complicated. The uses of data are becoming more sophisticated as technology advances. As a result, organizations are faced with an extremely complex risk matrix for maintaining the security of personal information. (IAPP, 2022)

What is the difference between Privacy and Security?

Data privacy is concerned with the usage and regulation of personal data, such as establishing procedures to ensure that consumers' personal data is accessed, shared, and utilized appropriately. Security is more concerned with protecting data from harmful assaults and profiting from stolen data. While security is required for data protection, it is insufficient for privacy concerns. (IAPP, 2022)

(StealthLabs, 2022)

Benefits of complying with Data Privacy Laws for organizations

The penalties and fines imposed by data privacy laws might be severe. Organizations can be penalized up to 4% of annual global revenue, or €20 million, under the EU's General Data Protection Regulation (GDPR). Aside from the potential financial penalties, a program that solves significant data privacy issues could save money. GDPR requires not just the secure storage of user data, but also the exchange of data upon request. Clean, effective processes for meeting these data governance standards can save the company a lot of money. (EMOTIV, 2022)

What are the risks of Data Privacy? 

(Kovacs, 2022)
-Vulnerabilities in Web Applications

Before being deployed within an otherwise secure firm, any software housed in the cloud or on the web should be thoroughly inspected and secure. Before you install anything new, make a data privacy compliance checklist to secure your program. (EMOTIV, 2022)

-Insiders and Poorly Trained Employees

Every member of your team should be fully taught and knowledgeable on the data privacy fundamentals that they are accountable for. This can be achieved by carefully creating and executing a business data privacy policy. (EMOTIV, 2022)

-Lacking Breach response

An incident response plan is an important component of a data privacy compliance program. Make sure you have a clear plan in place, that it's been practiced, and that the command line is ready to execute it if any problems emerge. (EMOTIV, 2022)

-Inadequate Personal data disposal

Personal data should be kept only for the duration of the customer or employee relationship (and any related legal obligations). If this program does not perform this function, your organization may face significant fines under the EU's General Data Protection Regulation (GDPR). (EMOTIV, 2022)

-Lack of Transparency in Privacy Policies, Terms, and Conditions

Make sure that all of your customers, distributors, users, and investors are aware of your privacy policies, terms, and conditions. Make sure they understand what they're agreeing to and what commitments they're taking on. (EMOTIV, 2022)

-Collection of Unnecessary Data

Data should only be collected for specific purposes for which consent has been obtained. The majority of data protection laws and regulations stipulate that an organization may not collect more data than is necessary for the transaction. A data privacy consent form can help users understand your company's policies and what they're agreeing to. (EMOTIV, 2022)

-Personal data sharing

Before any personally identifiable information leaves your organization's database for which permission has been obtained, make sure to notify all users. (EMOTIV, 2022)

-Incorrect or Outdated personal data

Most data privacy laws and regulations give people the right to amend inaccurate or incomplete personal data. This is a significant advancement in data security. Ascertain that your company has a particular policy and processes in place to allow users to exercise this privilege. (EMOTIV, 2022)

-Session expiration problems

Session expiration might pose a risk when a data subject gives personal information to a web service. The company may be held accountable for this cloud data privacy breach if a data subject abandons their session and their data is exposed. (EMOTIV, 2022)

-Data transfer over insecure channels

To transfer sensitive data, always utilize secure channels and protocols (e.g., SFTP, TLS). Incidents can occur when data is exposed through unsecured channels (e.g., FTP, HTTP). (EMOTIV, 2022)

-Extra credit: Dealing with the unknown

Make sure your team, procedures, and command-line are ready for the unexpected. The modern business landscape's big data privacy challenges constantly create new dangers and compliance challenges. Good data governance, security, and privacy program will adapt and adjust to keep your company compliant and secure. (EMOTIV, 2022)

Seven Principles 

(NHS, 2022)

Ways of avoiding the risks mentioned above are based on the seven principles.

The GDPR lays out seven criteria for processing personal data legitimately. Collection, organization, structuring, storage, alteration, consultation, use, communication, combination, restriction, erasure, and destruction of personal data are all examples of processing. (UHI, 2022)

 The seven principles are as follows:

-Lawfulness, fairness, and transparency

-Purpose limitation

-Data Minimisation

-Accuracy

-Storage limitation

-Integrity and confidentiality (security)

-Accountability

Data Protection Technologies to Protect your data 

There are various storage and management choices available when it comes to protecting your data. You can use solutions to control access, monitor activity, and respond to threats. (Cloudian, 2022)

 Some of the most often used practices and technologies are as follows: (Cloudian, 2022)

-Data Discovery

-Data Loss Prevention (DLP)

-Storage with built-in data protection

-Backup

-Snapshots

-Replications

-Firewalls

-Authentication and Authorisation

-Encryption

-Endpoint protection

-Data erasure

-Disaster recovery


Reference(s):

Cloudian, 2022. Data Protection and Privacy: 12 Ways to Protect User Data. [online] Cloudian. Available at: <https://cloudian.com/guides/data-protection/data-protection-and-privacy-7-ways-to-protect-user-data/> [Accessed 8 May 2022].

EMOTIV, 2022. Data Privacy. [online] EMOTIV. Available at: <https://www.emotiv.com/glossary/data-privacy/> [Accessed 8 May 2022].

Hare, 2022. These new rules were meant to protect our privacy. They don’t work | Stephanie Hare. [online] the Guardian. Available at: <https://www.theguardian.com/commentisfree/2019/nov/10/these-new-rules-were-meant-to-protect-our-privacy-they-dont-work> [Accessed 8 May 2022].

IAPP, 2022. What is Privacy. [online] Iapp.org. Available at: <https://iapp.org/about/what-is-privacy/> [Accessed 8 May 2022].

NHS, 2022. Your Data Privacy - GDPR. [online] Practitionerhealth.nhs.uk. Available at: <https://www.practitionerhealth.nhs.uk/your-data-privacy-gdpr> [Accessed 8 May 2022].

Stealthlabs, 2022. Data Security Vs Data Privacy: An Imperative Distinction to Protect Data. [online] Stealthlabs. Available at: <https://www.stealthlabs.com/blog/data-security-vs-data-privacy-an-imperative-distinction-to-protect-data/> [Accessed 8 May 2022].

UHI, 2022. Data Protection - The Seven Principles. [online] Uhi.ac.uk. Available at: <https://www.uhi.ac.uk/en/about-uhi/governance/policies-and-regulations/data-protection/the-seven-principles/#:~:text=The%20GDPR%20sets%20out%20seven,or%20destruction%20of%20personal%20data.> [Accessed 8 May 2022].

Comments

Post a Comment

Popular posts from this blog

Initial Idea 1: Database Design and Implementation

Image
 DATABASE DESIGN AND IMPLEMENTATION First of all,  What is DATA? Data are facts or pieces of information about the object under review. For instance, the person's name, age, height, weight, ethnicity, hair color, and birthdate, are examples of personal data. Data encompasses more than just written facts; it also includes photographs, images, and files. (CFI, 2022) (Twinkl, 2022) There are a few terms for understanding the connection between data and databases. - Fields Fields store the most specific details of information about the data. - Record Record is the storage of connected data. - Table Table is the storage of connected Records. - Database A collection of Tables, but... What is a Database? A database is a collection of logically connected data that is arranged in a way that makes it easy to access, manage, and change. Databases are typically accessed electronically through a computer system and managed by a database management system (DBMS). (CFI, 2022) (CFI,...
Read more

Software - Evaluation & Functionalities

Image
 Files.com (Files.com, 2022) Files.com is available on all platforms. (Files.com, 2022) You can put your files in folders. Furthermore, store them in categories. (Files.com, 2022) Personalizing the files and folders in matters of importance or like. (Files.com, 2022) Functions for the files and folders. (Files.com, 2022) Managing folders and categorizing.  (Files.com, 2022) Sharing your files and folders. Reference(s): Files.com, 2022. [online] Files.com. Available at: <https://www.files.com/docs/features/files> [Accessed 7 June 2022].
Read more