Why do you need to know about Data privacy and security issues?
Table of Contents
What is data privacy?
Did you know that January 28 is celebrated as Data Privacy Day (DPD) worldwide?
This day is observed to sensitize individuals and disseminate privacy practices and principles so that everyone becomes a stakeholder in creating a culture of privacy.
Data privacy guides the distinction between shareable and non-shareable data where third parties are concerned visavis a computer system.
These are also referred to as non-private and private data respectively. It is all about the rights of an entity (individual or corporate) and their personal information, their right to freedom from intrusion, and the right of the entity to be left alone.
At an individual level, this is a crucial idea, guaranteed as a fundamental human right in many developed countries, and a matter of human dignity.
So when we speak of enhancing data privacy, we are protecting the rights and liberties of humanity.
Data privacy and data security are NOT the same
While both are used interchangeably, it is important to see similarities and differences in a nuanced way. These are correlated issues and cannot exist independent of each other.
Data security helps protect personal data from any unauthorized third party access and exploitation of data. It ensures data privacy, accuracy, credibility and integrity and allows data only to authorized parties.
Data privacy looks out for proper usage, collection, retention, deletion and storage of data. Data security deals with policies, methods and means to secure personal data.
As a case in point, while using a Google Gmail account, data security would be ensured by a user’s password while the way Google uses data to administer an account, would be data privacy.
Policies regulating data privacy and security issues
Lawsuits, settlements and penalties for data breaches are forcing governments to introduce stringent regulations around data privacy.
In case of companies, this is directly linked to corporate imagery and protecting the business bottomline – the Ponemon Institute’s Cost of Data Breach Study found that on average, the damage caused by a data breach in the USA was $8 million.
25,575 user accounts were impacted in the average data incident, which means that beyond financial losses, most incidents lead to loss of customer trust and damage to reputation.
Consumers now have extensive rights across EU countries, with the introduction of GDPR, for example. Payment gateways using cards are required to be encrypted for storing private information and private health information (PHI) is being secured across American companies in line with the HIPAA standard.
How do you ensure data privacy and security?
Data Privacy, with its goal of keeping private data confidential, can be enforced through Access Control and Data Protection.
Access Control requires the data requestor to confirm their identity. Data is provided only upon authentication of the same. Data Protection requires methods such as encryption and use of private encryption key so that even if an unauthorized person accesses data, they cannot view, damage or transfer data outside the organization.
Data Security uses same mechanisms but focusses on protection from malicious intents, accidental exposures, phishing and social engineering attacks, insider threats and ransomware among others.
Entities use a combination of methods to deal with the same – data discovery and classification, data masking, data loss prevention, password hygiene and data security audits being some of them.
Raising awareness about data risks, privacy and security
Big data drives business and life.
As devices control our every moment, safeguarding oneself against breaches is imperative.
A vulnerability assessment can help one become aware of possible leakage points and lead to the creation of a cautious and alert mindset.
Private information can be accessed, intercepted, tampered with and shared widely.
Governments and regulatory bodies clearly have their jobs cut out where the creation of laws and policies is concerned.
It is up to all data owners to exercise the next level of self-protection measures and adopt a Zero Trust policy while creating and Oring the most private data on their systems.
Awareness is key.
Lets us take responsibility for learning and updating ourselves about data privacy and security issues. That is the best way to fight the good fight – to uphold an essential premise of human liberty and the fundamental right to freedom and dignity.