Privacy and why you should be bothered about it?

The next in the list of factors to consider for IT and business synergy is “Privacy”. It is a term that is often misunderstood and categorized together with Security. Although there are some intersections between security and privacy, the two are not synonymous.

Let us start with a definition of “Privacy” – according to Oxford dictionary -privacy is a state in which one is not observed or disturbed by other people. It is a simple enough and easy to understand definition. How does it relate to business and IT. The aspects of privacy that are most relevant to business are information or data privacy.

Data privacy is related to the collection and usage of data in any form, expectation of the affected party, and the laws and regulations surrounding these. As the usage of digital media and devices and internet increases, we are knowingly or unknowingly disseminating a lot of information about ourselves. Some examples are Name, Address, Date of Birth, Credit card information, Interests, Friends, Location etc. A related aspect is the concept of “PII” or Personally Identifiable Information.

“Personally identifiable information” (PII) is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. The abbreviation PII is widely accepted in the US context, but the phrase it abbreviates has four common variants based on personal/personally, and identifiable / identifying. The generic term used outside of the US is more often “personal information”.

The entity that collects information uses it for some purposes, like performing a transaction, and then stores the information. The storage of such information for a specific time period may be required by law in some cases. The collecting entity may use the collected data for purposes like marketing, analysis, data mining and gleaning trends. They may also share the data with third parties, either for profit or otherwise. Such information is very valuable and parties would either like to buy such information or get the information by other legal or illegal means.

The protection of such information is very relevant, specially for certain industries like Healthcare and Financials. Also, how to manage and handle data privacy is very location dependent, e.g. the European Union is very strict about data privacy and its laws are amongst the strictest overall with respect to data privacy. The EU has strict Data Protection Directive and rules regarding transfer of personal data to third countries (countries outside of the EU).

The United States on the other hand has been more lenient towards privacy concerns – but that has been changing recently as well. The US takes a more sectoral approach with certain sectors like the health care that are highly protected with guidelines like HIPAA (Health Insurance Portability and Accountability Act).

The emerging economies are also finding their own path regarding privacy concerns with the growth of internet, digitization and mobile devices. The differing levels of data privacy requirements across different locations increases the challenges of meeting the requirements of concerned parties.

Bottom line is that persons or organisations which collect and manage your personal information must protect it from misuse and must respect certain rights of the data owners ( people whose data has been collected). This is where IT comes into play along with the processes to safeguard the data. There are few key aspects here:

  • PII must be carefully safeguarded
  • PII must be protected at rest and in transit
  • Data must be carefully analyzed and maximum effort must be spent in safeguarding the more critical data like the PII.

Some of the tools and techniques used for protecting Privacy are:

  • Privacy policy communication tools like P3P. Platform for Privacy Preferences Project (P3P) is a protocol allowing websites to declare their intended use of information they collect about web users and is designed to give users more control of their personal information when browsing.
  • Privacy policy enforcement tools like XACML (Extensible Access Control Markup Language), WS-Privacy (Web services Privacy), and Enterprise Privacy Authorization Language (EPAL) are various ways to express and enforce privacy policies.
  • Encryption of data in motion and in storage is very important to keep the data protected end-to-end. The same holds for encryption of emails and other communication.
  • Authentication and Authorization to ensure that data access is only granted to the entities who claim to be who they are and have a need to access that data.
  • Data loss prevention
  • Logging and Audit
  • Privacy enhancing Technologies (PET) like the ones that minimize the collected data, increase anonymity and unlinkability, achieve informed consent.

The above list is by no means exhaustive and other security and governance related tools and processes may be considered as well.

The concept of Data Privacy ( as you can judge from the above information) is quite complex and growing in complexity and importance with the growth of internationalization and digitization.

Share
This entry was posted in Data Management, Security. Bookmark the permalink.

10 Responses to Privacy and why you should be bothered about it?

  1. Hello, I enjoy reading all of your post. I wanted to write a little comment to
    support you.

  2. Hi there, I enjoy reading all of your post. I wanted to write
    a little comment to support you.

  3. Greetings! I’ve been reading your website for some time
    now and finally got the courage to go ahead and give you a
    shout out from Humble Tx! Just wanted to say keep up
    the good job!

  4. I am regular visitor, how are you everybody? This paragraph posted at this site is actually fastidious.

  5. Good day! I just wish to offer you a huge thumbs up for your
    great information you have right here on this post.
    I will be returning to your website for more soon.

  6. Thanks for sharing such a nice idea, article is good, thats why i have
    read it fully

  7. I used to be able to find good advice from your blog articles.

  8. I really like your blog.. very nice colors & theme.

    Did you create this website yourself or did you hire someone to do it for you?
    Plz reply as I’m looking to create my own blog and would like to know
    where u got this from. thanks a lot

  9. An impressive share! I’ve just forwarded this onto a friend who had been doing a little homework on this.
    And he in fact bought me breakfast due to the fact that I found it for
    him… lol. So let me reword this…. Thanks for the meal!!
    But yeah, thanx for spending some time to talk about this subject
    here on your site.

  10. Thank you! I have been working on this for 2 years now and have come close, but never able to finish it. It now looks beautiful, at least until my son wakes up and starts playing with it.

Comments are closed.