Lesson #4

32問 • 1年前

問題一覧

• Data Protection is a set of strategies and processes that can be used to secure the privacy, availability and integrity of data. • It is sometimes called data security or information privacy. • Data protection is vital to any organization that collects, handles, or stores sensitive data. • A successful data protection strategy can help prevent data loss, theft or corruption, and can help minimize damage caused in the event of a breach or disaster.

True

• Data Privacy refers to the right of an individual to keep his/her information private. It advocates individual control over the collection and use of private information with the goal of protecting the confidentiality of an individual, against unauthorized disclosure. • On a personal or individual level, It is typically applied to personal health information and personally identifiable information. • The records include financial information, medical records, social security or ID numbers, names, birth dates and contact information. • Data privacy concerns apply to all sensitive information that organizations handle, including data of customers, shareholders and employees. • All this information plays a vital role in business operations, development and finances.

True

• Data Privacy helps ensure that sensitive data is only accessible to approved parties. • It prevents criminals from being able to maliciously use data and helps ensure that organizations meet regulatory requirements. • Data Privacy is enforced by data protection regulations. Non-compliance may result in monetary fines or loss of brand authority.

True

• Both are important and the two often come together, these terms do not represent the same thing. • Data Privacy focuses on defining who has access to data. • Data Protection focuses on applying those restrictions. • Data Privacy defines the policies that data protection tools and processes employ. • Users control privacy; compa nies ensure protection. • Creating Data Privacy guidelines does not ensure that unauthorized users don’t have access. • Likewise, access can be restricted with data protection while still leaving sensitive data vulnerable. Both are needed to ensure that data remains secure.

True

• Data Privacy allows users to control how much of their data is shared and with whom. • Data Protection, relies on the companies handling data to ensure that it remains private. • Compliance regulations reflect this difference and are created to help ensure that users’ privacy requests are enacted by companies.

True

• Personal Data are any information which are related to an identified or identifiable natural person . • Example: telephone number, credit card or personnel number of a person, account data, number plate, appearance, customer number or address are all personal data. • Other Examples of Personal Data: • Race • Ethnic Origin • Political Opinions • Religious or Philosophical Beliefs • Trade Union Membership • Genetic Data

True

• Biometric Data (where this is used for identification purposes); • Health Data • Social Media Platforms are usually free to use, but users actually “pay” with their personal data. • Personal data is monetized, which means to advertisers or companies (e.g. tech firms) who collect data for their marketing purposes. • Every day, hundreds of companies that users may not even know exist gather facts about users, some more intimate than others. • That information may then flow to Academic Researchers, Hackers, Law Enforcement as well as plenty of companies trying to market products and lure users to buy.

True

• Data Brokers are a business that aggregates information from a variety of sources; processes it to enrich, cleanse or analyze it; and licenses it to other organizations. • Data brokers can also license another company's data directly or process another organization's data to provide them with enhanced results. • Data Brokers also compile personal data from publicly available sources like property records, marriage licenses and court cases. • They may even purchase personal information from agencies such as Department of Motor Vehicles or Retail stores.

True

Tracking Data : • Trackers are channels that are used to track user data. • On a computer, trackers can collect a range of data from keystrokes, location, web browsing, and personal data. • Trackers can be embedded on websites users visit and only collect data when they’re on that webpage or they can come in the form of viruses that can see everything the user’s computer does. • Types of Web Trackers: • Traditional Cookies • Super Cookies • Finger Printers • Identity Trackers • Session Cookies • Session Replay Scripts

True

• _______ are files created by websites that users visit. • They make users’ online experience easier by saving browsing information. With cookies, sites can keep users signed in, remember site preferences, and give locally relevant content. • Facebook, Google, and other companies use these extremely popular cross-site trackers to follow users from website to website. • They work by depositing a piece of code into the browser, which users then unwittingly carry with them as they surf the web.

Traditional cookies

• _______ follow users by creating a unique profile of their device. • They collect things like the person’s IP address, their screen resolution, and what type of computer they have. • These _______ scripts are placed purposefully by the website users are on, other times a script may be from a website they’ve never visited. • Instead of using a cookie, these Identity _______ follow people using personally identifiable information, such as their email address. • They are known to collect this data by hiding on login pages where people enter their credentials.

Identity Trackers

• _______ is a file containing an identifier (a string of letters and numbers) that a website server sends to a browser for temporary use during a limited timeframe. • When the browser closes at the end of a session, the file is deleted. A session cookie is also known as transient cookie. • ________ allow users to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new area users visit. • ________ allow users to be recognized within a website so any page changes or item or data selection is remembered from page to page.

Session Trackers

• _________ are programming that enable a website users' keystrokes, clicks, mouse movements and scrolling behavior to be recorded along with the full contents of the webpage they are visiting. • The use of ________ is controversial because of the potential for privacy violations. • These _______ record everything one does on a website, such as which products clicked on and sometimes even the password entered.

Session replay scripts

Protection Technologies And Practices • _______ (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users. • It also provides reporting to meet compliance and auditing requirements and identify areas of weakness and anomalies for forensics and incident response.

Data Loss Prevention

Protection Technologies And Practices • ________ modern storage equipment provides built-in clustering and redundancy enabling a Data Protection process. • This is to safeguard important data from corruption, compromise or loss and providing the capability to restore the data to a functional state should something happen to render the data inaccessible or unusable.

Storage with Built-In Data Protection

Protection Technologies And Practices • _______ are utilities that enable users to monitor and filter network traffic. This is to ensure only authorized users are allowed to access or transfer data.

Firewalls

• __________ are controls that help verify credentials and assure that user privileges are applied correctly.

Authentication and Authorizations

• ______ alters data content according to an algorithm that can only be reversed with the right ______ key. • This protects data from unauthorized access even if data is stolen by making it unreadable.

Encryption

• _______ limits liability by deleting data that is no longer needed.

Data Erasure

• Data Encryption is a method of protecting data confidentially by converting it to encoded information, called ciphertext, that can only be decoded with a unique decryption key, generated either at the time of encryption or beforehand. • Data encryption can be used during data storage or transmission and is typically used in conjunction with authentication services to ensure that keys are provided to, or used by, authorized users. • Example: Encryption methods are used to safely exchange data between web servers and browsers (recognized by the green padlock and “https” in the URL), Cash Withdrawal from ATMs (to protect your PIN), Secure E-mails, Online Data Storage (think about files, photos, videos, etc. in Google Drive or Dropbox). • Encryption is also used when you send messages to your friends and family through messenger applications such as WhatsApp (automatic end-to-end encryption so only the receiver can read your messages, photos, videos, voice messages and files).

True

Data Compliance : • Data Compliance is a term used to describe formal standards and practices for ensuring sensitive data is protected from loss, theft, corruption, and misuse. • It refers to regulations that organizations must follow, regarding how their data is organized, managed, and stored. • Businesses across a wide variety of industries and sectors must adhere to data compliance standards, in order to keep their customers’ Personally Identifiable Information (PII) and financial details confidential, and to prevent their sensitive data from falling into the wrong hands.

True

How Data Compliance Works : • Regulations around Data Compliance vary widely across different industries, governments, states, countries and even continents (i.e. General Data Protection Regulation (GDPR). • However, they all typically address three things: • What type of data needs to be protected? • What processes need to be implemented to protect that data? • What penalties will be exercised, should an organization not be compliant with said processes?

True

Data Compliance Standards : GDPR (General Data Protection Regulation) • GDPR is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. • It includes a set of standards, developed to give EU citizens more control over their data. • Under GDPR, businesses must ensure personal data is gathered legally and adequately protected from misuse and exploitation. • Ramifications for violating GDPR regulations are severe, with global companies like Google, H&M, and Marriott facing millions in fines over the past couple years.

True

Data Compliance Standards : HIPAA (Health Insurance Portability and Accountability Act) • HIPAA is an act passed by the US Congress in 1996 that mandates privacy and security standards for the healthcare industry, when it comes to protecting patients' medical records and other health information. • These standards provide patients with more control over how their personal health information is used and disclosed. • Covered entities and their business associates must comply with HIPAA standards. • Covered entities include healthcare providers (i.e. doctors, dentists, hospitals), health plans (i.e. insurance companies), and healthcare clearinghouses (associated with insurance).

True

Data Compliance Standards : PCI-DSS (Payment Card Industry Data Security Standard) • PCI DSS is a data compliance regulation, designated for protecting consumers. • It was developed back in 2006 to manage payment card security standards and improve account security throughout the transaction process. • It provides security guidelines for organizations that process, store, or transmit credit card information. • PCI-DSS is required by credit card companies, for organizations to make online transactions. Additional Information on PCI-DSS can be found here: https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

True

Data Compliance Standards : SOX (Sarbanes-Oxley Act) • SOX is a data compliance law that was established to protect shareholders, employees, and the public from corporate fraud. • It focuses on the accounting and transparency in processes of companies and improving the accuracy of corporate disclosures. • It involves sweeping auditing and financial regulations, both intended to prevent accounting fraud. • SOX regulations apply to all publicly traded companies in the United States, as well as wholly-owned subsidiaries and foreign companies that are publicly traded and do business in the United States.

True

Data Compliance Standards : CCPA (California Consumer Privacy Act) • The California Consumer Privacy Act of 2018 was established to provide consumers with more control over the personal information that businesses collect about them. • It consists of privacy rights for California consumers, including the right to know how businesses are utilizing their information, the right to delta personal information collected by businesses, and the right to opt-out of the sale of their personal information. • Any organization that serves California residents and has at least $25 million in annual revenue must comply with CCPA.

True

Data Compliance Standards : PDPA (Personal Data Protection Act) • The Personal Data Protection Act (PDPA) governs the collection, use and disclosure of personal data by private organizations. • It involves various obligations relating to the Do-Not-Call Registry (“DNC Obligations”), which came into force on 2 January 2014, and the protection of Personal Data (“DP Obligations”) which became operational on 2 July 2014. • In Singapore, organizations which fail to comply with the PDPA may be fined up to 10% of its annual turnover or $1 million, whichever is the higher.

True

Data Privacy Predictions : • According to Gartner, by 2023, 65% of the world’s population will have its personal data covered under modern privacy regulations. • Legislation like this is going to continue pouring out from nations around the world in 2021. • Individuals, customers, data subjects, consumers are also becoming more aware of privacy laws and of privacy violations. • For companies interested in guarding their reputation and avoiding fines, the lesson is clear, which is to get consent from users and provide data privacy controls or face the consequences. • Employee privacy and protecting personal data of employees will also come into focus.

True

Data Privacy Predictions : • Companies without strong privacy controls may lose users – that’s a natural consequence of this heightened awareness. • To combat this, companies should make clear which third parties may be able to access data and give clients full control over what cookies they enable. • With new privacy laws being developed on a seemingly daily basis, and those laws varying so much from region to region, it can be extraordinarily difficult for most companies to keep up. • This has led to developers creating software to automate data privacy, from handling privacy requests to consent and preference management.

True

Benefits of Data Compliance : • As the world becomes increasingly reliant on technology, and organizations are producing, sharing and storing massive amounts of data every day, data security in now a hot topic. • Businesses must have proper data protection plans in place, not only to protect themselves, but also to protect their customers. • Data compliance regulations force companies to improve their data security standards and practices, to prevent breaches from occurring and their customers’ sensitive data being exposed, stolen, or corrupted. • By complying with regulations, organizations ensure their sensitive data won’t be compromised, and confirm that necessary precautions have been taken to keep their customers’ data safe.

Data Protection

Benefits of Data Compliance : • One of the biggest and most significant consequences of a data breach, is the impact it has on customer trust and loyalty. • According to a Varonis analysis of companies’ reputations after a data breach, 80% of consumers will defect from a business that has compromised their data, and 52% of consumers would pay the same for products or services from a different brand with better security. • When an organization takes the proper steps to be data compliant, they not only better protect their data, but also appear more trustworthy and credible to their customers. • Their customers can rest easy, knowing that their data is being protected, and won’t fall into the wrong hands.

Customer Trust

Lesson #2

Jay Jayel · 30問 · 1年前

Lesson #2