What is Data Privacy ?- How do you keep your Online Data Safe

What is Data Privacy?

Data privacy, also called information privacy, is an aspect of data protection that addresses the proper storage, access, retention, immutability and security of sensitive data.

Data privacy is typically associated with the proper handling of personal data or personally identifiable information (PII), such as names, addresses, Social Security numbers and credit card numbers. However, the idea also extends to other valuable or confidential data, including financial data, intellectual property and personal health information. Vertical industry guidelines often govern data privacy and data protection initiatives, as well as regulatory requirements of various governing bodies and jurisdictions.

Data privacy is not a single concept or approach. Instead, it’s a discipline involving rules, practices, guidelines and tools to help organizations establish and maintain required levels of privacy compliance. Data privacy is generally composed of the following six elements:

Legal framework: Prevailing legislation enacted and applied to data issues, such as data privacy laws.

Policies:
Established business rules and policies to protect employees and user data privacy.

Practices: Best-practices put in place to guide IT infrastructure, data privacy and protection.

Third-party associations: Any third-party organizations, such as cloud service providers, that interact with data.

Data governance: Standards and practices used to store, secure, retain and access data.

Global requirements: Any differences or variations of data privacy and compliance requirements among legal jurisdictions around the world such as the U.S. and European Union (EU).

Data privacy is a subset of the broader data protection concept. It includes traditional data protection — such as data backups and disaster recovery considerations — and data security. The goal of data protection is to ensure the continued privacy and security of sensitive business data while maintaining the availability, consistency, and immutability of that data.

What is Body Language? : What are the types and kinds of Body language?

Data privacy legislations in 2020 and trends to watch out for in 2021

What is Data Security?

Data security, as opposed to data privacy, is concerned with safeguarding data from the numerous internal and external risks that it may face. However, just putting these protections in place frequently does not entirely meet data privacy concerns and legislation. Data security policies and processes help reduce cyberthreats and unintentional abuse.

Data security includes all of the real measures a company takes to safeguard digital data, including endpoints, networks, and perimeter security.

Data Security methods practices and processes can include:

  • Activity monitoring
  • Network security
  • Access control
  • Breach response
  • Encryption
  • Multi-factor authentication

What’s the Difference Between Data Privacy and Data Security?

Data privacy and data security are closely related terms, but they aren’t interchangeable. While privacy issues can be addressed without first implementing appropriate security procedures, security controls can be satisfied without also satisfying privacy considerations. In other words, security is the method or application for restricting access, whereas privacy restricts access. In other words, privacy protects identity and security protects data.

Data privacy focuses on issues related to collecting, storing and retaining data, as well as data transfers within applicable regulations and laws, such as GDPR and HIPAA.

Data security is the protection of data against unauthorized access, loss or corruption throughout the data lifecycle. Data security can involve processes and practices, along with a variety of tools such as encryption, hashing and tokenization to guard data at rest and in motion.
Data privacy is a subset of data security. That is, data privacy can’t exist without data security.

Data Protection Best Practices

There are different data protection management practices. Some of the most commonly used include:

  • Data Loss Prevention (DLP): A set of tools and processes used to secure data from theft, loss, misuse, deletion, or other illegal or inappropriate forms of contact
  • Firewalls: Tools used for monitoring and filtering the network traffic to ensure data is transferred or accessed only by authorized users
  • Encryption: Altering the content of data based on an algorithm that can be reversed only with the right encryption password or key.
    Encryption protects data even if it gets stolen, since the data would be unreadable.
  • Data Erasure: Deleting data that is no longer needed or relevant
    This is also a requirement of the GDPR.
  • Data Resiliency: Building resiliency systems within the software and hardware of an organization’s system to ensure security in case of natural disasters or power outages
  • Data BackupsA plan to securely back up data in case of failure or breach
    Such backup plans may include a separate physical disk or cloud.

What Are Data Protection Regulations?

Data protection regulations govern how certain data types are collected, transmitted, and used. Personal data includes various types of information, including names, photos, email addresses, bank account details, IP addresses of personal computers, and biometric data.

Common Data Protection Regulation

Below are common data privacy laws;

  1. GDPR
  2. CCPA
  3. HIPAA
  4. SOX
  5. APPI
  6. DCIA
  7. LGPD
  8. PDP
  9. DIFC

General Data Protection Regulation (GDPR)

GDPR is an EU-drafted law that became effective on May 25, 2018, and it places strict privacy and security requirements for anyone who collects data from customers situated in Europe.

Many people believe that GDPR was the first data privacy law ever. Although privacy laws have been around for a long time, the GDPR was the first law to start holding companies responsible for data breaches and hacking problems brought on by improper use of third-party applications and unsecured communication methods.

California Consumer Privacy Act (CCPA)

The benchmark United States law governing how businesses are permitted to process the personal data of California residents and their families is known as the California Consumer Privacy Act (CCPA). It lists which data is protected and specifies the conditions for protecting that data, similar to the GDPR. This law applies to all businesses that deal with Californians’ personal data.

CCPA deals with user privacy standards when it comes to California-based customers or potential customers. CCPA extends the outdated California Online Privacy Protection Act from 2004 and aims at giving users more control of their information. The regulation requires businesses to add an opt-out option to avoid user data collection as well as integrate parental consent for minors below 13.

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a set of regulations that apply to any healthcare facility in the US. The goal of HIPAA is to safeguard and protect private health information. The regulations deal with the upkeep of medical records and transactions as well as the restrictions for the dissemination of protected health information (PHI). The major objective is to deliver the highest standard of treatment while protecting patient information.

Sarbanes–Oxley Act of 2002 (SOX)

The SOX law incorporates a set of regulations that are aimed at protecting investors from potential fraudulent accounting. The act is directed at corporations and forces them to disclose financial reports in order to prevent fraudulent accounting. Passed all the way back in in 2002, SOX was trying to rehabilitate public trust in corporations by imposing high penalties on violators.

Act on the Protection of Personal Information (APPI) 

In a nutshell, the Act on the Protection of Personal Information is the Japanese equivalent of GDPR and enforces strict data security rules for any person or business that handles the personal data of Japanese residents. Handling in the APPI has a very broad meaning: collecting, storing, using, and exchanging data. This act was enacted in June 2020 and will be revised every three years from now on.

Digital Charter Implementation Act (DCIA)

DCIA is the Canadian version of GDPR law. One of the most important parts of DCIA is the Consumer Privacy Protection Act (CPPA) that regulates the collection, usage, or disclosure of personal information. This privacy law was introduced in the Canadian Parliament in November 2020 and is seen as a major overhaul of the old Personal Information Protection and Electronic Documents Act (PIPEDA).

Law for the Protection of Personal Data (Brazil)

Brazil now has a population of over 200 million residents. It’s only natural that data privacy is taking center stage. Law for the Protection of Personal Data or LGPD (from Portuguese: Lei Geral de Proteção de Dados Pessoais) regulates personal information collection and usage in Brazil. Every company that obtains information about Brazilian citizens has to comply with LGPD to avoid huge penalties.

Privacy and Data Protection (PDP) 

The privacy law that has been enforced in 2019 in India is called the Personal Data Protection Bill. Due to the significant population size of India, the data privacy laws of this country might influence a large number of businesses outside India. Being a big player in the tech world, Indian law might reshape global policy. This replaces the Information Technology Act from the year 2000.

Dubai International Financial Centre (DIFC) Data Protection Law 

DIFC Data Protection Law has been put in effect mainly to satisfy the European Commission and the UK to enable the smoother transfer of personal data to the DIFC. These laws were introduced in 2020 dus to the rapid digitization of the leading Gulf states and exponential rise in business with Europe. This newly introduced privacy law also resembles the GDPR, albeit with a few exceptions.

Data Privacy Day: Data Protection Lessons from the 2010s

Why is Data Privacy Important?

Bad things can occur when confidential information falls into the wrong hands. For instance, a government agency’s data leak might provide a hostile state access to top secret information. A corporate hack might provide a rival access to confidential information. In the event of a security breach at a school, thieves might gain access to student PII and steal their identities. PHI might get up in the hands of someone who would use it improperly due to a breach at a hospital or doctor’s office.

Data privacy enables the restriction of access to sensitive information to authorized parties. It shields data from malicious use by thieves and aids in making sure enterprises abide by legal standards.

How do you keep your Online Data Safe

Tips to protect data privacy

There are countless guidelines and tips that can apply to data privacy. For individuals, data privacy can be reinforced with safeguards and actions such as the following:

  1. Select strong passwords and change them frequently.Here are some tips for creating strong passwords:
    • Never reuse old passwords.
    • Make it longer than ten characters.
    • Use a combination of uppercase and lowercase letters, numbers, and memorable characters.
  2. Use multifactor authentication (MFA) or biometric identification for important accounts.
  3. Don’t click links and buttons within emails.
  4. Avoid providing Pin that’s unnecessary or not required.
  5. Use malware tools and keep those tools updated and use only trusted apps and websites.
  6. Secure Your Wireless Networks
  7. Be Cautious About Public Wi-Fi
  8. Use a VPN whenever you want to connect to public wifi/ untrusted Networks.
  9. Update Your Operating System
  10. Backup Your Data

Leave a Reply

%d bloggers like this: