The world has gotten so small, as information has become more accessible, shareable, and more vulnerable. Data privacy is the security of personal information from unwanted access by third parties and determines who has access to the information.
Personal information like age, location, contact information in both real-time and online platforms are usually open to attacks, which is why sometimes some people choose to exempt some set of people from accessing privileged information. The exemption tactics employed include the use of VPN and closed group chats, some apps go as far as giving a limit to the number of people in a group, settings for privacy, etc. While some other platforms take more information that leaves users vulnerable or sell data. This is why Data privacy is a must-know for everyone (both tech and non-tech professionals)
Due to the increasing attack on data, certain bodies, laws, and regulations were kept in place to protect both businesses and user data.
Laws that govern Data Privacy
With increased technological advancements in data collection, governments around the world have started passing laws regulating what type of data can be collected about users, how that data can be used, and how data should be stored and protected. Some of the most important regulatory privacy bodies include:
- General Data Protection Regulation (GDPR): This body regulates how the personal data of European Union (EU) data subjects, meaning individuals, can be collected, stored, and processed, and gives data subjects rights to control how they can be used.
- National data protection laws: Countries such as Canada, Japan, Australia, Singapore, and others, have comprehensive data protection laws in some form. Some, like Brazil’s General Law for the Protection of Personal Data and the UK’s Data Protection Act.
- California Consumer Privacy Act (CCPA): Requires that consumers be made aware of what personal data is collected and gives consumers control over their personal data, including a right to tell organizations not to sell their personal data.
- The Nigerian Data Protection Regulation: This is a data protection regulation issued in Nigeria in 2019 to protect the processing of personal data of people resident in Nigeria and citizens in diaspora.
- The Estonian Data Protection Inspectorate: Founded in 1999, is a supervisory authority, empowered by the Data Protection Act, Public Information Act, and Electronic Communication Act. The inspectorate’s mandate is to protect the following right enshrined under the Estonian Constitution: the right to obtain information about the activities of public authorities; the right to inviolability of private and family life in the use of personal data; and right to access data gathered in regard to yourself.
Asides from these there are other organizations or industry bodies that fight for data privacy.
Why is Data Privacy Important?
Privacy in many jurisdictions has become a necessary human right.
Data especially personal data can be used in a number of unlawful ways if it is not kept private or if people do not control how their information is used:
- Social Engineering: These personal data to defraud or harass users
- Adware: Sales of personal data for marketing and advertising purpose
- Infringement on the right to free speech: with the knowledge that everything might be tracked the right to freedom of speech is then hampered.
These outcomes can be harmful and can cause irreparable harm to their reputation, which could also result in fines, sanctions, and other legal consequences for both individuals and businesses.
Data privacy tools
- Encryption: is a way to conceal information by scrambling it so that it appears to be random data. Only parties with the encryption key can unscramble the information.
- Two-factor authentication is one of the most important technologies for regular users, as it makes it far harder for attackers to gain unauthorized access.
Major Data breach cases
Facebook user data breach
In April 2021, media outlet Business Insider reported that a user in a hacking forum published the personal data of millions of Facebook users. Alon Gal, co-founder, and CTO of cybercrime intelligence company Hudson Rock, discovered this first which exposed personal data of more than 533 million Facebook users from different countries with 6 million users from India. It included phone numbers, Facebook IDs, full names, locations, birthdates, and email addresses. The media report also talked about how a Facebook spokesperson said that the data had been scrapped due to a vulnerability that the social media giant had patched in 2019.
The data connected to 700 million LinkedIn users was posted on a dark web platform for sale in June 2021. By exploiting the API, the hackers “scraped” the data. The type of data stolen was email addresses, full names, phone numbers, LinkedIn usernames, personal and professional experience, and other social media accounts they held.
LinkedIn, in a statement, said that it was not a data breach and no private LinkedIn member data was exposed. The initial investigation revealed that data was scraped from LinkedIn and other websites. It included the same data reported earlier this year in the April 2021 scraping update. Excerpts from analytics india magazine.