Privacy
Privacy is the ability of an individual or group to seclude themselves or
information about themselves, and thereby express themselves selectively.
When something is private to a person, it usually means that something is
inherently special or sensitive to them. The domain of privacy partially
overlaps with security, which can include the concepts of appropriate use, as
well as protection of information. Privacy may also take the form of bodily
integrity. The right not to be subjected to unsanctioned invasions of privacy by
the government, corporations or individuals is part of many countries' privacy
laws, and in some cases, constitutions.
Privacy is a fundamental right, essential to autonomy and the protection of
human dignity, serving as the foundation upon which many other human rights are
built.
Privacy enables us to create barriers and manage boundaries to protect ourselves
from unwarranted interference in our lives, which allows us to negotiate who we
are and how we want to interact with the world around us. Privacy helps us
establish boundaries to limit who has access to our bodies, places and things,
as well as our communications and our information.
The rules that protect privacy give us the ability to assert our rights in the
face of significant power imbalances.
As a result, privacy is an essential way we seek to protect ourselves and
society against arbitrary and unjustified use of power, by reducing what can be
known about us and done to us, while protecting us from others who may wish to
exert control.
Privacy is essential to who we are as human beings, and we make decisions about
it every single day. It gives us a space to be ourselves without judgement,
allows us to think freely without discrimination, and is an important element of
giving us control over who knows what about us.
Concept Of Privacy
KJ Dearie, product specialist and privacy consultant at Termly, reviews three
core concepts in global privacy laws: transparency, accountability and user
control
Transparency
Data privacy, as a concept alone, was not on the public's radar until the social
media boom of the last ten years. Even then, it took the culmination of
high-publicity incidents - like the Cambridge Analytica-Facebook election
scandal and the 2018 Google data breach - for the term "data privacy" to enter
the public vernacular with the weight it carries today.
Given the shift in consumer attitude toward scepticism in the face of data
collection, the law has been fast to follow (and in some cases, lead the way),
ushering in the era of transparency.
Take Australia's Privacy Act 1988, for example. This was one of the earliest
privacy laws to be enacted and continues to be amended as technology and digital
practices evolve. Among the ground-breaking statutes written into the law is the
thoroughness the legislation mandates of companies' privacy policies.
The act determines the need for any subject company to create a privacy
policy that outlines how and why data is collected - a requisite that can be
seen in other early transparency-focused laws, like the California Online
Privacy Protection Act (CalOPPA).
Where Australia's law surpasses the scope of other privacy policy-requiring laws
is in the depth of transparency it necessitates.
For example, the Privacy Act
1988 demands privacy policies disclose:
- Who data may be shared with
- How users can edit or request access to their data
- How someone can make a privacy-related complaint or breach claim
- Whether data may be transferred outside the country, and what countries
this could involve
These strict disclosure guidelines have since been adopted in laws across the
globe:
From the EU's General Data Protection Regulation (GDPR) to India's
Personal Data Protection Bill 2018.
Now, given both the legal precedent and the public's concern over their personal
data, it would be unheard of to encounter a privacy law void of strict
transparency requirements.
- Accountability
The United States alone saw 446.5 million exposed records due to data
breaches in 2018. As data becomes a highly valuable commodity, and hackers adapt
to security systems and protection measures, a great responsibility is being
placed on companies to protect the data they collect, store, and share.
Notably, the California Consumer Privacy Act (CCPA), which is based in
California but has extraterritorial scope, introduced a groundbreaking consumer
right for Americans - the right to sue for loss of privacy.
Under the act, California consumers whose data is breached can sue the company
responsible for storing the data for loss of privacy, even if no physical or
monetary damages are suffered.
The onus of protecting the privacy of individuals has long been a concept rather
than a mandate for businesses and websites worldwide. Now, the law is trying to
define what responsible data collecting and storing means, and what consequences
lie on the other side of negligence.
- User Control
Company responsibilities aren't the only matters being addressed in the new wave
of privacy laws - internet users are also being given more rights over their own
data.
Among these new rights are two major themes: rights over already-collected data,
and rights over the future collection of data.
Rights Over Collected Data
One of the most notable laws regarding consumer rights over their data is the
GDPR. Articles 15-21 of the regulation grant data subjects rights, such as to
access, edit, delete, or transfer personal data that has been collected from
them.
Other privacy laws have followed suit, notably Brazil's Lei Geral de Proteção de
Dados Pessoais (LGPD), which gives data subjects these same rights, and adds the
right to explanation - meaning data subjects can request information about why
and how their data is being processed.
Rights Over The Future Collection Of Data
Not only do today's data privacy laws expand user rights over collected data,
but many of them also offer new rights to users regarding the future collection
and processing of data.
The main example of this - and a data privacy concept growing rapidly -
is cookie consent. Under legislation like the ePrivacy Directive (also known as
the EU Cookie Law), consumers are asked to consent to the collection of data
through cookies via banners and modals that pop up upon visiting a website.
Even more, laws like ePrivacy require businesses to allow users to set their
cookie category preferences (e.g., a user can consent to a website using
analytics cookies, but deny the deployment of advertising cookies).
An updated version of the ePrivacy Directive - the ePrivacy Regulation
(institution date yet to be determined) - is on the horizon, promising even more
comprehensive guidelines for cookies.
This is a chapter taken from the first edition of The Right to Privacy: A
Doctrinal and Comparative Analysis. The book was co-written with Dr. Hilary
Delany and published by Round Hall in 2008.
The chapter provides a conceptual analysis of the notion of a right to privacy
and serves as an introduction to the general themes that are explored in the
remainder of the book in chapters.
The chapter reviews the literature on the difficulties of defining a right to
privacy and provides a summary of the work of authors such as Judith Jarvis
Thomson, Russell Brown, Warren and Brandeis, Ruth Gavison, Beate Rossler, Nicole
Moreham and Daniel Solove.
The chapter argues in favour of an approach in accordance with which the right
to privacy is justified as a necessary element of a system which adequately
values and protects human autonomy. Privacy is argued, in this regard, to go
beyond the simple protection of the secret or confidential so as to include the
social dimension of human existence. Protecting privacy encourages the
individual to fully engage in this social sphere by facilitating
experimentation, intimacy and the development of a sense of individual and
social identity.
The chapter then proceeds to consider the differences between privacy as an
autonomy value and privacy as a legally enforceable right. It would not be
workable for the law to define privacy as anything which engages individual or
social identity.
The chapter therefore proposes a tripartite distinction between different types
of privacy claim:
- Decisional privacy:
This is the entitlement of an individual to make their own
decisions. It is argued that this is incoherent as an independent legal right.
- Spatial privacy:
This a claim of privacy over a physical space, whether that
be territorial privacy or the privacy of the individual's own body.
- Informational privacy:
This is claim of privacy over particular information.
The chapter then considers the extent to which a right to privacy may be
regarded as a claim of control over these dimensions. It concludes that control
should not be understood in this context as an all-or-nothing entitlement to
prevent all access to the area in question. Privacy is a more complex and
context-sensitive concept. Thus a right to privacy operates as an entitlement to
exercise control over who may access a particular dimension and/or of the use
that may legitimately be made of such access. Just what the right involves will
depend upon the particular circumstances of the claim.
The chapter concludes by considering the relationship between privacy and
freedom of expression. It argues that privacy and freedom of expression are, in
many instances, complementary. Protecting privacy may facilitate the
individual's freedom of expression. A conflict will more frequently arise
between privacy and the media's freedom of expression. However, the expression
rights of individuals and of the media are different in character and in degree.
There is a necessity therefore for a more nuanced and sophisticated
understanding of the relationship between privacy and the expression rights of
individuals and of the media.
Laws In India
The Constitution of India does not patently grant the fundamental right to
privacy. However, the courts have read the right to privacy into the other
existing fundamental rights, ie, freedom of speech and expression under Art
19(1)(a) and right to life and personal liberty under Art 21 of the Constitution
of India. However, these Fundamental Rights under the Constitution of India are
subject to reasonable restrictions given under Art 19(2) of the Constitution
that may be imposed by the State.
Recently, in the landmark case of
Justice K S Puttaswamy (Retd.) & Anr. vs. Union of India and Ors., the constitution bench of
the Hon'ble Supreme Court has held Right to Privacy as a fundamental right,
subject to certain reasonable restrictions.
India presently does not have any express legislation governing data protection
or privacy. However, the relevant laws in India dealing with data protection are
the Information Technology Act, 2000 and the (Indian) Contract Act, 1872. A
codified law on the subject of data protection is likely to be introduced in
India in the near future.
The (Indian) Information Technology Act, 2000 deals with the issues relating to
payment of compensation (Civil) and punishment (Criminal) in case of wrongful
disclosure and misuse of personal data and violation of contractual terms in
respect of personal data.
Under section 43A of the (Indian) Information Technology Act, 2000, a body
corporate who is possessing, dealing or handling any sensitive personal data or
information, and is negligent in implementing and maintaining reasonable
security practices resulting in wrongful loss or wrongful gain to any person,
then such body corporate may be held liable to pay damages to the person so
affected. It is important to note that there is no upper limit specified for the
compensation that can be claimed by the affected party in such circumstances.
The Government has notified the Information Technology (Reasonable Security
Practices and Procedures and Sensitive Personal Data or Information) Rules,
2011. The Rules only deals with protection of
Sensitive personal data or
information of a person, which includes such personal information which
consists of information relating to:
- Passwords;
- Financial information such as bank account or credit card or debit card
or other payment instrument details;
- Physical, physiological and mental health condition;
- Sexual orientation;
- Medical records and history;
- Biometric information.
The rules provide the reasonable security practices and procedures, which the
body corporate or any person who on behalf of body corporate collects, receives,
possess, store, deals or handle information is required to follow while dealing
with
Personal sensitive data or information. In case of any breach, the body
corporate or any other person acting on behalf of body corporate, the body
corporate may be held liable to pay damages to the person so affected.
Under section 72A of the (Indian) Information Technology Act, 2000, disclosure
of information, knowingly and intentionally, without the consent of the person
concerned and in breach of the lawful contract has been also made punishable
with imprisonment for a term extending to three years and fine extending to Rs
5,00,000 (approx. US$ 8,000).
It is to be noted that s 69 of the Act, which is an exception to the general
rule of maintenance of privacy and secrecy of the information, provides that
where the Government is satisfied that it is necessary in the interest of:
- the sovereignty or integrity of India,
- defence of India,
- security of the State,
- friendly relations with foreign States or
- public order or
- for preventing incitement to the commission of any cognizable offence
relating to above or
- for investigation of any offence,
It may by order, direct any agency of the appropriate Government to intercept,
monitor or decrypt or cause to be intercepted or monitored or decrypted any
information generated, transmitted, received or stored in any computer resource.
This section empowers the Government to intercept, monitor or decrypt any
information including information of personal nature in any computer resource.
Where the information is such that it ought to be divulged in public interest,
the Government may require disclosure of such information. Information relating
to anti-national activities which are against national security, breaches of the
law or statutory duty or fraud may come under this category.
Information Technology Act, 2000
The Information Technology Act, 2000 (hereinafter referred to as the "IT Act")
is an act to provide legal recognition for transactions carried out by means of
electronic data interchange and other means of electronic communication,
commonly referred to as "electronic commerce", which involve the use of
alternative to paper-based methods of communication and storage of information
to facilitate electronic filing of documents with the Government agencies.
Section 415 of IPC states that Whoever, by deceiving any person, fraudulently or
dishonestly induces the person so deceived to deliver any property to any
person, or to consent that any person shall retain any property, or
intentionally induces the person so deceived to do or omit to do anything which
he would not do or omit if he were not so deceived, and which act or omission
causes or is likely to cause damage or harm to that person in body, mind,
reputation or property, is said to
cheat.
For example: There are two persons A and Z. A exhibits the false sample of an
article to Z and intentionally make Z believes that the article corresponds with
the sample. A here induces Z to buy and pay for the false sample of article. A
cheats Z. The right to privacy refers to the concept that one's personal
information is protected from public scrutiny. U.S. Justice Louis Brandeis
called it "the right to be left alone." While not explicitly stated in the U.S.
Constitution, some amendments provide some protections.
The right to privacy most often is protected by statutory law. For example, the
Health Information Portability and Accountability Act (HIPAA) protects a
person's health information, and the Federal Trade Commission (FTC) enforces the
right to privacy in various privacy policies and privacy statements.
The right to privacy often must be balanced against the state's compelling
interests, including the promotion of public safety and improving the quality of
life. Seat-belt laws and motorcycle helmet requirements are examples of such
laws. And while many Americans are quite aware that the government collects
personal information, most say that government surveillance is acceptable.
Constitutional Rights
The right to privacy often means the right to personal autonomy, or the right to
choose whether or not to engage in certain acts or have certain experiences.
Several amendments to the U.S. Constitution have been used in varying degrees of
success in determining a right to personal autonomy:
- The First Amendment protects the privacy of beliefs
- The Third Amendment protects the privacy of the home against the use of
it for housing soldiers
- The Fourth Amendment protects privacy against unreasonable searches
- The Fifth Amendment protects against self-incrimination, which in turn
protects the privacy of personal information
- The Ninth Amendment says that the "enumeration in the Constitution of
certain rights shall not be construed to deny or disparage other rights
retained by the people." This has been interpreted as justification for
broadly reading the Bill of Rights to protect privacy in ways not
specifically provided in the first eight amendments.
The right to privacy is most often cited in the Due Process Clause of the 14th
Amendment, which states:
No state shall make or enforce any law which shall abridge the privileges or
immunities of citizens of the United States; nor shall any state deprive any
person of life, liberty, or property, without due process of law; nor deny to
any person within its jurisdiction the equal protection of the laws.
However, the protections have been narrowly defined and usually only pertain to
family, marriage, motherhood, procreation and child rearing.
For example, the Supreme Court first recognized that the various Bill of Rights
guarantees creates a
zone of privacy in
Griswold v. Connecticut, a 1965 ruling
that upheld marital privacy and struck down bans on contraception.
Which Countries Have The Best Cloud Privacy Laws In 2020?
Switzerland
Switzerland is probably the best place to be for privacy. Article 13 of
the Swiss constitution guarantees citizens' their right to privacy and there are
strict federal laws in place to protect your data. The Federal Data Protection
Act and the Data Protection Ordinance protect personal data and prohibit any
processing of it unless authorized by the subjects or law.
Tips For Prevention
Privacy is an increasingly rare commodity these days. Just search for yourself
on Pipl.com-you might be surprised at the number of companies that claim to have
information about your family, income, address, phone number and much, much
more.
That is because your personal information, including your email address, phone
number and social security number, is worth a lot of money to legitimate
businesses and bad guys alike. The bad guys just want to steal from you.
Companies want to know as much about you as possible so they can sell you more
products and services or serve you ads that are highly relevant to your
demographics and preferences.
So, take these simple steps to protect your valuable personal information:
- Do not fill out your social media profile.
The more information you share online, the easier it's going to be for someone
to get their hands on it. Do not cooperate. Look at your social media profiles
and keep them barren-the people who need to know your birth date, email address
and phone number already have them. And what exactly is the point of sharing
everything about yourself in your Facebook profile? If you care about your
privacy, you won't do it.
- Don't share your social security number /Adhar Number
Think twice about sharing your social security number / Adhar Number with
anyone, unless it's your bank, a credit bureau, a company that wants to do a
background check on you or some other entity that has to report to the IRS. If
someone gets their hands on it and has information such your birth date and
address they can steal your identity and take out credit cards and pile up other
debt in your name.
Even the last four digits of your social security number should only be used
when necessary. The last four are often used by banks an other institutions to
reset your password for access your account.
Plus, if someone has the last four digits and your birth place, it's a lot
easier to guess the entire number. That's because the first three are determined
by where you, or your parents, applied for your SSN. And the second set of two
are the group number, which is assigned to all numbers given out at a certain
time in your geographic area. So a determined identity thief with some computing
power could hack it given time.
- Lock down your hardware.
Set up your PC to require a password when it wakes from sleep or boots up. Sure,
you may trust the people who live in your house, but what if your laptop is
stolen or you lose it?
Same thing with your mobile devices. Not only should you use a passcode to
access them every time you use them, install an app that will locate your phone
or tablet if it's lost or stolen, as well as lock it or wipe it clean of any
data so a stranger can't get access to the treasure trove of data saved on it.
And, make sure your computers and mobile devices are loaded with anti-malware
apps and software. They can prevent prevent criminals from stealing your data.
We recommend Norton Internet Security ($49.99 on norton.com or $17.99 on Amazon)
in our computer security buying guide or stepping up to Norton 360 Multi-Device
($59.99 on norton.com or $49.99 on Amazon) if you have mobile devices. And,
you'll want to double up your protection on Android devices by installing, since
we found anti-malware apps are dismal at detecting spyware.
- Turn on private browsing
If you don't want anyone with physical access to your computer to see where
you're hanging out online you should enable "private browsing," a setting
available in each major web browser. It deletes cookies, temporary Internet
files and browsing history after you close the window.
Every company that advertises online is interested in knowing what sites you
visit, what you buy, who you're friends with on social networks, what you like
and more. By gathering information about your online activities they can serve
you targeted ads that are more likely to entice you to buy something.
For instance, the Facebook, Twitter, and Google+ buttons you see on just about
every site allow those networks to track you even if you don't have an account
or are logged into them. Other times information collection companies rely on
embedded code in banner ads that track your visits, preferences, and demographic
information.
If you truly care about your privacy you'll surf the Internet anonymously by
hiding your IP address. You can do this using a web proxy, a Virtual Private
Network (VPN) or Tor, a free open network that works by routing your traffic
through a series of servers, operated by volunteers around the world, before
sending it to your destination.
- Use a password vault that generates and remembers strong and unique
passwords.
Most people know better than to use the same password for more than one website
or application. In reality, it can be impossible to remember a different one for
the dozens of online services you use. The problem with using the same password
in more than one place is if someone gets their hands on your password-say,
through a phishing attack-they can access all your accounts and cause all sorts
of trouble.
To eliminate this dilemma, use a password manager that will not only remember
all your passwords, but will generate super strong and unique ones and
automatically fill them into login fields with the click of a
button. LastPass is an excellent and free choice.
- Use two-factor authentication.
You can lock down your Facebook, Google, Dropbox, Apple ID, Microsoft, Twitter
and other accounts with two-factor authentication. That means that when you log
in, you'll also need to enter a special code that the site texts to your phone.
Some services require it each time you log in, other just when you're using a
new device or web browser. The Electronic Frontier Foundation has a great
overview of what's available.
Two-factor authentication works beautifully for keeping others from accessing
your accounts, although some people feel it's too time consuming. But if you're
serious about privacy, you'll put up with the friction.
- Set up a Google alert for your name.
This is a simple way to keep an eye on anything someone might be saying about
you on the web. It's just a matter of telling Google what to look for (in this
case, your name), as well as what kinds of web pages to search, how often to
search and what email address the search engine giant should use to send you
notifications. Set up a Google alert here.
- Pay for things with cash.
According to Business Insider, credit card companies are selling your purchase
data to advertisers. Don't want companies knowing how much booze you're buying
or other potentially embarrassing habits? Buy things the old fashioned way-with
coins and bills.
- Keep your social network activity private.
Check your Facebook settings and make sure only friends can see what you're
doing. Go to the settings cog in the upper right hand corner of your screen,
then click on Privacy Settings >> Who can see my stuff.
On Twitter, click on the settings cog, then Settings. From there you can adjust
all sorts of privacy settings, such as a box that gives Twitter permission to
add your location to tweets as well as the ability to make your tweets private,
meaning only people you approve can see them. You can also stop the
microblogging platform from tailoring your Twitter experience based on other
sites you visit.
If you use Google+, go to Home >> Settings. There you can adjust things like who
can interact with you, comment on your posts or start a conversation with you.
- Don't give our your zip code when making credit card purchases.
Often stores will ask for your zip code when you're checking out with a credit
card. Don't give it to them unless you want to donate your details to their
marketing database, warns Forbes. By matching your name, taken from your credit
card, with your zip code, companies can more easily mine more information,
including your address, phone number and email. address.
- Lie when setting up password security questions.
"What is your mother's maiden name?" or "In what city were you born?" are common
questions websites often ask you to answer so as to supposedly keep your account
safe from intruders. In reality, there's nothing secure about such generic
queries. That's because someone who wants access to your account could easily do
some Internet research to dig up the answers.
How to protect your privacy online
Limit the personal information you share on social media
A smart way to help protect your privacy online? Don't overshare on social
media. Providing too much information on Facebook, Twitter, and Instagram could
make it easier for cybercriminals to obtain identifying information, which could
allow them to steal your identity or to access your financial information. For
example, could an identity thief determine your high school mascot or your
mother's maiden name from digging through your Facebook account? This
information is sometimes used as security questions to change passwords on
financial accounts.
Unfortunately, many people don't take this advice. In a 2018 study, the Identity
Theft Resource Center found that approximately 52 percent of respondents shared
personally identifying information through social media sites.
And that's just the start of the oversharing. The same study found that about 48
percent of respondents shared information about their children, while nearly 33
percent shared information about their location. A total of 42 percent of
respondents shared information about their travel plans through social media.
To protect your online privacy, ignore the "About Me" fields in your social
media profiles. You don't have to let people know what year or where you were
born - which could make you an easier target for identity theft. Explore
different privacy settings, too. You might want to limit the people who can view
your posts to those you've personally invited.
Create strong passwords, too, for your social media profiles to help prevent
others from logging into them in your name. This means using a combination of at
least 10 numbers, special characters, and upper- and lower-case letters. And
never use personal, easy-to-guess information - such as your birthdate or pet's
name - as your password.
Browse in incognito or private mode
If you don't want your computer to save your browsing history, temporary
internet files, or cookies, do your web surfing in private mode.
Web browsers today offer their own versions of this form of privacy protection.
In Chrome, it's called Incognito Mode. Firefox calls its setting Private
Browsing, and Internet Explorer uses the name In Private Browsing for its privacy
feature. When you search with these modes turned on, others won't be able to
trace your browsing history from your computer.
But these private modes aren't completely private. When you're searching in
incognito or private mode, your Internet Service Provider (ISP) can still see
your browsing activity. If you are searching on a company computer, so can your
employer. The websites you visit can also track you.
So, yes, incognito browsing does have certain benefits. But it's far from the
only tool available to help you maintain your privacy while online. Anonymous
search engines and virtual private networks can bolster your online privacy.
Use a different search engine
If you're like many web surfers, you rely heavily on Google as your search
engine. But you don't have to. Privacy is one reason people prefer to use
anonymous search engines. This type of search engine doesn't collect or share
your search history or clicks. Anonymous search engines can also block ad
trackers on the websites you visit.
Some products do a more comprehensive job of protecting your privacy. The Norton
Privacy Manager app strives to take online privacy to a new level with features
that include a search engine and a VPN, among others.
The Norton Privacy Manager app may be a newcomer to the online privacy space,
but it's backed by more than 25 years of security expertise from cybersecurity
leader, Symantec. Norton Privacy Manager helps to make it easier for you to
control your online privacy, so you can connect and browse on the internet
without sharing your personal information.
Norton Privacy Manager includes ad
blockers and tracker blockers to prevent invisible online trackers from
following your personal information around and collecting your browsing history.
Norton Privacy Manager's default search engine does not collect, store, or share
search histories or personal information about users.2 Therefore, it cannot
tailor advertisements based on user behavior or sell that behavioral data to
advertisers. Rather, advertisements included in search results are based on
contextual information, such as the search term entered, and are not tailored to
the individual.
Use a virtual private network
A virtual private network (VPN) gives you online privacy and anonymity by
creating a private network from a public internet connection. VPNs mask your
Internet Protocol (IP) address so your online actions are virtually untraceable.
Using a VPN is especially important when you're on public Wi-Fi at a library,
coffee shop, or other public location. A VPN will make it more difficult for
cybercriminals to breach your online privacy and access your personal
information.
The standalone Norton Secure VPN has a no-log policy, meaning it does not
collect, or "log," information transmitted through the network. It doesn't save
information about users' personal details, where users go online, or what users
download or search for. Therefore, users' online activities stay private and
anonymous.
You can find many free VPN solutions, but it could make more sense to pay for a
service from a trusted security provider if you want the maximum amount of
privacy protection while online.
Be careful where you click
One of the ways in which hackers compromise your online privacy is
through phishing attempts. In phishing, scammers try to trick you into providing
valuable financial or personal information. They'll often do this by sending
fake emails that appear to be from banks, credit card providers, or other
financial institutions. Often, these emails will say that you must click on a
link and verify your financial information to keep your account from being
frozen or closed.
Don't fall for these scams. If you click on a phishing link, you could be taken
to a spoofed webpage that looks like the homepage of a bank or financial
institution. But when you enter in your account information, you'll be sending
it to the scammers behind the phishing attempt, not any bank, credit union, or
credit card company. Before clicking on suspicious links, hover your cursor over
the link to view the destination URL. If it doesn't match the financial website
you use, don't click.
Also, remember that banks or other financial institutions will never ask you to
provide account or financial information through an email. If you receive such
an email and you are wary, log in directly to your financial provider's online
account portal. You can then check to see if there are problems with your
account. Or call the financial provider yourself to ask if there are any
problems with your account - using the customer-service number from one of your
statements or the provider's website, not the one included in the suspect email
you received.
Secure your mobile devices, too
Many of us spend more time surfing the web, answering emails, and watching
videos on our smartphones than we do on our laptops. It's important, then, to
put as much effort into protecting our online privacy on our phones and tablets
as on our computers.
To start, make sure to use a passcode to lock your phone. It might seem like a
hassle to enter a code every time you want to access your phone's home screen.
But this passcode could offer an extra layer of protection if your phone is lost
or stolen. Make sure your passcode is complex. Don't use your birthdate, your
house number, or any other code that thieves might be able to guess.
Use caution when downloading apps. These games and productivity tools could come
embedded with dangerous viruses. Only buy games from legitimate sources.
Use the same caution, too, when searching the web or reading emails on your
mobile devices as you do when using your laptop or desktop computer.
Don't ignore software updates, either. These updates often include important
protections against the latest viruses. If you continue to ignore them, you
could be leaving your smartphone's operating system and programs vulnerable to
attack.
Use quality antivirus software
Finally, always install antivirus software on all your devices. This software
can keep hackers from remotely taking over your computer, accessing your
personal and financial information, and tracking your location.
And once you install this software, don't forget about it. Manufacturers
frequently update their virus protection software as a defense against the
latest malware, spyware, and other viruses. Install updates as soon as they
become available.
How to Prevent Data Theft
These are top tips from the experts to help you keep your company's sensitive
information safe from data thieves.
- Get rid of paper.
If you have to keep paper files, shred them as soon as they are no longer
needed. According to John Rowan of Advantage Business Equipment, there are nine
things businesses should shred:
- Any mail with a name and address
- Luggage tags
- Trip itineraries
- Extra boarding passes
- Credit offers
- Price lists
- Vendor payment stubs and paid invoices.
- Cancelled checks
- Receipts
- Assess which data you need to protect most.
"Have an audit or assessment on your data," says Greg Kelley, EnCE, DFCP,
of Vestige Digital Investigations. "Everyone company is different. They have
different regulations, different types of data, different needs for that data
and a different company culture. Hire an outside expert to assess what data you
have, how you are protecting it (not how you think you are protecting it) and
where that data is going. While you may think it is an unnecessary cost, if you
report to clients and potential clients that you have had an outside data
assessment, you may find it puts you at an advantage over your competitors."
- Restrict access to your sensitive data.
"Not everyone in the company needs access to everything. Does the project
manager need pricing information? Does the sales person need operations
information? By restricting what data each person has access to, you limit your
exposure when an employee decides what they want to steal or when the employee's
account is compromised by an outsider,"
- Enforce data privacy controls inside and out.
Hold third parties and contractors your company engages to the same strict data
privacy controls you implement in your own organization. Audit them periodically
to ensure compliance with your security standards.
- Use strong passwords to protect computers and devices.
Make it difficult for outsiders to access your company's and employees' devices
and computers if they are lost or stolen by protecting them with strong
passwords and by enabling remote wipe on all devices.
- Install or enable a firewall.
Even small companies with few employees have valuable data that needs to be
protected. Ensure you have a firewall in place to keep outsiders from accessing
your company network.
- Secure your wireless network.
Use a strong password and use encryption and security to hide your wireless
network from outsiders. Don't let neighbors or passers-by hop onto your network,
or even see that it exists. You're just inviting trouble.
- Use encryption to prevent data theft.
Ensure all sensitive information that is being transferred or emailed is
encrypted. Encryption should also be installed on all company laptops, mobile
devices and removable media.
- Use a proxy.
"That free internet at the airport or the cafe is actually shared with dozens or
hundreds or other users who might be sniffing your traffic," says Roberto Arias
Alegria, IT Security Consultant at Metaluxo IT Security. "Since encrypted
connections (SSL) are far from universal, an easy to use proxy service can save
you from prying eyes (e.g. Zenmate, or TunnelBear)."
- Activate two-factor authentication.
"No matter how secure is your password, there's more than one way to get it.
Consider using 2FA whenever you can, Google, Yahoo, Twitter and many popular
services already have support for 2FA," says Arias.
- Restrict movement of information.
"Do not permit the transfer of personal information (names, Social Security
numbers, Medicare numbers, employee or medical data etc.) to a portable medium,
like a laptop or mobile device. This data should be processed in-house, not on
an airplane or a commuter train or at home," says Robert Ellis Smith,
Publisher, Privacy Journal.
- Take extra steps to protect your most sensitive data.
"Truncate Social Security numbers, or remove them from the data base and store
them elsewhere apart from the original data file, with a means to link the two
later if necessary. Regularly remove sensitive personal data from online
databases or "the cloud" and process it off-line," says Smith.
- Use anti-virus software and anti-spyware.
Update all software on your company's network whenever updates become available.
This includes security software, browsers, and operating systems. Don't use free
security software as sometimes these contain "scareware" that can fool employees
into compromising your network.
- Require strong passwords for all employees.
"More than 70 per cent of breaches are due to weak passwords or poor password
management," says Darren Guccione, CEO and co-founder of Keeper Security,
Inc. Make sure you use passwords that are at least eight characters in length
and utilize a combination of uppercase and lowercase letters, numerals and
symbols."
- Have a "clean desk" policy.
Implement and enforce a policy prohibiting employees from keeping working
papers, passwords or any sensitive documents in view while they are away from
their desks. Every workstation should have a lockable drawer for employees to
secure sensitive information.
- Guard against social engineering.
Teach employees to recognize and report attempts by outsiders to get information. Train them on the various techniques used by fraudsters, such as
"phishing" and "smishing" and to never open attachments or download anything
from an unknown source.
- Beware of personal devices.
"Make sure that you have policies and technology to address the risk of people
bringing personal devices to work," says Joseph Steinberg, CEO
of SecureMySocial. "All access to the Internet from such devices - or from
devices brought by visitors to your office - should be done via a separate
network than is used for company computers. Many routers come equipped with such
a capability. Personal devices can be infected with malware that can steal data
if the devices are connected to corporate networks."
- Implement social media policies.
"Create, and enforce with technology, appropriate social media policies. Don't
pretend that policies alone will ensure that employees don't make inappropriate
social media posts - you need technology to help with this task as people make
mistakes - and they can be costly to your business. Many breaches start with
criminals crafting spear phishing emails based on overshared information on
social media," says Steinberg.
- Be prepared for mistakes.
"Employees are humans, and humans make mistakes," says Quinn Kuzmich, adjunct
professor of software security and computer forensics at Colorado Technical
University, founding partner at NagaSec Information Security and a Senior IT
Security Analyst for Skillsoft. "Mistakes leave your system vulnerable. And when
it comes to data security, these mistakes happen all the time. Data gets saved
in the wrong folders, which weren't configured in the right way - this means the
wrong people have access to the data. If you forget this important rule, the
wrong people will remind you."
- Be nice to your employees.
A disgruntled employee can be the most dangerous vulnerability in your company's
data protection program.
There is no specific data protection authority in India. The IT Act provides for
an adjudicating officer to be appointed to adjudicate whether a person has
contravened the IT Act or its rules where the claim of injury or damages does
not exceed 50 million rupees. If the claim exceeds 50 million rupees, the
adjudicating authority would be the civil court. The Secretary to the Ministry
of Information Technology in each state government has been appointed as the
adjudicating officer.
The adjudicating officer has all powers of a civil court.
These include summoning the attendance of persons and examining them on oath,
requiring the discovery or production of documents and other electronic records,
receiving evidence on affidavits and issuing commissions for the examination of
witnesses or documents.
The police have the power to investigate offences under the IT Act such as under
section 72 and section 72A.
Under specialised statutes relating to banking, telecom and in the medical
field, the relevant sectoral regulator has powers.
Legal obligations of data protection authority
Discussion on privacy issues is as old as mankind. Starting with the protection
of one's body and home, it soon evolved in the direction of controlling one's
personal information. In 1891, the American lawyers Samuel Warren and Louis
Brandeis described the right to privacy in a famous article: it is the right to
be let alone.
In 1967 a new milestone was reached with the publication of Alan
Westin's Privacy and Freedom when he defined privacy in terms of
self-determination: privacy is the claim of individuals, groups, or institutions
to determine for themselves when, how, and to what extent information about them
is communicated to others.
Written By:
- Gurmeet Singh, Advocate, For M/S Gurmeet Singh & Associates,
Advocates and Legal Consultants,
Website: www.gurmeetsinghandassociates.com /.in, Email:
[email protected], Ph No:+91 8750002000
- Ms. Vagisha Gupta
- Adv.Vidushi Jain
- Adv. Hritwik
- Adv. Aman Sharma
- Sh.Aman Karamvir
- Adv.Tripty Rajput
- Ms. Divya Kaushal
- Adv.Alpana
Yadav
Please Drop Your Comments