Data Protection

7 Easy ways to protect your cashless economy from the hackers

7 Easy ways to protect your cashless economy from the hackers
A couple of days back in cyclone affected Chennai, people were struggling to get cash for their basic needs and I was one among them. It was quite interesting to see IT professionals, students, working class, labors, and daily wagers were standing in a long queue to withdraw their cash from ATMs and few lucky folks purchased daily groceries using credit/debit cards. This made me confound to see digital transactions has become prominent among people. At the same time, few questions aroused in my mind :
  • Is there are security measures to be taken for the digital transactions? 
  • How cyber-threats affects the digital transaction?
  • Are we ready to travel the digital transactions world?

European Union ÔÇô General Data Protection Regulation

European Union ÔÇô General Data Protection Regulation

The GDPR is a Data Protection Regulation (EU 2016/679) adopted by European Union on 2016 and comes in to effect by 2018. The existing Data Protection directive (95/46/EU) will be replaced by GDPR on 2018.

The GDPR focuses on Individuals Data Privacy Protection within and outside European Union and plans to unify the regulation between all Member States. So, the same regulation will be applied across the member states which provides the ease of binding actions during the Investigations & Sanctions. A Supervisor Authority (SA) is appointed for each member state to handle the Investigations on complaints and Administrative Offences. The SA’s are given power to impose administrative fines.

General Data Protection Regulation (GDPR) - Strengthen and Unifies the Data Protection Laws

Gist in General Data Protection Regulation (GDPR)

General Data Protection Regulation is a regulation by which European Union (EU) strengthens and unifies the data protection laws for states within it.

Scope: The regulation applies to all organizations using information about European citizen. The law also applies to organizations that are outside the EU region, but still processes/accesses information of the European citizens.

Timeline: This rule has been formally adopted on April 2016 and will come into effect after a transition period of 2 years, i.e. 2018.

Below are some of the key points about the rules:

Perspective ÔÇô General Data Protection Regulation

Perspective ÔÇô General Data Protection Regulation
The last week had been very happening with respect to data privacy in Europe. The EU`s General Data Protection Regulation on the one hand provides sufficient confidence to EU citizens on how their data is used, processed and protected but on the other hand puts organization think tank at a job to assess the controls in place to comply with new regulation. The CIOs and CISOs will have challenging job at their disposal to ensure compliance in order to avoid financial penalties and reputational damage. This will not only require different security controls to put in place but also a holistic approach to ensure that organization understand the personal data and classifies them accordingly to put stricter control in place. The process below will help organization start thinking on this perspective:

Dictation - that may put you in jeopardy

Dictation - that may put you in jeopardy

Most of us are aware of the use of the applications that offers voice dictation feature. If we talk to the IOS or Android application that has the dictation feature, it will convert your voice/words to text. This will help us to create larger documents without awkwardly typing out the words on the on-display keyboard. We can talk to the application while driving. My friend who writes stories used to tell me that, all good imaginations or ideas come to him while driving. So he uses an application to talk while driving and the application converts his voice to text and later he posts those in his blog. One time when he was travelling towards a hill station, my friend had a tough time, even though good sceneries had given him lot of threads for writing stories, but he was not able type those because mobile network/internet coverage was not available over there for the voice dictation software he was using.  :-)

POPIA SA - Protection of Personal Information Act: Republic of South Africa

Protection of Personal Information act has been signed into South African law in November 2013 and has been subsequently enforced. The proposed comprehensive information security law regulates the collection and storage of customer data by business organizations and mandates data protection measures to be taken up.

The main objective of the data protection directive has been to exercise everyone’s right to privacy as per the law, strike right balance with other mandates like right to information and control the free flow of the information.

The conditions and provisions for the lawful processing of the personal information by the business organizations have been encompassed into:

Data collection, usage & retention: resultant risks

Enterprises have been struggling to decide on a question related to customer data for too long which is “how much data to collect, how best to use it and how long or how much to retain in view of privacy and security concerns”.  This dilemma continues in their efforts to comply with various regulations, Customers’ reasonable expectations and Internet of things or for that matter in every business decision.
One possible example of inappropriate usage of key customer data could be collection of PAN numbers by Indian Railways. This critical information (PAN) is publicly displayed on Reservation charts which could be a clear violation of reasonable privacy practices. Another example could be that of credit rating or credit reporting and permissible uses of customer credit report information under certain circumstances.  

Subscribe to RSS - Data Protection