...Data Privacy G.Maruthi What is data privacy? • Protection of personal data • Why do we need protect personal data? – The need to control personal data • • • • Fear of misuse Identity Theft Cases of Fraud Other form of cyber crimes What is Personal Information? • According to the European Directive on Data Protection – Article 2: “Personal Data shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified , directly or indirectly, in particular, by reference to an identification number or to one or more factors specific to his physical, physiological, mental economic , cultural or social identity” – Article 8: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, data concerning health How collected? • Some examples: – Registering with email service – Online shopping – Online bill payment – Social networking – Online gaming Recent Incidents • The Vodafone Germany case (12 September 2013, BBC News): – Personal information of customers stolen by hackers – Affected – Two million – What kind of information? • • • • Names Addresses Bank Account Numbers and Birth Dates Recent Incidents • Adobe Data Stolen(4 October, 2013, BBC News): – Personal information stolen – About 2.9 million customers affected – Nature of information stolen • Encrypted customer passwords • Other private information ...
Words: 1053 - Pages: 5
...Bessie Napper IT 547 OL Data Privacy Trends April 28, 2016 Abstract: The purpose of this paper is a reflection on Data Privacy Trends of 2015. This paper will summarize my opinion on the talk about what matters most in data privacy. It will show how the panel has laid out a compelling discussion about the issues facing data privacy. Churchill Data Privacy Trends 2015 presented on what matters most in data privacy. They talked about the ever-growing demand for big data. How increasingly effective “bad actors,” leading to the worst year on record for data breaches. That privacy practices was designed only to deal with compliance or breach response. The conflicting global privacy laws and a growing concern among consumers about whose doing what with their data. Businesses are very aware of how consumers are increasingly aware of the risks and options as their personal data has effectively become a form of currency. As an example, telemarketers are always selling your information to other telemarketers in ways of contacting you in order to get you to buy things from them. As we live and breathe privacy all day we want to feel safe that we are not being violated whenever we go online and open a web page or email attachment. So by choosing the encrypted form of email is one way they talked about helping with privacy issues. With privacy and security one of the things they talked about is understanding where the risks are and how you can alter your behavior. This to me would mean...
Words: 621 - Pages: 3
...Develop market research plan Assessment objective: Establish guidelines for researching and gathering information and work with the staff to gather and evaluate the data. Written organizational guidelines for conducting research OHS: Compliance with legislation. Ensure safety of customers, contractors and staff at all the times. The enjoyment of these standards at the highest levels is a basic human right that should be accessible by each and every worker. Regardless of the nature of their work, workers should be able to carry out their responsibilities in a safe and secure working environment, free from hazards. These rights are set out in legislation to ensure that employers are clear about the obligations and the consequences for neglecting them. Data privacy: the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them. To keep safe all recorded interviews, audio tapes, video recordings and group interviews. Privacy concerns exist wherever personally identifiable information or other sensitive information is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. Data privacy issues can arise in response to information from a wide range of sources, Staff involvement: The direct participation of staff to help an organization fulfill its...
Words: 716 - Pages: 3
...Data Classification and Privacy: A foundation for compliance Brian Markham, CISA University of Maryland at College Park Office of Information Technology Goals for today: Give you a solid understanding of both Data Classification and Data Privacy with respect to compliance; Link data classification and privacy to ongoing compliance issues; Discuss various best practices, methodologies, and approaches that you can take with you; Do my best to answer any questions you may have on audit related issues regarding these topics. So...who am I? IT Compliance Specialist @ the Office of Information Technology at UMCP Responsible for audit and compliance initiatives within OIT Formerly employed by KPMG LLP and Grant Thornton LLP as an IS Auditor Have worked with many federal, state, and local governments as well as public companies, hospitals, and not-for-profits. Why do we want to be in compliance? No one likes audit findings; Reduces organizational risk; Processes based on best practice and widely adopted standards are more effective than ad-hoc processes; Systems and data are more secure as a result of good internal control practices. What is Data Privacy? Data Privacy - the relationship between technology and the legal right to, or public expectation of privacy in the collection and sharing of data. The U.S. has trailed the E.U. and other countries in data privacy regulations and legislation; Passed Legislation: HIPAA, Gramm-Leach-Bliley, COPPA; Proposed Legislation: Data...
Words: 1305 - Pages: 6
...2015 International Compendium of Data Privacy Laws COUNTRY BY REGION Australia Australia................................................................................................................................. 6 Central Asia China (People’s Republic) .................................................................................................. 37 Hong Kong........................................................................................................................... 78 India..................................................................................................................................... 88 Japan................................................................................................................................. 106 South Korea....................................................................................................................... 149 Taiwan ............................................................................................................................... 157 Central America Bahamas ............................................................................................................................. 16 Costa Rica ........................................................................................................................... 43 Trinidad and Tobago.......................................................................................................... 160 Europe Austria .............
Words: 64291 - Pages: 258
...Accountability in Managing and Protecting Users’ Data October 2010 This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. You may not modify this document without written consent from Microsoft. Microsoft Corp. • One Microsoft Way • Redmond, WA 98052-6399 • USA All rights reserved. Contents The Evolution of Privacy Models in Computing .................................................................................... 1 The Principles of Accountability ......................................................................................................... 2 The Use–and-Obligations Model ........................................................................................................ 3 A Privacy Governance Framework ...................................................................................................... 4 Conclusion....................................................................................................................................... 5 1 The Role and Importance of Organizational Accountability in Managing and Protecting Users’ Data The Evolution of Privacy Models in Computing Since the early 1970s...
Words: 2353 - Pages: 10
...proposals include the following: Acts Limitation Act 1980 Data Protection Act 1998 Freedom of Information Act 2000 The Regulation of Investigatory Powers Act 2000 Anti-Terrorism, Crime and Security Act 2001 Statutory instruments Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) The Regulation of Investigatory Powers (Acquisition and Disclosure of Communications Data: Code of Practice) Order 2007 (SI 2007/2197) The Data Retention (EC Directive) Regulations 2009 (SI 2009/859) Directives Data Protection Directive 95/46/EC Privacy and electronic communications Directive 2002/58/EC Further special provisions may arise affecting the retention of or access to data, for example: In the context of the criminal law, the Anti Terrorism, Crime and Security Act 2001 Part 11 provides a lengthy code of practice for voluntary retention of communications data. To provide security services with a reliable log of mobile and fixed phone calls, telecommunication companies must keep telephone call logs for one year. Internet service providers must retain communications data (including internet access, email and telephone calls - mobile and landline) for one year. In the field of immigration, the UK Borders Act 2007 and the Immigration, Asylum and Nationality Act 2006 may enable access to HR records in certain circumstances. Access to HR records The Data Protection Act (DPA) applies to most HR records, whether...
Words: 1158 - Pages: 5
...organization. Data relating to employees is of a highly contentious and potentially litigious nature and has to be managed in accordance with compliance regulations. While sharing characteristics with other types of records, personnel records have some special characteristics; importance, sensitivity, longevity, quantity and ownership. We will base this report in the company called CASTELLON SA, manufacturing factory with more than 250 employees. NOTE TO THE CASTELLON SA HR DIRECTOR ABOUT WHY RECORDING, ANALYSING AND USIN HR DATA IS IMPORTANT I. Two reasons why organisations need to collect HR data. Collecting and recording HR data is vitally important to our organisation. We need to keep certain records, some because the law requires them, and some for company’s internal purposes. Being a production factory we have to ensure we are in compliance with Health and Safety laws and regulations ensuring that all staff is maintaining high health and safety awareness. To avoid any act of discrimination in our company and to prove that the company is adhering to UK’s current law and legislation we have to implement the Data Protection Act to our data collection policies. The HR data collection could help in our company’s overall performance measurement process. The data collected enable managers to make sound decisions more effectively. Some of the benefits of data collection are; helps identify or confirm a problem that exists; allows us to work with facts and empirical data; provides...
Words: 1217 - Pages: 5
...Bring your own device Victor Morgan CIS330 Strayer University Bring your own device As practice shows, a growing number of employees use at work their own mobile devices. This year, many tech sites are increasingly flashes by acronym BYOD (Bring Your Own Device) – “Take your own devices to work”. As of today, when it is posible connect to different cloud services and harness the power of personal device to perform the work steps, literally holding the phone, and the range of devices has become a truly enormous, sometimes for an employee computer standing on his desk has no value. With the ability to perform the same work tasks, but with the help of his personal device employee, in practice, will seek to do so. The task of company IT-service – is to provide him such. BYOD (bring your own device) – is a term that describes a situation where an employee of organization instead of corporate computer uses to run his own device, whether it is his personal laptop, tablet, or, in extreme cases, even a smartphone. BYOD term appeared at least since 2004. However, the explosive popularity of this idea is found only recently and mainly due to the activity of suppliers of IT-services and the rapid development of functional diversity and cloud services. Today, the growing popularity of BYOD concept affects the number of positions in many areas of IT: from the technical support department to department of development of mobile applications and security management and monitoring of compliance...
Words: 1133 - Pages: 5
...organisations it has become evident that HR departments must collect and store various types of data. Through reference to data stored, this can be used to influence business decisions as the data is analysed and used in conjunction with the company’s strategy and objectives. This report will discuss examples of the reasons why HR must collect data, types of data, how this can be stored and legislation that the organisation must comply with. Why HR Data is collected There are various reasons why there is a need for organisations to collect and store HR data. Firstly, it is important to collect and store accurate information to comply with legislation. For example, Right to Work, supporting documents from employees, equality act, documentation to prove the organisation is compliant with UK policies. Health and safety at work act (1974), documents providing evidence of training carried out which ensures that all staff are trained in compliance with the law. By storing the accurate, up to date documentation the data can be used as evidence to support the organisations either legally or at audits. Another example of why data should be recorded to highlight patterns or concerns that may lead to other problems in the workplace. For example, absence records. By storing information on employee absence, it allows for trends in employee absence to be highlighted and took to the next stage. The data can be used as evidence and support for investigating or disciplinary procedures, equally...
Words: 818 - Pages: 4
...Explain the legal and ethical issues in relation to the use of business information Legal Data Protection Act 1998 Many businesses store and use information about people. The Data Protection Act protects the information being held about people from being misused. The information stored by businesses on databases must be: * Obtained fairly and lawfully * Used only for the purposes stated during collection * Adequate, relevant and not excessive in relation to intended use * Accurate and up to date * Not kept for longer than necessary * Proceeded in line with your rights * Subject to procedures to prevent unlawful processing, accidental loss, destruction and damage to personal data * Protected from transfer to an area outside the European Economic Area (EEA) unless adequate protection exists for that data in the area. This Act restricts Toyota Malawi from using the information of their customers illegally and without permission. This also means that Toyota Malawi has to ask for permission when they want to collect information from their customers and the general public. In addition Toyota Malawi has to make sure at all times that the information never falls into the wrong hands or get lost when processing or while in storage. Freedom of Information Act 2000 The Freedom of Information Act came into effect in 2005. It provides individuals or organisations with the right to request information held by a public authority. The public...
Words: 402 - Pages: 2
...Legal requirements relating to the recording, storing and accessibility of HR data: The Data Protection Act 1998 The Data Protection Act controls how your personal information is used by organisations, business or the government. Everyone who is responsible for using data has to follow strict rules called ‘data protection principals’. They must make sure the information is: * used fairly and lawfully * used for limited, specifically stated purposes * used in a way that is adequate, relevant and not excessive * accurate * kept for no longer than is absolutely necessary * handled according to people’s data protection rights * kept safe and secure * not transferred outside the UK without adequate protection There is stronger legal protection for more sensitive information, such as: * ethnic background * political opinions * religious beliefs * health * sexual health * criminal records Source: https://www.gov.uk/data-protection/the-data-protection-act Freedom of Information Act 2000 The Freedom of Information Act gives you a wide-ranging right to see all kinds of information held by the government and public authorities. You can use the Act to find out about a problem affecting your local community and to check whether an authority is doing enough to deal with it; to see how effective a policy has been; to find out about the authorities spending; to check whether an authority is doing what it says and to learn...
Words: 572 - Pages: 3
...Data & Information Define Data: Data is just raw facts and figures it does not have any meaning until it is processed into information turning it into something useful. DATA Information 01237444444 Telephone Number 1739 Pin Number A,C,D,B,A* Grades Achieved At GCSE Define Information: Information is data that has been processed in a way that is meaningful to a person who receives it. There is an equation for Information which is: INFORMATION= DATA + CONTEXT + MEANING DATA 14101066 Has no meaning or context. CONTEXT A British Date (D/M/YEAR) We now know it says 14th of October 1066. Unfortunately we don’t know it’s meaning so it’s still not information yet. MEANING The Battle Of Hastings We now know everything so it can now be defined as information. How Is Data Protected? You’re data is protected by a law called the Data Protection Act this controls how your personal information is used by organisations, businesses or the government. This means legally everyone responsible for using data has to follow strict rules called ‘data protection principles’ there are eight principles. How Your Data Is Protected Use strong an multiple passwords. Too many of us use simple passwords that are easy for hackers to guess. When we have complicated passwords, a simple “brute force attack”—an attack by a hacker using an automated tool that uses a combination of dictionary words and numbers to crack passwords using strong passwords doesn’t mean this can’t happen it just means...
Words: 904 - Pages: 4
...contractor by the name of Edward Snowden disclosed classified information from the National Security Agency (NSA). The root of the data that was leaked was regarding the way the United States Government was gathering browsing habits and personal data of citizens. Basically, their ability to monitor the average citizen without their knowledge. Snowden’s feeling was that our privacies and liberties did not need to be crumpled upon to secure the nation. As a result, this was weakening our nation and causing mistrust by the government instead of securing it. The very popular debate was born, people’s right to data privacy versus the necessity for appropriate intelligence gathering. In this paper...
Words: 792 - Pages: 4
...Privacy Endangerment with the Use of Data Mining An emergent Information Technology (IT) issue that has been rising in the past few years has been data mining. Data mining is utilized to retrieve personal identifiable information provided by individuals through the use of Internet services such as: social media networks, email, and other networks that contain data bases full of personal information. If such data retrieval if not done careful, it can cause ethical issues for the companies that are involved. The ethical issues related to data mining are violation of privacy, confidentiality, and respect of persons’ rights. Issues that required the immediate attention regarding data mining are: What stops corporations from sharing personal identifiable information with other companies?; How effectively and ethically data mining is use by the government?; Is our privacy and confidentiality truly protected? Social network companies such as Facebook, Twitter, and Google provide users agreements upon joining their services. These agreements underline how the information provided by the user will be utilize by the company and it allows the user to understand how to protect their personal identifiable information while utilizing these social network sites. These companies pride themselves in protecting users’ personal information. However, what happens when the company or an unethical company employee violates these agreements? Personal identifiable information is then released...
Words: 1027 - Pages: 5