An Overview Into Data Privacy

Albert Balcells

In a world of extreme interconnection and digitization, the modern-day citizen has grown to deeply cherish their privacy. Privacy comes in many different forms, but for the purposes of this article, we examine it from the perspective of data.

What Is Data Privacy?
In the broadest sense, data privacy is the ability for an individual to control the information that is most relevant to them. Typically, this will involve your most sensitive data, such as your social security number, credit card and banking information, email address, salary , etc. But this can also include the data that you submit over the internet.

For example, when you shop at an online store, or fill out a contact form on a website, you are submitting some of your most private information. Most people will want to make sure that data is secure, and that you can modify or delete what you want to be kept private.

Up until now, this was actually a difficult task to accomplish. But with the recent passage of laws includig the GDPR and the CCPA, you now have the right to contact a business and request access to any of your information being stored, processed, and even sent to third parties.

If we choose to have our data stored with an organization, we also now have the right to question as to how it is being used, and even what security protocols are being deployed to protect it. If you feel that your private information is being abused in any way, you also have the right to ask that business to delete your data, with no questions being asked.

If they fail to comply with this for any reason within a reasonable time period, you even have the right to file a lawsuit against them to recover any damages.

The Confusion Between Data Privacy & Data Security
Given that it is such a hot-button topic in our society today, there is very often confusion as to the distinction between Data Security and Data Privacy. In fact, the two terms are often used interchangeably with one another. But there is a key difference between the two:

In a more technical sense, Data Privacy is the set of rules and policies that govern how that data can be accessed. This would typically involve any employee or contractor working for the company, and even any third-party suppliers.

Whereas Data Security is the protocols that are put into place in order to protect your private data. For example, both the CCPA and the GDPR require that all businesses that fall under their provisions must deploy the right controls to safeguard your data from any security breaches or cyberattacks. If they fail to do so, they can come under an extensive audit and possibly face stiff penalties (in some cases, it can even be as high as 4% of gross revenue).

It is important to note that while the two are different in scope, they work hand in hand. Both are necessary to fully ensure that your data will not be leaked, given away, or sold on the Dark Web for malicious purposes.

Sources of Data Privacy Risks
While a company may do its best to protect your data, there’s still a risk. Therefore, it’s important to understand where some of the risks lie:

Holes in Web applications:
Creating a Web based application takes a lot of source code. The bulk of this comes from using open sourced APIs. Because of this, software developers can compile the code quickly, and most times, hand off the final deliverable to the client. But many times, checking for any gaps or vulnerabilities in the code is forgotten about. As a result, there are many backdoors that can be left open, which the cyberattacker can easily penetrate. Today, many companies are aware of this, and are taking steps to make sure that the source code has been checked not just by the developers themselves, but also by other people in the business. A good example of this is what is known as DevSecOps. This is where both the IT security team and the operations team work with the software developers to double and even triple check to make sure the code is as secure as possible.

Data sprawl:
It is always advantageous for a company to collect as much information about you as they can. This way, not only can they offer new products and services which will better fit your needs, but they can also use the data to stay ahead of their competition. But many times, organizations collect too much information about you, and this is referred to as “Data Sprawl.” This can be a dangerous proposition, especially if there is a security breach. Thus, the GDPR and the CCPA now mandate that businesses should only collect the information about you that they absolutely need. As mentioned, you can now always access your data and if you feel that a business has too much, it is your right to request that it’s deleted.

Insecure network protocols:
Whenever you submit your information on the internet, you should make sure that it is over what is known as an HTTPS connection (which stands for Hyper Text Transfer Protocol Secure). If you see the padlock icon in the upper left-hand side of your browser, you are on a secure site. But there are times when companies don’t make these lines of communications secure, thus putting your data privacy at risk. The good news here is that most web browsers today will alert you if a web application is not secure.

Although data privacy is being addressed with recent legislation, ultimately it is up to you to help make sure that your information is secure. It is now more important than ever to fully exercise your rights to know about how your data is being used. If for any reason you feel uncomfortable about it, simply request that it be removed from the databases where it is being stored.

Related Articles

The Benefits of Outsourcing Staffing Services for your IT Business

Maximizing ROI with Strategic Advisory Services