Many companies are extending the reach of their networks to incorporate wireless products into their repertoire of devices. This makes the network quite vulnerable to external intruders and also complicates matters regarding the protection of the network from unauthorised access. Typically network managers implement counter-security measures to enhance security.
Having said that, the question of privacy rights becomes all the more significant with the rise in data collected over the last few years, among them significant rise in data collection through various e-governance schemes, a significant number of users online, and the consistent collection of personal data by private parties.
Privacy, like security, is a software attribute and hence its treatment will also be likewise, considering its design philosophy. It states that privacy should be kept concrete right from the beginning of the system lifecycle through to its end.
Privacy protection legislation is currently in place across International, Federal, State and industry-specific levels across the world. Fortunately for some companies, they find themselves in less heavily regulated industry sectors, whereas others, such as banking and finance industries worldwide, have far greater privacy legislation to comply with.
Privacy considerations state that company data should stay private and unaltered and not sold to any third parties. Company policies, procedures, and software products need to be designed and built with customer needs and privacy considerations at the forefront. Privacy programs need to incorporate the best practices, customer needs, and regulatory requirements.
As a general guide, customer data should only be retained as long as the customer is current/active and there is a business need to retain the data. Otherwise, it should be disposed of.
The following eight design strategies should be considered when developing a privacy management framework:
-
Minimise: Limit the processing of personally identifiable data infinitely. Do not overload your system with unwanted data that does no good to the system. Minimisation of data can be achieved by collecting less data or data from fewer people.
-
Separate: Separate the processing of personally identifiable data as much as possible. This is done to ensure that data within one context does not find itself in another context thus removing disparities in contexts.
-
Abstract: limit the details of data processed as much as possible. Limit the detail in which personally identifiable data is processed and this will help to lower the privacy risk.
-
Hide: Protect personally identifiable data or make it unlinkable or unobservable. Make sure it is not known to the general audience.
-
Inform: Inform the data subjects of processing of personally identifiable data promptly.
-
Control: Provide data subjects adequate control over the processing of personally identifiable data.
-
Enforce: Commit to process personally identifiable data in a private and friendly way and enforce this.
-
Demonstrate: Demonstrate you are processing personally identifiable data in a privacy friendly way.
Minimisation of data privacy exposure is further subdivided into these three tactics:
-
Select: Select only relevant data attributes and check which attributes are important and which are not; keep only the relevant ones.
-
Exclude: Exclude people or attributes in advance and this can be done by differentiating between relevant and irrelevant attributes of personally identifiable data; remove partial data that is no longer wanted.
-
Destroy: Destroy personally identifiable data that is no longer wanted or is redundant and ensure that this data cannot be restored.
In a world where technology has made a quantum leap, data sharing, and data privacy are considered as basic human rights, not just buzzwords for information technology professionals any longer.
For more information, visit www.dataresilience.com.au or drop us a note at [email protected].