What is data privacy and how important is data privacy in an organization?
Privacy is the right
of individuals to be left alone, tom keep their affairs confidential from
others, and to choose what information about themselves to share with
others. When personal data is collected and stored in database, used within
an organization, or disseminated to others, it can be used to violate
the privacy rights of individuals.
The objective of data privacy requires the protection of personal data from inadvertent or unauthorized disclosure to unauthorized persons or for unauthorized purposes. Ensuring data privacy requires both legal and technical solutions. While DBMS can improve on-the-scene access control. It can never stop an unauthorized person from accessing the data and later using it for unauthorized purpose. Legal solutions provide penalties and remedies in such a situation. Legal solutions can also encourage an organization to utilize data privacy protection measures. Increased public concern in the early 1970s led to the passage of privacy legislation in states and countries around the world.
Legislation provides added impetus for implementing appropriate administrative and technical safeguards. Implementing appropriate privacy safeguards involves expenditures with no direct monetary returns. Thus, there is a negative economic incentive for industry and government agencies to police themselves and protect the privacy of data about individuals. Laws can force administrative action and stimulate the development of technically viable solution alternatives.
Various technical and administrative measures enable an organization to respond to the data objective and to comply with privacy legislation. The ultimate protection of the data privacy is not to collect and store sensitive data in the first place. Such solution, while helpful, do not obviate the need for technical measures, Administrative protection strategies include such measures as isolation, personnel screening, and physical security. Technical protection mechanisms include access control, encryption, and monitoring. A DBMS can provide these technical protection mechanisms.
Isolation of the system storing the data reduces unauthorized access and disclosure. This relates closely to physical security which uses similar techniques. The design of a secure system is largely a matter of cost and efficiency. In the extreme, a lead and concrete wall could be built around the computer system, thus ensuring absolute protection. Of course, this is impractical since data is stored to be accessed and used. An organization should determine the value of the information, quantify the effect of unauthorized disclosure (and loss or destruction when considering overall physical security), and balance this against the cost of protective measures. More and varied avenues of access to the data increase the risk of unauthorized discourse.
Access control Via established avenues of access starts with some responsible authority telling the system who has access to what data. Upon receipts of a request for data, the system first authenticates the identification of the requestor (a person, perhaps through a programme or at a particular location) and then checks to ensure that they are authorized to see the request data.
Encryption Techniques are useful when data may be exposed to inadvertent disclosure or in authorized access during transmission or storage. Encryption is any techniques that makes it difficult to interpret data being transmitted or stored. Prior to transmission or storage of data, some reversible data being transmission is applied to the data. When received or retrieved, the data is decoded by reversing the transformation. Encryption and decryption facilities could be made available in a DBMS for an organization to use on data which is sensitive to a violation of personal privacy or organization secrets.
Monitoring and Audit trail Techniques also contribute to data integrity. It a breach of privacy or unauthorized modification takes place, it is desirable to have a past record or trace of the sequence of events that occurred. Accountants call this an audit trail. It can be helpful in later investigation to verify the current status of some thing or to detect where or when the unauthorized to access data abuse that right by using it for unauthorized purposes. An audit trail may make it possible to discover the offender. For additional security, the audit trail or system operation can be closely monitored for any unusual activity or threat, for example , repeated failure to provide a valid identification, or repeated interrogations attempting to incrementally access data from a statistical data bank.
Stay Current With the Latest Trends & Developments Realted to Management. Signup for Our Newsletter and Receive New Articles Through Email
Note: We never rent, trade, or sell our email lists to anyone. We assure that your privacy is respected and protected.