Data Protection and Privacy

What is data protection?

Data protection is the process of safeguarding important information from corruption, compromise or loss.

The term data protection is used to describe both the operational backup of data and business continuity/disaster recovery.

Data protection strategies are evolving along two lines:

Data availability: ensures users have the data they need to conduct business even if the data is damaged or lost.

Data management: including data lifecycle management, which is the process of automating the movement of critical data to online and offline storage, and information lifecycle management, a comprehensive strategy for valuing, cataloging and protecting information assets from application and user errors, malware and virus attacks, machine failure, or facility outages and disruptions

What is privacy?

  • Privacy may be defined as the claim of individuals, groups or institutions to determine when, how and to what extent information about them is communicated to others (Westin AF, Privacy and Freedom New York: Atheneum, 1967, page 7).
  • It is the individual’s right to control the circulation of information relating to them

What is personal data?

  • Personal data is any information that relates to an identified or identifiable living individual.
  • Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.

Example of personal data

a name and surname;

a home address;

an email address such as name.surname@company.com;

an identification card number;

an Internet Protocol (IP) address;

data held by a hospital or doctor, which could be a symbol that uniquely identifies a person.

Example of data not considered as personal data

a company registration number;

an email address such as info@company.com;

anonymized data.

Issues on data protection and privacy

Internet

  • Share personal information on internet
  • Emails being read by third party

Financial

  • Information about assets, transaction, position in stock are being shared with other department
  • Can cause criminals to access account or credit card number
  • be victim of identity theft.

Medical

  • Some patients does not want their medical records to be reveal to anyone.
  • Thus, should protect patient’s dignity so that they will feel free to reveal complete and accurate information about them

Data protection principles

General principle
-Personal data cannot be processed without owner’s permission

Notice & choice principle
-Data user must inform owner if their data is processed or collected
allow owner to have the right to access the data. What is processed and data collection purposes should also be stated.

Disclosure principle
-No data are allowed to be revealed without owner’s permission

Retention principle
-Any data processed should not be kept longer that necessary

Data integrity principle
-Data user must be responsible in ensuring the data used is accurate and up to date

Access principle
-The data owner should be given access to their personal data and allow them to correct the data if it is incorrect

Security principle
-Data user must protect the data

As the data owner, we have the right to:

Be informed when our data is used

Access our data

Correct the data

Prevent processing if it can cause damage

Prevent processing if it is for direct marketing

Withdraw permit

Preventive measures in data protection and privacy

Develop a private policy
-Determine the types of information that should be described as private or personal
-Determine the levels of confidentiality
-Define the purposes of the information being collected
-Describe the procedures of collecting the information

Use licensed and authentic software
-Ensure high quality to prevent failure in future
-The cost is usually high, but worthwhile

Use standard and reliable data storage media
-Provide comprehensive backup and recovery scheme as safety precaution when bad situation occur

Preventive measures in data protection and privacy

Centralize data storage
-Reduces the problems of information loss or theft
-Centralized data is secured by multiple layers of firewalls and intrusion detection system

Apply parallel run strategy
-A method to transfer data from the old system to a target system
-Both system would run concurrently until the requirement for the new system is met
-Minimizes system failure and therefore maximize data availability and accessibility

Hire the White Hat Hacker
-Able to detect loop holes in the security system and fix the problem
-It would be favorable for large companies

Communities should be enriched with the code of ethics
-No unnecessary private information must be gathered
-Any personal or private information that is collected for some purposes, like for business matter, and no longer needed, it must be destroyed
-A person’s information must be handled with the necessary confidentiality