To Begin with, let us all know the basis question: “What a Protected Data really means?”
Protected data, sometimes called as Personally Identifiable Information (or PII), is a term for information about a person that can be used to facilitate identity theft and other criminal acts. To make it more defined and to know how much protection different types of data require, the CSU has developed a 3-tier classification system:
- Level 1: In which, confidential information governed by existing laws, such as Social Security numbers and their associated names, credit card numbers with cardholder names, or medical records for a specific individual.
- Level 2: In this level, information for internal use that must be protected for ethical or privacy reasons, such as student grades, courses taken, or disciplinary records.
- Level 3: And lastly, general information such as a person's title, email address, or other published information that exists in the public domain.
This is the main reason why all employees in an organisation with access to protected data must change their passwords more frequently than others.
And now coming on to our main term here “Data Privacy”, (also known as or Information Privacy or Data Protection), is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, legal and political issues surrounding them.
Privacy comes in place, wherever personally identifiable information or other sensitive information is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. Data privacy issues may arise in response to information from a wide range of sources. Data Privacy mainly governs how a data is being collected, shared or used. Consider data that you consider to be solidly secured: it’s encrypted, access to it is restricted, and multiple overlapping monitoring systems are in place. In all meaningful senses of the word, the data is secure.
However, if that data was collected without proper consent that is a violation of data privacy and distinct from the actual security surrounding the data. It revolves around making sure that that data is used in the correct manner.
Since data privacy is such a prevalent issue, many government organizations and corporations spend millions of dollars each year to help protect their data—which could include your PII—from exposure. The average consumer probably doesn’t have that kind of money to spend. But there are inexpensive steps you can take to help protect your data. We can follow these Five simple tips to help protect our personal data:
- If you are at home network, use a mail slot or locking mailbox, so that thieves can’t steal your mail.
- Secondly, before discarding, shred documents, including receipts and bank and credit card statements, that contain personal information.
- Make sure to secure your home Wi-Fi network and other devices so that criminals can’t “eavesdrop” on your online activity.
- Don’t automatically provide your Social Security number just because someone asks for it. Determine if they really need it and, if so, ask how they’ll help protect it.
-And last but not the least, use strong, unique passwords for all of your online accounts.
If we are talking about Data Privacy here, it's important for us to know about the term GDPR and how it came into picture....
General Data Protection Regulation over the past few years. Commonly referred to as the GDPR, this is the latest privacy and data protection legislation of the European Union (EU). The GDPR was adopted by the European Parliament and the Council on the 27th of April 2016 and comes into force on the 25th of May 2018.Big corporations processing personal data as a core component of their business model – like Facebook and Google, take it very seriously of course, creating new tools and dedicated websites explaining how they comply. However, the GDPR has implications for all companies no matter their size. A lot of smaller companies don't even realise they are impacted, which is a dangerous situation to be in, because they could be subject to substantial or even crippling fines. So it is very important that you change your privacy policies and ensure that you are GDPR compliant.
Even the Governments also have a security interest in ensuring the protection of personal data. So the question arisies “Why do we need data protection laws in today's world?
Basically, there are 2 main reasons that governments should pursue comprehensive data protection frameworks:
1. Laws need to be updated to address today’s reality. Ever since the internet was created, people have been sharing more and more of their personal information online. In many countries, privacy rules exist and remain important to help protect people’s information and human rights, but they are not adapted to suit the challenges of today’s connected world.
2. Corporate co- and self-regulation is not working to protect our data. Around the world, companies and other entities that collect people’s data have long advocated for regulation of privacy and data protection not through binding frameworks but rather through self- or co-regulation mechanisms that offer them greater flexibility. However, despite several attempts, we have yet to see examples of non-binding regimes that are positive for users’ rights (or, indeed, for business as a whole).
To summarize, even all of us are responsible to achieve Data Privacy Standards, if you are a lawmaker or a citizen contributing to domestic discourse on data protection, please have a look at our guidelines to make sure you are equipped with the right tools for the creation of a positive framework protecting users’ data and information.
Together, we can all build strong and concrete safeguards for the right to protection of personal data."
Authored By - Raminder Kaur
TCS Cyber Security Community