Happy Data Privacy Day 2020! Data privacy or information privacy is a branch of data security concerned with the proper handling of data – consent, notice, and regulatory obligations. More specifically, practical data privacy concerns often revolve around:
- Whether or how data is shared with third parties.
- How data is legally collected or stored.
- Regulatory restrictions such as: GDPR, NDPR, HIPPA, GLBA or CCPA.
Though most people agree on the importance of data privacy, and everyone is agreed that data protection is at the heart of ensuring privacy, the definition of “data privacy” itself is notoriously complex. None of the laws we mention in this article – the GDPR, the CCPA, or the HIPAA – define precisely what they mean by data privacy. Instead, the provisions they contain suggest a number of best practices and spell out the rights of consumers and businesses. Since every piece of legislation is different, trying to define exactly what is meant by “privacy” can be extremely difficult. The situation doesn’t get any better if we limit our scope to one piece of legislation. Europe’s GDPR is arguably the most wide-ranging, comprehensive piece of data privacy legislation.
Data protection principles under the GDPR
Data protection principles underpin the new General Data Protection Regulation (GDPR). These principles set out obligations for businesses and organizations that collect, process and store individuals’ personal data. Six principles for processing of personal data The GDPR outlines six data protection principles you must comply with when processing personal data. These principles relate to:
- Lawfulness, fairness, and transparency– you must process personal data lawfully, fairly and in a transparent manner in relation to the data subject.
- Purpose limitation – you must only collect personal data for a specific, explicit and legitimate purpose. You must clearly state what this purpose is, and only collect data for as long as necessary to complete that purpose.
- Data minimization – you must ensure that personal data you process is adequate, relevant and limited to what is necessary in relation to your processing purpose.
- Accuracy– you must take every reasonable step to update or remove data that is inaccurate or incomplete. Individuals have the right to request that you erase or rectify erroneous data that relates to them, and you must do so within a month.
- Storage limitation– You must delete personal data when you no longer need it. The timescales in most cases aren’t set. They will depend on your business’ circumstances and the reasons why you collect this data.
- Integrity and confidentiality– You must keep personal data safe and protected against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures. See GDPR and security.
Accountability principle under the GDPR Accountability is a new principle under the General Data Protection Regulation. It focuses on two key elements: your responsibility to comply with the GDPR and your ability to demonstrate compliance
- Measures to help you meet the accountability requirement may include, for example:
- implementing data protection policies and security mechanisms
- agreeing data protection contracts with third-party processors
- documenting your processing activities
- recording and reporting, where necessary, of personal data breaches
- carrying out data protection impact assessments
- appointing a data protection officer. While this policy & regulation helps ensure that organizations are transparent in their handling of individual data &handling et al, here are five ways you can ensure data privacy as an individual or as a company.
FIVE WAYS TO ENSURE DATA PRIVACY
- Keep your operating system and all software up to date.
As simple as this may sound, most people still use outdated operating systems and software from unknown sources. This usually means that their systems are vulnerable & prone to attacks. Keeping your operating system and software up to date is one way to ensure your protection.
- Encrypt your sensitive data.
Make it a practice to encrypt your files, folders & hard drives/ storage devices. Encryption applications such as Bitlocker, VeraCrypt, AxCrypt, and Folder Lock are a good place to start in your encryption journey.
- Use antivirus software.
Antivirus software is the “policeman” at the gate of a computer system. It protects the computer from incoming threats and seeks out, destroys and warns of possible threats to the system. New viruses are coming out all the time. It is the job of the antivirus software to keep up with the latest threats. Avast, Kaspersky et al are common examples of Anti-viruses. Most of these can be used on mobile devices as well.
- Use a unique, complex password for every account you own. …
A strong password provides essential protection from financial fraud and identity theft. One of the most common ways that hackers break into computers is by guessing passwords. Simple and commonly used passwords enable intruders to easily gain access and control of a computing device.
- Securely archive or delete data you no longer need
This is a practice you should adopt. Ensure to securely archive or delete data you no longer need. This would prevent the misuse of such information for malicious purposes.
Click Here to view the to read more on the Nigerian Data Protection Regulation (NDPR)
Click Here to view the Ghana Data Protection Bill
Click Here to view the Kenyan Data Protection Bill
Click Here to view the Rwandan Data Protection Policy.