What is Data Privacy

What is Data Privacy

How you can Protect your fundamental right "Privacy"

TFSBS- Created to Service Your Privacy Requirements

Privacy laws and regulations are continuously expanding across the world and have made their presence felt in recent times with fines levied for misuse and abuse with regards to Personal Data or Personally Identifiable Information (including Sensitive Personally Identifiable Information). Privacy laws require organizations to have a proactive approach towards privacy and the protection of personal data. As a result, organizations are enhancing and strengthening the way they handle and govern personal data across its lifecycle i.e. collection, use, transfer, retention, destruction for personal data that belongs to customers, employees, vendors and other stakeholders.

Why is data privacy important?

In many jurisdictions, privacy is considered a fundamental human right, and data protection laws exist to guard that right. Data privacy is also important because in order for individuals to be willing to engage online, they have to trust that their personal data will be handled with care. Organizations use data protection practices to demonstrate to their customers and users that they can be trusted with their personal data.

Personal data can be misused in a number of ways if it is not kept private or if people don’t have the ability to control how their information is used:

Criminals can use personal data to defraud or harass users.

Entities may sell personal data to advertisers or other outside parties without user consent, which can result in users receiving unwanted marketing or advertising.

When a person’s activities are tracked and monitored, this may restrict their ability to express themselves freely, especially under repressive governments.

For individuals, any of these outcomes can be harmful. For a business, these outcomes can irreparably harm their reputation, as well as resulting in fines, sanctions, and other legal consequences.

In addition to the real-world implications of privacy infringements, many people and countries hold that privacy has intrinsic value: that privacy is a human right fundamental to a free society, like the right to free speech.

 

TFSBS – Created to Service Your Privacy Requirements

Privacy laws and regulations are continuously expanding across the world and have made their presence felt in recent times with fines levied for misuse and abuse with regards to Personal Data…

DPO as a Service

We understand that many organizations are looking for outsourcing DPOs(Data Protection Officers) as a Service solution since they would like to comply

TFSBS takes a pragmatic approach in assisting organizations understand the applicable privacy regulations and laws and their requirements for protecting personal information or data and in accordance, identify technology partners. We are Authorized Partners with the global organizations that are the leading players in the Privacy Automation Solution

Data Privacy as a Service for Small and Medium Enterprises

  •  Identify applicable local and global law 
  •  Prepare an organizational Privacy framework
  •  Conduct Privacy assessments as per requirements of local and global laws
  •  Provide recommendations to address specific requirements
  •  Provide recommendations for updating the framework as per new laws and amendments
  •  Conduct Data Protection Impact Assessments

 

Privacy Training & Awareness

  •  Conduct trainings for DPO
  •  Conduct trainings for Privacy team
  •  Conduct trainings for leadership
  •  Conduct trainings for certifications
  •  Prepare privacy awareness materials for the organization
  •  Conduct Data Protection Impact Assessments

 

Privacy Automation Solutions (tools and technologies)

  •  Identify the technology partners for privacy and data protection in your organization
  •  Assist in the implementation and roll out of the selected tools and technologies
  •  Train the teams to operate and utilize the functionalities of the tools and technologies
  •  Provide any other assistance as required

 

DPO as a service

  •  Outsource your DPO
  •  Set up your DPO Office
  •  Managed DPO Services

What is Personal Information

Also known as personally identifiable information (PII) or personal data, personal information belongs to a natural, living person. If information relating to an individual acting as an employee, partner, company director or sole trader is individually identifiable, it may as well constitute personal information. According to IAPP, it includes a broad range of information that may relate to, describe, associate with, or could reasonably link with a particular consumer’s identity, preferences, location, activities, directly or indirectly.

Personal information could be as simple as a name and phone number, or as sensitive as criminal convictions and offences data. Sensitive PII comprises of  different walks of life, such as health, finance, education, business, internet activities, including but not limited to email address, date of birth, religion and caste, home and office address; official documents like social security number, driving license number, passport number, PAN, Aadhar number; financial attributes like bank account number, credit or debit card number; personal characteristics like photographic image, handwriting, biometric data, etc.


Power of Personal Information

A Plethora of options unlock with a user’s consent to cookie preferences, allowing a brand to collect, process and share the personal data. Personal information answers vital questions on which contemporary businesses thrive. It is being scooped up, sold, traded, and disclosed by marketers, advertisers, analysts, and investors for a host of purposes ranging from products we need/buy/want to our engagement recency/frequency with a brand, from functional/emotional connectivity with the brand to channels/devices where we engage–and that’s not the end of the rope.

 

According to Interactive Advertising Bureau, American corporations alone expectedly shelled out $19 billion this year acquiring and assessing personal data that consumers mostly remain opaque about. The privacy risks associated with vast streams of data rooted in personal experience, identity, and specific context that fuel the digital economy are still not being compensated fairly.

 

Understanding the risks associated with companies reaping billions of dollars at the expense of users’ data, policymakers and researchers worldwide have proposed granular market designs to balance the current uneven data mechanism. Some ideas have been enacted into nation-level data protection regulations such as GDPR, CCPA, PDPB, etc.

 

International Privacy Standards

The Universal Declaration of Human Rights y United Nations is a milestone that provides every human being  with the right to privacy. However, the interpretation of these rights varies globally and are not always harmonious.  It was proclaimed by the United Nations General Assembly in Paris on 10th December 1948.

All 21 member economies of Asia-Pacific Economic Cooperation (APEC) since 2004 have agreed upon a treaty that underpins nine Privacy Principles governing information privacy and cross-border data transfer.

The Council of Europe adopted the Convention for the Protection of Individuals with Regards to Automatic Processing of Personal Data in 1981 and morphed its internet version in 1998 with the publication of “Draft Guidelines for the protection of individuals with regard to the collection and processing of personal data on the information highway, which may be incorporated in or annexed by Code of Conduct.”

In the European Union, the Data Protection Directives of 1995 has been substituted by General Data Protection Regulation since 2018, which is influenced by European Convention on Human Rights.

The USA has enacted its data privacy legislation meeting the specifics of a particular industry or section of the population. For example, the Children’s Online Privacy Protection Act (COPPA) entrusts parents to govern their kids’ information privacy; Electronic Communications Privacy Act (ECPA) extends government restrictions on the wire, oral and electronic communications; Gramm-Leach-Bliley Act mandates financial institutions to explain their information-sharing practices to their consumers, etc. The USA has no federal law on Privacy.  However, till recently various states are coming up with their own version of Privacy Laws e.g California Consumer Privacy Act and CPRA 2020, Washington Privacy Act etc.

In 2013, the United Nations General Assembly adopted resolution 68/167 on the right to privacy in the digital age for the United Nations (UN).

What are Fair Information Practices?

Many of the existing data protection laws are based on foundational privacy principles and practices, such as those laid out in the Fair Information Practices. The Fair Information Practices are a set of guidelines for data collection and usage. These guidelines were first proposed by an advisory committee to the U.S. Department of Health, Education, and Welfare in 1973. They were later adopted by the international Organization for Economic Cooperation and Development (OECD) in its Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

 

The Fair Information Practices are:

 

Collection limitation: There should be limits to how much personal data can be collected

Data quality: Personal data, when collected, should be accurate and related to the purpose it is being used for

Purpose specification: The use for personal data should be specified

Use limitation: Data should not be used for purposes other than what was specified

Security safeguards: Data should be kept secure

Openness: Personal data collection and usage should not be kept secret from individuals

Individual participation: Individuals have a number of rights, including the right to know who has their personal data, to have their data communicated to them, to know why a request for their data is denied, and to have their personal data corrected or erased

Accountability: Anyone who collects data should be held accountable for implementing these principles


What are some of the challenges users face when protecting their online privacy?

Online tracking: User behavior is regularly tracked online. Cookies often record a user’s activities, and while most countries require websites to alert users of cookie usage, users may not be aware of to what degree cookies are recording their activities.

Losing control of data: With so many online services in common use, individuals may not be aware of how their data is being shared beyond the websites with which they interact online, and they may not have a say over what happens to their data.

Lack of transparency: To use web applications, users often have to provide personal data like their name, email, phone number, or location; meanwhile, the privacy policies associated with those applications may be dense and difficult to understand.

Social media: It is easier than ever to find someone online using social media platforms, and social media posts may reveal more personal information than users realize. In addition, social media platforms often collect more data than users are aware of.

Cyber crime: Many attackers try to steal user data in order to commit fraud, compromise secure systems, or sell it on underground markets to parties who will use the data for malicious purposes. Some attackers use phishing attacks to try to trick users into revealing personal information; others attempt to compromise companies’ internal systems that contain personal data.

 
What are some of the challenges businesses face when protecting user privacy?

Communication: Organizations sometimes struggle to communicate clearly to their users what personal data they are collecting and how they use it.

Cyber crime: Attackers target both individual users and organizations that collect and store data about those users. In addition, as more aspects of a business become Internet-connected, the attack surface increases.

Data breaches: A data breach can lead to a massive violation of user privacy if personal details are leaked, and attackers continue to refine the techniques they use to cause these breaches.

Insider threats: Internal employees or contractors might inappropriately access data if it is not adequately protected.

 

What are some of the most important technologies for data privacy?

Encryption is a way to conceal information by scrambling it so that it appears to be random data. Only parties with the encryption key can unscramble the information.

Access control ensures that only authorized parties access systems and data. Access control can be combined with data loss prevention (DLP) to stop sensitive data from leaving the network.

Two-factor authentication is one of the most important technologies for regular users, as it makes it far harder for attackers to gain unauthorized access to personal accounts.

These are just some of the technologies available today that can protect user privacy and keep data more secure. However, technology alone is not sufficient to protect data privacy.

Search Objects

Popular Tags