Let us have a look at the following topics covered in the article:
Take a moment to view this video to learn about cybersecurity
Introduction to Data Privacy
In the past few decades, one topic in information security has been grabbing everyone’s attention, data privacy. Digitalization has dematerialized our world; we live in a digital reality.Historically, people have always been concerned about their privacy. With the dematerialization of culture, personal data privacy is evolving into something entirely new.
Let us start by defining what is data privacy?
Data privacy, also called information privacy, is a subset of security that focuses on personal information. Data privacy governs how data is collected, shared, and used. Data privacy is concerned with the proper handling of sensitive information such as financial data and intellectual property data.
Components of Data Privacy
The components of data privacy include:
Management of data risk
To reduce data risk, companies manage the data acquisition, filing, modifying, and handling of their data, from the point of creation to retirement.
Data loss prevention
The data loss prevention (DLP) process includes identifying confidential data, tracking that data throughout the organization, and creating and enforcing policies to prevent unauthorized disclosure of private data.
Password management
Managing passwords involves principles and best practices that should be adhered to by users when storing passwords.
The 28th of January of every year is International Data Privacy Day. Its mission is to build awareness and promote proper data collection, privacy, and protection practices. The International Data Privacy Day is observed in many countries including the United States, Canada, Australia, and India. The first Data Privacy Day was observed in 1981.
Why is Data Privacy Important?
Now that we understand what data privacy is, let us learn why data privacy is vital. Privacy concerns arise through the mass collection of data. Many organizations are keeping our data due to the computerized operations in place. Many countries consider privacy an essential personal right, and data protection regulations exist to preserve it. Additionally, data privacy is crucial since believing that their information is being handled responsibly is essential for people who aspire to flourish online.
In the absence of privacy or controlled access to personal data, personal information can be misused in many ways:
- Under oppressive governments, people are not given the freedom to reveal their identities.
- With the advent of the General Data Protection Regulation (GDPR,) the main purpose of data privacy has grown even more.
Data Privacy Principles
The six data protection principles cover the lifecycle of a piece of personal data from collection, retention, use, and destruction.
Collection purpose and means
Personal data is collected for an intent that is directly related to the data users’ function or activity. It must also be collected legally and equitably. When personal data is collected, the purpose for which the data is used must be disclosed to the data subjects. Data collection should, of course, be necessary but not excessive.
Accuracy and retention
Data users must ensure personal data is accurate and should not be kept longer than necessary.
Use
Private data must be used for the purpose for which the data is collected or for a directly related purpose. It should not be used for any other purposes unless voluntary and explicit consent is obtained from the data subject.
Security
Moreover, data users need to adopt security measures to safeguard personal data from unauthorized and accidental access, processing, and loss of use.
Openness
Data users must make personal data policies and practices known to the public, regarding the types of personal data they hold and how the data is used.
Data access and corrections
Data subjects have the right to request access to and correction of their data.
If a data user contravenes these six data protection principles, then the privacy commissioner may serve an enforcement notice on it.
Data Privacy Act
The Congress of the Philippines passed Republic Act No. 10173 in 2012. The Data Privacy Act protects individuals from unauthorized processing of personal information that is private and not publicly available.
Data Privacy Laws
A data privacy law specifies how data should be collected, stored, and shared with third parties. Some of the most widely discussed privacy laws include GDPR; the European Union’s GDPR is the most comprehensive law on privacy.
Data privacy laws in the US
- Fail to implement and maintain reasonable data security measures.
- Fail to abide by any applicable self-regulatory principles of the organization’s industry.
- Fail to follow a published privacy policy.
- Transfer personal information in a manner not disclosed on the privacy policy.
- Make inaccurate privacy and security representations to consumers and in privacy policies.
Are you looking to become a Cyber Security Expert? Go through Intellipaat’s Cyber Security Management Certification!
Data privacy laws in India
India’s constitution does not expressly recognize the right to personal liberty. However, the judiciary has consolidated the right to life into other current legal provisions, such as freedom of speech under Article 19(1)(a) and the freedom to life and individual liberty under Article 21. However, these fundamental rights under the Government of India Act are worthy of protection legislated under Act 19(2) of the Constitution.
Challenges Faced in Data Privacy
Cybercrime
Cybercrime refers to any criminal conduct committed with the aid of a computer or other electronic equipment connected to the internet. Individuals or small groups of people with little technical knowledge and highly organized worldwide criminal groups with relatively talented developers and specialists can engage in cybercrime.
Data breaches
A data breach happens when sensitive data falls into the hands of someone who has no business handling it. So, if a hacker extracts your credit card credentials, it’s a data breach. But the release of data can also be unintentional.
Insider threat
It is an act of malicious activity undertaken by users who have legitimate access to a network, application, or database of an organization.
Technologies for Data Privacy
Cyber security
Cyber security involves the practice of implementing multiple layers of security and protection against digital attacks across computers, devices, systems, and networks.
Encryption
Data of any kind can be kept secret through a process known as encryption. Scrambling and changing the message to hide it helps to secure our data. This technique is widely used in data privacy.
Access control
Access control is a security that can be used to regulate who or what can view or use resources in a computing environment. Using data loss prevention (DLP) in conjunction with access control can help prevent sensitive data from leaving the network.
Two-factor authentication
Two-factor authentication (2FA) adds a second method of identity verification to secure your accounts. The most common 2FA uses a unique one-time code with every login attempt. This code is tied to your account and generated by a token. Consequently, hackers have a much harder time accessing personal accounts.
Data Privacy vs Data Security
Data Privacy | Data Security |
Data privacy means being sensitive to personal information based on collected data. | Data security refers to the process of protecting data from unauthorized access and corruption. |
It concentrates on how to meet the standards when collecting, processing, sharing, archiving, and deleting data. | It prevents the exploitation of stolen data. It includes features such as network access, cryptography, and information systems. |
Eg., protected health information, geolocation, and financial transactions | Eg., access control, backup and recovery, and tokenization |
Conclusion
Securing data from malicious attacks has been attracting worldwide attention. In the past few decades, one topic in information security has been grabbing everyone’s attention, data privacy. Its mission is to build awareness and promote proper data collection, privacy, and protection practices.
Additionally, data privacy is crucial since believing that their information is being handled responsibly is essential for people who aspire to exist online. It should not be used for any purposes unless voluntary and explicit consent is obtained from the data subject. The Data Privacy Act protects individuals from unauthorized processing of personal information that is private and not publicly available.