As part of Data Privacy Day, CSIAC is asking community members to participate in discussions on Privacy topics.

This topic is on the basics of privacy: What is it and why does it matter?

Many people have different definitions of what privacy is and why it matters to them. Please reply to this topic to share your definition and why privacy matters to you.

Topic

[jreadeModerator]

Data Privacy to me is focused on the use and governance of personal data such as ensuring that consumers’ personal information is being collected, shared and used in appropriate ways.

Data Privacy is an important topic because most people are connected to the Internet and use it for everything – searching, purchasing, social interactions, etc. However, not too many people realize the great deal of personal information that is being collected and shared when they use the internet. The data can be stored forever and personal information can be used for both beneficial and unwelcome ways. Information that might seem harmless like the items of your last online purchase or the last restaurant you ate at, can be used to determine your socioeconomic status for example.

In the United States, consumer protection laws are weak or non-existent. This means that many companies and organizations have the ability to monitor their users’ personal behavior and sell the data. This means that it is very important that consumers understand the value of their personal data.

[prasanthiParticipant]

Protecting data is a crucial thing in any organization by following ever-changing technology landscape. Data privacy can be a juggling act in multinational organizations when it comes to fulfilling the needs of the organization and complying with local privacy laws. Ultimately, data privacy boils down to protecting the information held by individuals to prevent others from accessing their personal information. So, considering necessary measures to secure data is highly important.

• This reply was modified 5 months, 3 weeks ago by  prasanthi.

[ltuckerParticipant]

I agree, protecting Data is some organizations is one of the most important assets an organization can protect.
If data is compromised in these types of organizations, all 3 risks are compromised, (Legal, reputational, and the loss of performing day to day operations)

Multiple firewalls, with the most updated technology, along with the staff that are trained and proficient with the most current tools is a extremely critical. Also, a robust Incident Response Plan must be in place. This plan must have key players that clearly understand their roles.

This should be outlined in the Business Continuity Plan, which should be tested annually.
The organization must have the buy in from senior management, such as the CISO, CIO)

Lawrence Tucker

• This reply was modified 1 month ago by  ltucker.

[kjoyceParticipant]

Data Privacy also relies on educating people on how they need to protect their personal data. The concern over Snapchat’s Snap Map feature last year raised awareness about social media users sharing too much personal information. Social Media users, especially younger people, don’t always consider the full implications of sharing their location and being cautious about accepting friend requests from people they don’t know very well or not at all.

[jchief39Participant]

I have data privacy expectations as citizen, employee, and individual. As a citizen, my expectation is that my data is protected from “unreasonable search and seizure” under the 4th amendment, so that the government has to provide probably cause before they can begin looking around my digital identity. As an employee of my company, I expect that my data is not shared with other employees, that it is protected from theft through hacking by reasonable measures, and that we have it either segmented on the network or encrypted. As an individual, I need to understand that I have a responsibility to exercise due care in how my personal networks are configured, my behavior on the internet (identifying suspect emails and websites), and that I periodically review my digital identify for signs of theft. The trend in the US is for more access to data by the government, with a lower 4th amendment bar, driven by the events of 9/11 and the proliferation of terrorism world-wide. On a personal note, I have reduced my social media presence – the value I receive is not worth the risk.

[aabbParticipant]

Every data-driven organization’s operation, reputation, and litigation risks depends on data. Prioritizing data based on key business needs and proper access authorization is Data Privacy. It matters because sensitive data has to be protected with more security and encryption for confidentiality and consistency. We should care because without proper data a business might face reputational damage and if the privacy of user’s personal information is breached that can bring litigation risks for the business.

[abenyParticipant]

Data Privacy requires you to identify any location with information in you organization that can identify an individual (internal or customer) such as their email address, name, school, preferences, etc.

As it simple as it sounds, this is often a challenging task. If you fail to identify where this resides, how can you ensure its protection ?

GDPR is a EU regulation that is being enforced starting 5/25. This requires any European individual’s information that may exist by a organization (globally) to ensure its identification, protection and ability to wipe on demand! Imagine all the locations data may reside including places known/uknown, internally, externally, on backups, etc. What a challenging task!

Failure to comply will result in a fine of 4% of total revenue or $20M euros!

[mabisParticipant]

Let me jump in with a positive standpoint towards GDPR: I am German citizen working in Germany related to consultancy around IT security and data protection. GDPR is a major change in paradigm and many organisations are currently struggling with implementing it. Starting from the legislation: hundreds of laws still have to be adjusted to the new regulation and in the government they are missing ressources and skills to get everything done in time. Second the companies: also far from being compliant. Many just recently started their projects and even the once who are already for longer time on their journey they are still missing the one or the other aspect of the new law (complemented by the way through local laws, in the Germany the new BDSG which is specifying points where the GDPR has left intentionally gaps for local authorities and legislation). Nevertheless: the important point is having started the journey.
First time in history IT security becomes obligatory for all organisations in Europe instead of “nice-to-have” in previous times. In relation to the current threat landspace including the exponential growth of IoT-devices I think it is just a starting point to defend against nation-state-actors and cybercriminals.

[bsquareParticipant]

Data Privacy to me means the ability of an individual or an organization to decide what data can be shared with a third party especially, sensitive data about an individual or the organization. Protecting individual information that can be used to identify an individual or that relate directly to an individual. I believe it is better to be save than to be sorry in the sense that as an individual, I have the responsibility to shield myself/information from the public face by limiting the information about me that I personally made known to everyone. E.g. social media. A lot of us get carried away when it comes to social media or the internet as a whole. We post information about us that hackers can easily use to trace of damage one without knowing. The rate at which data is being stolen is really alarming.
Data privacy is really important. As individual/organization, there are lots of things which are at risk when it comes to data privacy, the more knowledge you have about it the better you will protect yourself from the risk involve. Nobody wants to face the repercaution or the consequences of having your private data gets in the hands of a wrong person.

[andy84Participant]

Privacy is a privilege that most people don’t think about it until it’s gone, and these days, once your privacy has been compromised there’s no getting it back. I believe personal privacy in a digital age is something that should be taught in schools and better prepare children with the knowledge that what they are posting or signing up for could have repercussions for them down the road. Things like the GDPR are long overdue and a great wake up call to the industry but doesn’t address personal decisions of how one would like their data to be used and what they are OK with or not. What’s lacking today is a single privacy authority that can help people govern their privacy decisions. The daily bombardment of are you OK with sharing this or allowing this for anything you do online could be governed by an authority that controls the specifics of what someone is OK with sharing.

[kjoyceParticipant]

To emphasize andy84’s point, this statement is right out of the regulation, “The protection of natural persons in relation to the processing of personal data is a FUNDAMENTAL RIGHT.”

[scanchariParticipant]

Hello,
Data privacy matters because information is the most important asset for all companies. So, as any other critical asset needs to be managed and protected. Nowadays, most companies try to get as much customers information as possible, information gives a competitive advantage, however, this leads to a responsibility: Data privacy management.

First of all this is important due to regulations that have been created worldwide; besides, most of the latest hacking attacks have targeted data, and finally because an inadequate management of data could lead to a sued or loss of reputation.

[abatamaParticipant]

Data is a collection of facts or items of information which could include identifying information about an individual or entity. These items of information can be personal, thus very sensitive. Individuals or entities have privacy protection under the law to determine what items they would like others to know about them, which people are permitted to know about them and also determine when those people can access that information.
Data is subject to privacy laws and it is the duty of the individuals/organizations who collects, stores and uses such data. Data privacy is therefore the ability of an individual/organization to determine what data in their system can be shared.
The sensitive data collected must be protected from being accessed by unauthorized entities as that could possibly cause damage to their reputation or hardships, in different ways, to the individuals who loose their privacy of information.
It is very necessary and important to secure such data from criminals who want access to the data by attacking, through various means, the systems, networks and data centers that store such data.

[rssbeauParticipant]

I believe that data privacy is crucial, both at organisational level and at a personal level. I always get worried when I get calls from tele-marketers who I never gave my information to. It means that somewhere along the line some company’s systems were compromised and the end-user information leaked. This is also a security concern to individuals as one never knows where this information lands.
It is thus very crucial for organisations to secure their networks, systems and eventually data from prospective criminals.

[rynaParticipant]

Data Privacy are when individuals and organisations are able to control who can access and their information, data, ideas and intellectual property. With a top down approach, the organisation is responsible to ensure that operationally, employees data and customers information are protected through masked data so that it makes it challenging for hackers to unscramble the encrypted information. There also has to be adequate training for employees to take active steps to keep their information safe (ie locking laptops when leaving the work station, different passwords for different LogIns).

[entropyincreaseParticipant]

To me data privacy is the fundamental right of a person, in an increasingly complex digital world, an individuals data is scattered across multiple organization over multiple countries. In such cases the jurisdiction of said individuals data is worldwide, then comes the question, how is this going to be managed ? from a legal perspective? from an ethical perspective? rules drawn in one country prohibiting the sharing of an individuals data may seem perfectly legal in another country, this represents a modern day dilemma for countries, governments, organizations and individuals alike.

[Author]

Replies