By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: How private is your data?
Share
Aa
TechgoonduTechgoondu
Aa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Internet > How private is your data?
InternetSoftware

How private is your data?

Techgoondu
Last updated: November 21, 2022 at 5:19 PM
Techgoondu Published November 21, 2022
11 Min Read
SHARE

Brought to you by HID Global

By Alex Tan

Alex Tan, commercial director of physical access control solutions for Asean for HID Global. PHOTO: HID Global

The world is expected to produce and consume 94 zettabytes of data in 2022 – an amount that will skyrocket to 463 zettabytes per day by 2025. It’s an almost unfathomable volume of information to which each Internet user contributes about 1.7 megabytes per second or nearly 147,000 megabytes per day.

Yet very little of that data is safe from prying eyes and bad actors. By the end of 2022, cybercrime will carry an expected cost of US$6 trillion rising to US$10.5 trillion by 2025.

It doesn’t have to be this way, however. About 80 per cent of data breaches could be prevented with good cyber hygiene practices and education, particularly considering recent findings that about 97 per cent cannot identify a phishing email, leaving one in 25 to click on them and open themselves and their data up to cyberattack.

Leaving things to chance is simply not an option, as cyberattacks have emerged as the fastest growing crime worldwide, led in the United States by phishing (38 per cent) and network intrusions (32 per cent).

Thus, in the world of data privacy, knowledge is power and regulatory compliance is paramount.

Privacy versus security

While data privacy and data security are related, understanding the differences is the imperative first step toward keeping the personally identifiable information (PII) hackers and other bad actors covet safe from harm.

Data security is the process by which PII is kept safe from breaches, cyberattacks and other unauthorised access. It refers to the actions taken to ensure data is accurate, reliable, available to authorized users, and safe from accidental or intentional disclosure.

Data privacy, on the other hand, refers to governance – the policies and procedures that dictate how data is collected, stored, and shared.

For example, data security is undertaken with such tools as access management, loss prevention, anti-malware, antivirus, and event management software, while data privacy tools include browser extensions and add-ons, password managers, private browsers and search engines, encrypted messaging, file encryption and advertisement trackers and blockers.

An organisation can have top-of-the-line security tools and procedures in place, but still be non-compliance with privacy regulations because it fails to obtain required consents to share PII with a business partner. Conversely, it is not possible to achieve data privacy without security.

Privacy regulations

Worldwide, data privacy mandates are piecemeal at best. The US, for example, does not have federal regulations governing data protections; rather individual states are passing laws to protect its citizens. This creates a complex compliance web for organisations that operate in multiple jurisdictions.

The European Union (EU), on the other hand, has enacted what many consider to be the toughest and most far-reaching privacy and security laws in the world.

The general data protection regulation (GDPR) applies to any company or organisation that markets goods and/or services to EU residents regardless of their country of origin.

The GDPR is built upon seven key principles – lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability – that guide how PII is handled.

Failure to comply can result in massive financial penalties, as Amazon discovered when it was hit with a €746 million (US$776 million) fine for carrying out advertising targeting without proper consent. Whatsapp was hit with a €225 million (US$234 million) fine for transparency violations.

China recently enacted its Personal Information Protection Law, which bears a resemblance to the GDPR in that it requires user consent when PII is transferred abroad and requires the receiving party to inform the individual of how their data will be used if it is different from the original purpose.

It also authorises the Chinese government to block any foreign organisations, companies, and individuals from accessing its citizens’ data and provide retaliatory measures in cases where a foreign government does the same.

Further, if an entity needs to move PII beyond China’s borders, it must pass a security assessment; be certified for personal information protection; be concluding a contract with a foreign party in accordance with government standards; or meet “other conditions” set by government agencies.

Shared responsibility

While laws and reputations can force companies and other organisations to protect PII, there remains a level of personal responsibility to not only understand risks but to also practise proper cyber hygiene rather than relying on the data privacy and security policies and procedures of others.

At its most basic, good cyber hygiene is protecting what you share online, for example not advertising your planned vacation on social media and taking care not to post photos or other documents that might inadvertently reveal PII.

Truly effective cyber hygiene goes beyond what you share to ensure your data is safe regardless of where and how you store it.

Understand encryption levels available for personal computers, smartphones, and any other connected device, and devise strong passwords that are changed frequently. Keep software updated, which helps close any security gaps that developers are made aware off.

The organisations that collect, store, and share PII are equally responsible for data privacy. Regulatory compliance – while important – should be considered the PII protection floor in most cases. It is imperative to gain a comprehensive understanding of an organisation’s privacy and security practices before entrusting data to it.

For example, while mobile technologies are popular for their ability to deliver contactless security and frictionless access control, they are only as good as their encryption, credentialling and data protection capabilities.

According to HID Global’s 2021 State of Physical Access Control Report, 36 per cent of respondents reported using less secure credential technologies; specifically, 125-kHz low-frequency proximity cards, legacy products that offer convenience and reliability but extremely limited security and privacy.

Another 40 per cent reported using even older and less secure technology, including 23 per cent that reported using magnetic stripe cards and 17 per cent using barcode technology – continued use of which exposes organisations to the risk of credential spoofing and cloning.

However, it is not only legacy technology like cards and barcodes that heighten risk. Multi-technology readers that remain enabled to read legacy credentials after the completion of the migration increase risk as well.

Thus, it is important to seek out solutions that are based on evolving standards, such as Open Supervised Device Protocol, that are evolving and therefore future proof.

Building data trust

KPMG shares several recommended actions organisations can take to shore up what it has identified as the four anchors of trusted analytics, which are quality, resilience, effectiveness, and integrity. These are:

Assess trust gaps by performing an initial assessment to see where trusted analytics are most needed and can therefore be the primary focus.

Clarify and align goals so the organisation’s purpose for collecting data and running analytics is clear for all involved. An important aspect of this goal setting is to measure performance and impact and sharing that information with users.

Raise awareness of data and analytics to increase internal engagement among users, including creating a team of decision-makers and IT/business leaders for collaboration.

Build organisational expertise in analytics quality assurance.

Improve and encourage transparency by enabling independent assessments by creating cross-functional teams, third-party reviews, peer reviews, and stronger quality assurance processes.

Build ecosystems that eliminate silos and examine the value and risk that data and analytics can bring to the organization and create cross-departmental teams to build data and analytics communities.

Develop a model for innovation and incentivise employees and teams for innovative processes.

By taking a proactive approach to hardening anchors, organisations can build an environment of trust in its data privacy and security.

Function over form

Ultimately, the most important consideration when determining the privacy and security of PII is just how high a priority it is for any organisation that touches data. More user-friendly options are attractive, but they should not outrank system privacy and PII protection.

Data, especially, personal data, is of enormous value to the organisations that control it. Its protection should be paramount. Which is why individuals have the right to understand how well it is safeguarded by those to whom it has been entrusted.

Most importantly, when the organisation “borrowing” their data is not sufficiently transparent about its use and protection protocols, the owners have every right to be forgotten – to have their personal data deleted or “erased” upon request – when information on safeguards is not sufficiently transparent.

The best protection is to ensure PII is shared with only those who place the highest priority on its safety.

Alex Tan is the commercial director of physical access control solutions for Asean for HID Global

You Might Also Like

As TikTok faces a possible ban in the US, should users elsewhere be worried?

Foodpanda to use Gogoro electric scooters in battery swapping trial with Cycle & Carriage

RedCap: A new cellular IoT technology for the 5G era

Debate on computational photography misses what’s real, what’s lived outside a frame

Give a royal wave and avoid munchies during video calls, say etiquette experts Debrett’s

TAGGED: biometrics, data, GDPR, governance, HID Global, physical access solution, privacy

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Techgoondu November 21, 2022
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Copy Link Print
Share
Previous Article Hands on: Vivo X Fold+ comes with sizeable screen, good camera for a foldable phone
Next Article Still cleaning your home the old way? Dreame vacuums take the chore away with modern smarts
Leave a comment

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

Facebook Like
Twitter Follow

Latest News

As TikTok faces a possible ban in the US, should users elsewhere be worried?
Cybersecurity Internet March 24, 2023
Foodpanda to use Gogoro electric scooters in battery swapping trial with Cycle & Carriage
Enterprise Internet March 23, 2023
RedCap: A new cellular IoT technology for the 5G era
Enterprise Software Telecom March 23, 2023
Sony Playstation VR2 review: An immersive experience awaits
Gaming March 21, 2023
//

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
Follow US

© 2023 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact

Join Us!

Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Lost your password?