This report is being written by Aiman Jan & Shaista Aziz
Introduction
Data privacy is of greater importance in a world with ever-growing mountains of big data. During the earlier times, the consumers used to share their personal information or data via the offline platform where the chances of data privacy risks were minimal, however, with the growing technology, the consumers in this digital age share their vital information on the online platform, be it on social media sites, E-commerce sites and other Apps to perform certain kind of actions.
The concept of data privacy in this modern era is usually applied to critical personal information also known as Personally Identifiable Information. Such information is used for the purpose of identification of any person like the driver’s license number, bank account number, passport number, etc. and Personal Health Information in a medical record used for the identification of any person which was disclosed, created, or used in the course of providing a health care service. Of late with such a sensitive and personal data record, it becomes challenging when it attempts to use the data while protecting an individual’s personally identifiable information and privacy preferences.
Digitization of Services
While the consumers are sharing personal data on online platforms that collect growing amounts of information on the one hand, they have started visualising the danger in such data collection on the other hand. Data privacy has become more important in this digitalized world and those platforms collecting the vital information of an individual should be highly concerned with their data privacy policies.
Data Privacy
Primarily, privacy is the Right of a citizen of being free from public scrutiny or from having one’s personal information shared. Data Privacy is the right of the citizen to have control over how one’s personal information is collected and used. It deals with the practices which ensure that the data so shared by any person must be used for its intended purpose.
Most of the time, Data privacy is confused with Data security and is used interchangeably however, data privacy and data security are, by no means, the same terms.
Like, if you are using a Google Gmail account, your password would be a method of data security, while the way Google uses your data to administer your account would be data privacy.
Data security is a prerequisite to Data privacy therefore it is possible to have healthy security stand without addressing data privacy. However, it is not possible to ensure Data privacy without a solid security stand.
Data Privacy and Data Security
Data Privacy a Real Major Concern
In this age of digitization, personal data influences a lot of our activities. It affects nearly everything including from what content or messages we see on the internet to so many decisions made whether it’s about a job, a license, or a loan and thereby sway almost every aspect of our lives. Since the autonomy and control over our lives are one of the hallmarks of freedom which would be rendered useless if the important decisions about our lives are being made without our participation which might turn out to be one of the reasons which give rise to data privacy concerns.
Various types of personal information that often come under privacy concerns may be listed as follows;
Financial Information
Any financial information which is shared online or offline is sensitive as it can be used maliciously by someone to commit fraud. In 2019, First American Financial Corp. had 885 million records exposed online including bank transactions, social security numbers, and more.
Data about an individual’s financial transaction like the positions held in stocks and funds, outstanding debts, amount of assets, and purchases is usually sensitive. The person concerned could be the victim of identity theft or fraud if the criminals get access to such information. Similarly, data about a person’s purchases can reveal a great lot of information like the medications used, places visited, contacts, activities, or habits. This data may also be used by the corporations for the purpose of targeting the individual concerned with marketing customized towards the personal preferences of those individuals which the person concerned may or may not approve.
Internet Privacy
In the modern era, where most of the information is shared online be it on social networking sites or other Apps, people experience growing concern about privacy challenges. With the use of various search engines and data mining, it has become possible to collect and combine information from a wide variety of sources very easily.
For instance the Aadhaar Data Breach:
In 2018 there was a massive breach In India allowing access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details along with the photographs, thumbprints, retina scans, and other identifying details of nearly 1.1 billion citizens.
One of the most worrisome issues of today’s world is the ability of a third person to control the information one reveals over the internet and who can access that information, whether Email can be read or stored by third parties without consent if websites one visited can collect, store and possibly share the personal information, whether third parties can track the websites that someone visited, etc.
Locational Privacy
Depicting Locational Privacy
Locational data is the most sensitive data being collected by tracking capabilities of mobile devices which have the potential to strip away locational privacy from individuals, making it possible to intrude into the lives of others by consulting location databases. In 2017, McDelivery leak disclosed home addresses and even exact coordinates of 2.2 million users.
By tracking the locational information, potentially sensitive professional and personal information like the presence of a person at an abortion clinic, an AIDS counselor, attendance of a religious place, etc. could be exposed which unfortunately poses a threat to locational privacy.
Medical Privacy
Depicting Medical Privacy
Confidentiality and privacy are essential to all trusting relationships such as that between a doctor and a patient. Patient confidentiality and protection of privacy have always been the basis of the doctor-patient relationship. People usually do not prefer that their medical records be revealed to others because of the fact that it may affect their medical insurance, employment, and that it may bring embarrassment upon them.
Medical privacy may include information relating to physical and sexual activity, genetic data, bodily functions, psychological problems, etc.
In 2018, the healthcare sector saw 15 million patient records compromised in 503 breaches, three times the amount seen in the previous year, according to the Protenus Breach Barometer.
Educational Privacy
In earlier days, photocopies, textbooks, and filmstrips supplied the entire educational content to the students. However, with the advancement of technology and telecommunications, the education system has greatly changed and a new system including personalized content, virtual forms of interaction, and interactive technologies has been introduced.
Though the adopters of these technologies have proved their worth by transforming the educational process however, the use of high-tech education systems has proved to be a double-edged sword. Using information systems like Arcon and portal, tools like Microsoft Office and Google, educational Apps like Edmodo and Dropbox exposes the student data to a number of security and privacy risks. Technologies like information sharing, telecommunication innovations, and web-hosting also expose the information related to students to risks during their use.
In 2020, cybersecurity firm Cybele discovered at least 530,000 zoom accounts listed for sale on a dark web hacker forum for $0.0020 cents.
The data relating to students so exposed or improperly disclosed can cause significant harm to students where students may indulge in violating each other’s privacy like online gossip, cyberbullying, etc. Besides, it can also result in a misunderstanding between schools and parents, alumni, applicants, and others.
Data Privacy Risks
As personal information has become the subject of a digitized world, the risks of cyber attacks have increasingly posed a threat to data privacy. The data privacy risks have the tendency to cause a data breach when a cybercriminal infiltrates a data source and extracts confidential information. While most data breaches occur due to hacking or malware attacks other methods include accidental data sharing, employee data theft, internet fraud, etc.
The most common data breaches occur due to the following risks:
• Accidental Data Sharing
Personal data is usually exposed by cybercriminals however, sometimes the company’s own employees accidentally share and misplace consumer’s sensitive data resulting in the data breach. For example in 2018, hundreds of Australian’s personally identifiable information and health information we’re exposed to the public after an employee accidentally shared some sensitive data with an organizational outsider.
• Employee Data Theft
The data theft by a departing employee is a bigger threat than that of a hacker. It occurs most frequently when an employee leaves or resigns from an organization to work for a competitor or to set up their own rival company. For instance, Levandowski in 2019, stole diagrams and drawings related to simulations, radar technology, and Light Identification Detection and Ranging (LIDAR), source code snippets, PDFs marked as confidential, Videos of test drives, and Marketing information from Google and provided it to Uber.
Most commonly the data theft includes stealing of customer information, financial records, Email list, process document, employees records etc.
• Ransomware
Ransomware attacks have been becoming grave as the years pass by. Ransomware is the form of malware that encrypts the victim’s file. The attacker then demands the victim to restore access to data upon payment. In order to retrieve the basic data hostage and to restore affected data, most of the organizations agree to pay the ransom to the attackers.
As witnessed in 2019, the ransomware attacks have vastly affected sectors like health care, manufacturing, finance, etc. As a response to this many companies has put forth ransomware prevention as a priority in 2020.
• Bad Password Hygiene
Account passwords should be such so that they are difficult to guess and harder to crack. An overwhelming number of passwords may lead to poor password hygiene when there is no technology in place to help.
Reusing and sharing of passwords has remained a common practice in most businesses among the employees resulting in countless data breaches and individual account takeovers.
The incidents leading to poor password hygiene may include selecting passwords that are obvious, selecting the same password for each account, temptation to share passwords with others for convenience, and writing down the passwords for easy recall, etc.
• Phishing Emails
A phishing attack is a cyber attack that uses disguised email as a weapon to lure the victim with an attempt to obtain sensitive information like usernames, passwords, and credit card details. It manipulates the victims into performing certain actions like clicking on a malicious link or willfully disclosing the information.
• Internet Frauds
The main aim of internet fraud usually is to deceive the victim or to otherwise take advantage of them by stealing the information. such information can be used for financial gain by making fraudulent transactions, draining bank accounts, etc. which may result in significant reputational repercussions and increase the risk of class action lawsuits.
one of the oldest internet fraud examples is Nigerian Email scams. Someone from a country (often Nigeria, but not always) contacts you via email in broken English. They explain that a rich person they know has died and the money has nowhere to go; if you can help them get the funds out of the country, they’ll give you some as a reward
The most prominent internet frauds are online shopping frauds, email scams, identity theft, tax scams, lottery frauds, matrimonial frauds, etc.
• Bribery
Bribery mostly results in serious data security concern to those companies whose data and intellectual property is incredibly of high value.
Though bribery is not the most convenient way to perpetuate data, however, the officials of a company can be bribed into revealing the company’s confidential data. In 2018, the employees of Amazon were accused of participating in a bribery scheme that compromises customer data, and a year later it was discovered that AT&T employees received bribes to plant malware on the company’s network.
How important is Data Privacy?
Data is an incredibly important part of a company’s asset, collecting and sharing of data can be a big business in today’s digital world but for a business to safely and successfully take advantage of data they are collecting, they need to have safeguards in place to ensure that data is under tight lock and consumers are not subject to uninvited surveillance.
In this age of digital economy, true company value lies in the collected customer data which is an asset, worthy of being protected. The importance of data protection increases as the amount of data created and stored continues to grow at an unprecedented rate. Any information stored digitally needs to be properly protected right from financial information and payment details to contact information. Data protection is not only a legal necessity but crucial for protecting and maintaining the business also.
Data privacy importance lies in the fact that individuals are able to maintain their autonomy and individuality over how their personal information moves into the economy and society. The right to privacy is the fundamental right of an individual so he is at liberty to protect his data and regulate its use.
Data Privacy Tips:
While the new decade promised an unexplored revolution in the field of Information Technology which has blurred the lines between the real world and the virtual one, it becomes vital for people to be more concerned about their privacy.
Some tips that may help to create a friendly environment for commerce, learning, and communication are listed as follows;
• Use a Safe Search Engine
It’s possible that sometimes a person can be scammed easily by fake engines leading one to fake pages that look like true intended sites. So if one intends to search an online retailer, instead of searching him through the search engine, one should directly visit the secure https:// page or use the App launched by such retailer.
• Use Two Factor Authentication
Two-factor authentication is a higher level of security process than the single factor authentication method in which users provide two different authentication factors to verify themselves. It adds an extra layer of security by making the logins extra secure and difficult for hackers to hack sensitive information. It confirms the identity of a person by using two factors one is the password and the other is the security token or a biometric factor, such as fingerprint or facial scan.
• Anti-Virus Software
The updated Anti-virus software program used to prevent, detect, and remove malware can better protect sensitive data from being hacked. It not only safeguards from malicious files and viruses but also helps to protect personal information.
• Use a Digital Vault
Digital Vault is an online vault that protects the information inside it by securing the data from all major risks over the network. It provides great help in securing all the necessary information like a credit card, social security, driving license, passport numbers, etc.
• Use a Safe Wi-Fi Environment
The public wifi is inherently less secure than that of the personal one because the number of connections is not known. One should always avail of the safest security protocol to avoid data theft or privacy issues while on public wifi. For this purpose, one can use a secure VPN that hides the IP address and encrypts the information over the web.
• Limited Information on Social Media
For the protection of personal data, one should avoid personally identifiable information to be shared on social networking sites which could be later used as answers to security questions. The social media privacy settings should be updated to limit the information collected by different sites and who can see the information.
• Strong Passwords
One should always create strong passwords by making use of capital letters, lowercase, numbers, special characters and change them often. The stronger the password, the more difficult a threat will be.
How much are the Countries Concerned?
In order to address the data privacy issues like data theft, phishing email attacks, ransomware attacks, etc. almost every country around the Globe has enacted data privacy legislation under their municipal laws. These laws govern the rules and regulations for the collection, storage, and use of collected data in a legitimate manner.
Some of the privacy laws around the world are as follows:
1. CCPA
California Consumer Privacy Act / USA
Officially in effect on January 1st, 2020, this legislation demands the companies to inform the user of data processing, take extra measures to protect user information, and allow users a say in what data is collected and how it is shared.
2. CALOPPA
The California Online Privacy Protection Act/ USA.
This Act requires commercial websites to post privacy policies detailing data collection and use on their website.
3. CFAA
Computer Fraud and Abuse Act/US.
The law prohibits accessing the computer without authorization or excess of authorization in order to reduce the instances of malicious hacking.
4. PIPEDA
The personal Information Protection and Electronic Documents Act/Canada.
This Act mandates that businesses using data for, or in the course of, commercial activities, must disclose the purpose of that data collection to the owners of that data, and obtain consent to proceed.
5. LGPD
Lei Geral de Protèçao de dados Pessoais/ Brazil.
LGPD is landmark legislation outlining data processing standards, including the ten legal bases on which the data can be processed. While the law was modeled after the EU GDPR it is notably less strict.
6. PDP
National Directorate of Personal Data Protection/ Argentina.
This law replaced Argentina’s Personal Data Protection Law and it gave users for the first time in Argentina the right to request, the deletion, and transfer of data.
7. GDPR
General Data Protection Regulation/EU.
It sets the strictest and most far-reaching standards for the handling of user data. It is based on the principles of consent, transparency, protection, and user control, and threatens fines as high as 4% of a company’s annual revenue.
8. e-Privacy
e-Privacy Directive and Regulation/ EU.
The ePrivacy Directive is often referred to as cookie law due to its requirement that websites obtain user consent to non-essential cookies before launching those cookies.
9. BBSG
Budesdatenschupzgesetz/Germany.
This Law sets rigid standards under which businesses are required to adopt and maintain protective measures for data stored in IT systems.
10. POPI
Protection Of Personal Information Act/South Africa.
This Law applies to all South African organizations. It sets a standard of accountability for responsible data processing and establishes the requirement of customer consent to direct marketing outreach.
11. Personal Data Protection Bill, 2018(India).
After the Right to Privacy was determined as a Fundamental Human Right in 2017. India’s first Data Privacy Law was quickly created. The legislation sets privacy and data protection standards and notably introduces mandatory annual data audits.
12. Cyber Security Law (china).
China was enacted to increase data protection, data localization, and cybersecurity in the interest of national security.
13. ECPA
Electronic Communications Privacy Act/ US.
It prohibits the third party from disclosing private electronic communication without authorization.
Conclusion
Data privacy has generated the attention of the individuals, sharing sensitive personally identifiable information due to the privacy breach incidents which are increasing as the technology is evolving. The collection, transfer, and dissemination of information which usually takes place via the internet, get exposed to a number of risks. For this reason, it generates the attention of the public, academics, government, and the business class which is valuable for the reason that would encourage concern to be shown to the past and future of privacy protection.
Privacy being a fundamental right is an element of a healthy democratic society and a social property which relates to power, culture, values, social standing, liberty, and dignity among other things.
In order to take the account of data privacy risks, though much legislation has been enacted to address these issues, however, there are still incidents of data privacy intrusions for which the countries need to come up with the effective implementation of those legislations. Since there is an alarming rise of data privacy risks leading to data thefts and data breaches, the Legislations alone won’t count so, it’s high time that the information technology industry and government come together to lay down and regulate the effective means and norms to curb the menace of intrusion of privacy.
References
- https://www.lifelock.com/learn-identity-theft-resources-what-is-data-privacy-and-why-is-it-important.html
- https://teachprivacy.com/10-reasons-privacy-matters/
- https://nordvpn.com/blog/why-is-data-privacy-important/
- https://www.exin.com/data-protection/why-is-data-protection-so-important/
- https://medium.com/@neelachary/the-importance-of-data-privacy-39c6676eeb58
- https://www.tokenex.com/blog/data-privacy-vs-security
- https://www.cleverism.com/lexicon/data-privacy/
- https://www.forbes.com/sites/theyec/2019/10/01/10-data-security-risks-that-could-impact-your-company-in-2020/
- https://www.varonis.com/blog/data-privacy/
- https://en.m.wikipedia.org/wiki/Information_privacy
- https://dataprivacymanager.net/security-vs-privacy/
- https://www.computerweekly.com/opinion/Privacy-concerns-in-the-digital-world
- https://blog.netwrix.com/2019/11/05/data-privacy-trends-issues-and-concerns-for-2020/
- https://blog.netwrix.com/2019/06/25/data-privacy-vs-data-security-what-is-the-real-difference/
- https://www.emotiv.com/glossary/data-privacy/
- https://i-sight.com/resources/a-practical-guide-to-data-privacy-laws-by-country/
- https://www.plurilock.com/answers/password-hygiene-what-does-password-hygiene-mean/