Data Protection
It is all bout information privacy, protection and security.
Protecting corporate data is not an easy task. In fact, each day that passes becomes a massive challenge due to the large volume of data being collected and its importance to business operations.
Privacy
It means being able to choose what you share about yourself with others. There is no right or wrong data to expose. What you choose to share, and with whom, is based on your own privacy concerns. Privacy refers to information: physical, territorial, contact information and individual data.
Data Privacy
It deals with the lawful use of data and information related to an identified or identifiable natural person. Also, ensuring that information is collected fairly and lawfully, being transparent about what data will be collected and its purpose. Keeping track of who can access this information as well as who it may be disclosed to.
About Personal Data
Any data that relates to or that can be used to identify an individual:
- Name
- Address
- Phone Number
- Email Address
- Financial Information
- Government identification
- IP Address
- Geolocation
In short, any information that lets someone know who you are or that relates only to you. Some personal data reveals details that can be used to discriminate or harm individuals. Thus, forming a category of personal special data, sensitive data:
- Health report/exams
- Genetic information
- Biometry
- Religion
- Political affiliations
- Sexual identification
Non-sensitive personal data can become sensitive depending on its context. For instance, email is non-sensitive personal data, but if they are located on a medical waiting list for a transplant, it becomes data sensitive.
Classification of Data
- Public: Advertising materials, press releases and information found in contexts without access restrictions, such as news, blogs, etc.
- Confidential: Data from systems, processes, products, limited knowledge, institutional reports, internal policies, communication-related to institutions internal and external businesses.
- Confidential (Restricted): Operating results, product and business strategies, information related to trading secrets, such as source code etc.
- Confidential (Customer Regulated): Name, email address, physical appearance information and so on.
- Confidential (Consumer Confidential): Racial origin, culture, religion, financial data, government identifiers and the like.
Data Protection
It refers to how data is collected, used, shared and protected by third parties who do not own the information.
A way to implement data protection and reduce identifiably. As the use of only a single personal data may not be enough to identify an individual. It can be, in particular, using methods for removing, hiding or combining data.
When it comes to security factors, you must protect data against loss and theft while maintaining its confidentiality and integrity. Finally, maintaining a layer of authentication and access control to establish data security.
How to Provide Data Security
Use of solutions that provides security against threats and data access controls. Therefore, enabling the success of the business model through a formal process, which investigates violations of pre-established policies and regulations.
Data Protection Practices and Principles
- Maintain transparency, stating what data will be collected through privacy policies.
- Obtain the consent, requesting the user’s acceptance to their information can be collected.
- Performing data minimization, by collecting exclusive what is necessary.
- Define the limitation of the purposes of the collected data. So they are used according to the defined expectation.
- Ensuring data security, ensuring: protection, confidentiality, integrity and availability of the information obtained.
Information Life Cycle
- Delimit which data will be collected
- Determine how the data will be used
- Define how data will be stored
- Choose who will be able to access the data and with whom it can be shared
- Decide when data will be archived and when to renew its availability
Ensure that the data will be properly destroyed
Device Security
Devices are divided into two categories, those with managed systems and those using the self-managed system.
Managed systems are those where individuals are not directly responsible for security, such as workstations and servers. They are constantly updated and make use of antivirus and other software for protection and security.
Self-managed systems are those where individuals are directly responsible for ensuring the security of information. Some examples: personal computers, VM’s and cloud services (except Azure and GCP, for instance, where these already have their own security architecture).
Main Infections and Attacks
Something ubiquitous is the use of Malwares, software developed to harm devices. They can access and collect your information and may even render your device unusable. A well-known strategy is the use of the Phishing tactic to install malware. That tactic usually creates fake ads or websites in order to trick users and collect their data, or use an email to build loopholes or distractions for the purpose of installing a Ransomware that is designed to deny access to a system, hijacking your device for later ransom.
Case
A practical case was the MyDoom virus. It spread through an email and caused almost 40 billion dollars in damages in the early 2000s.
Data protection is a set of strategies and processes that you can use to secure the privacy, availability, and integrity of the information collected. It is sometimes also called data security or information privacy. A data protection strategy is vital for any organization that collects, handles, or stores sensitive data. A successful strategy can help you prevent data loss, theft, or corruption and can help minimize damage caused in the event of a breach or disaster.
I hope this article helps you understand more about Data Protection and its related terms, such as its main concepts of privacy and security.
My Regards.
Felipe Genaro.
