Data protection refers to the practices and technologies used to safeguard sensitive and personal information from unauthorised access, use, disclosure, modification, or destruction. It involves a range of measures, including technical, organisational, and legal steps, to ensure that data is kept safe and secure at all times.
Our personal digital rights as per GPDR include (a) Right to Access (b) Right to Confirm (c) Right to Correct (d) Right to Portability (e) Right to Forget (f) Right to Consent.
Data protection helps to protect individuals’ privacy rights by ensuring that their personal information is only used for the purposes for which it was collected and that it is not disclosed to unauthorised parties. Data protection is important for businesses and organisations because it helps to mitigate the risks associated with data breaches, such as financial losses, reputation damage, and legal liability.
With increasing incidents of data breaches and cyberattacks it has become mandatory for businesses to implement GDPR measures as required by law and also notify affected individuals and authorities in the event of a data breach. If any breach occurs as per GDPR fine can be up to 20 million euros, or 4 % of their total global turnover of the preceding fiscal year, whichever is higher.
How companies harvest your data :
- Online shopping – Name, Gender, Email address, Delivery address, Phone number, Credit card details, Product search history, Frequently bought items, Average shopping basket value, Most browsed products and your IP address.
- Dating Apps – Gender, Age, Ethnicity, Sexual orientation, Phone number, Private chats, Political views, Private pictures, Likes & swipes, Device info and your IP address
- Search Engines – Online searches, Browsing history, Online interests, Shopping habits, IP address, Location, Passwords and Credit Cards, Device information, Downloaded files and Browser add-ons you use.
- Social Media – Posts, photos & videos, Messages & files, Phone contacts, Name, Gender, Email address, Location, Phone number, Date of birth, Relationships, Groups or group chats and Posts, pics & videos you’re tagged
Classification of data :
- Personally identifiable data (PII) – It is any data that could potentially be used to identify a particular person.
- Non-personally identifiable information (non-PII) – Data that cannot be used on its own to trace, or identify a person, so basically the opposite of PII.
- Sensitive personally identifiable information – General Data Protection Regulation (GDPR), Not all data that qualifies as personally identifiable information is sensitive.
- Non-sensitive personally identifiable information – It could be in a public record, like your birthday or phone number. It can’t directly identify you. Once exposed, attackers can use to facilitate identity theft, fraud, and social engineering attacks, particularly phishing and spear phishing.
Data protection principles :
The principles of data protection vary slightly depending on the jurisdiction and legal framework, but they generally include the following points.
- Lawfulness, fairness, and transparency – Should be processed lawfully, fairly, and transparently, with individuals informed about the purposes.
- Purpose – Should be used for specified, explicit, and legitimate purposes only.
- Data minimisation – Should be adequate, relevant, and limited to what is necessary in relation to the purpose.
- Accuracy – Personal data should be accurate, and steps should be taken to rectify inaccurate or incomplete data.
- Storage – Personal data should be kept in a form that permits identification of data.
- Integrity and confidentiality – It should be processed and ensure appropriate security, including protection against unauthorised or unlawful processing and accidental loss, destruction, or damage.
- Accountability – Accountable to regulatory authorities and data subjects.
Law’s for Data Protection in India :
The Information Technology Act, 2000 (IT Act) is the only data protection legislation in India. Few sections used for data protection as per IT Act are (a) Section 69. (b) Section 69 A. (c) Section 69 B. We are yet to have GDPR like law to protect data and its privacy.
Where to check if your data is breached :
There are several website you can take to check if your email or phone number has been part of a data breach. Few sources are (a) https://amibeingpwned.com (b) https://snusbase.com (c) https://leakcheck.net (d) https://leaked.site (e) https://leakcorp.com/login (f) https://haveibeensold.app
How individuals can take care to protect their data :
- Use strong completed passwords – Use alphanumeric and include special characters.
- Enable two-factor authentication – OTP or Authenticator app
- Be cautious when sharing personal information
- Use a virtual private network (VPN)
- Use reputable security – Antivirus and Anti Malware) software
- Be cautious of phishing scams – Never click on short links.
- Download Softwares / Application’s from legitimate sources only.
- Keep your browser updated and access only secured websites starting with https://
- Check the complete headers of the email using https://mxtoolbox.com/EmailHeaders.aspx
- Check how your apps access your data. https://reports.exodus-privacy.eu.org/en/
- Verify the actual SMS sender by using https://smsheader.trai.gov.in/