@ GHOSTn2H

DATA PRIVACY AND BEST PRACTICES

Your Data Privacy should be a major concern of yours, as enormous personal data about you is shared across various medias and platforms.

Data collection, data sharing, and it's management is a key concern for businesses organizations across the globe. It is a huge global business collecting and selling your personal data. In many ways you are their product.

In our daily activity of mobile phone usage, information about us is being constantly collected, and this is not just limited to our own personal devices, so it is important to know what data is being collected and how it is being used without our consent.

Data Privacy in a nutshell is a series of activity aimed at safeguarding (Protection) of our personal data from those who should not have access to it and the ability of the individual to determine who can access this personal information in their custody.

The term data privacy is synonymous with Information Privacy or Data Protection depending on which context this term is used.

TYPES OF DATA COLLECTED

FINANCIAL DATA

Your Financial information is incredibly sensitive data, this data when compromised could result in a huge financial loss, you becoming a fraud victim, or suffuring from identity theft. cyber criminals are always hoping to gain access to information such as your customer accounts or credit card details.

Financial data is collated from various activity, products usage, service consumed, which can be offline or online this financial data when compromised the result is a loss.

On the cyber space hackers have schemes used in stealing information from victims while offline activities could involve humans or usage of advance tools to steal your information.

Local grocery stores and banks are good examples of where credit card information is stolen. Hackers use skimming methods to capture payment information from your credit card in local grocery stores and at ATMs, using an advanced approach involving a small device called a SKIMMER that reads the information stored in a cards magnetic strip or microchip. Skimming devices most times are installed at Automated Teller Machines and other point of sales locations, especially gas stations. Most times fraudster use cameras and overlay touchpads to capture victims’ personal identification number(PIN).

Hackers also use phishing methods through texts and phony emails. Malware that can record keystrokes to steal your sensitive information, it is advisable to never enter your credit cards information on a website or email you did not verify. Or better still only use limited balance cards or visa reloadable cards for online activities.

INTERNET DATA

As we access the internet daily, our data is collected in different ways, the use of search engines and data mining has created a capability for data collection from a variety of sources very easily.

With the advent of Artificial Intelligence (AI), this has facilitated creating inferential information about individuals and groups, based on such enormous amount of collected data, as a result of this the Fair Information Practice Principle was formulated to provide a set of guidelines that represent widely accepted concepts concerning fair information practices in an electronic marketplace. This action has received a lot of criticism because of insufficiency in the field of Artificial Intelligence enabled inferential information.

When using the internet we give away a lot information about ourselves in cases where emails are not encrypted by administrators of servers when the connection is encrypted and the internet service provider (ISP) and other parties surfing the network traffic of that connection are able to know the contents, this applies to any of kind of traffic generated on the internet including web browsing, instant messaging, that is why it is advisable to always encrypt emails and regular use of it can be done traceless via anonymizers. The use of routing protocols that create hard to trace communication by using a chain of proxy servers is encouraged, with this each message is encrypted to each proxy using public key cryptography

There are many content with privacy concerns in an era where other people might not be as privacy conscious as you are. It is often we see people tagged on Facebook and other social media without their consent, this act could lead to cyber stalking which might escalate to offline stalking.

Some websites engage in deceptive practices such as placing a cookie notice in places on the page that are not allowing them to change their privacy settings apps like Instagram. Facebook collects user data for personalized app experience; however, they track user activity on other apps, while other information collected are used for marketing purposes. This in turn has made this companies more powerful over their consumers.

LOCATION DATA

Location data can be some of the most sensitive data.

Location data provides publishers and app developers with advertising revenue so consumers can access free services and information, it helps with city planning, help ride sharing users get to their destination guide, Travelers to great local spots, reassure parents of their children safety while away from home. Location data can also enhance personal safety in cases of emergencies services like the dispatch of help at a speed of light, additional features like “FIND MY DEVICE” help locate lost or stolen phones.

But the pervasive use of geo-location technology poses new challenge to data privacy as they enable third parties to locate and track people and objects anywhere at any anytime.

The Smart devices we carry along with us have in fact become tools for surveillance, yet many of us have embraced them willingly, the risk for abuse of personal data and the threats to privacy that arise from government and commercial entities using geo-location technology are enormous. Like all powerful tools location data is a double-edge sword, we cannot refrain from this potential service but instead we can use it judiciously and responsibly.

Google takes the cake when it comes to tracking most of our data, because it’s entire business model relies on data collection, while Facebook stores user information.

POLITICAL DATA

Political Data Privacy has been a thing of concern with the use of digital voting machines, in the United States of America (USA) where the M650 electronic ballot scanner is used, it is possible that the smart cards can be reprogrammed wirelessly using mobile phones. This activity could result in election hacking, bringing about erosion of public trust in the electoral process. When the masses lose faith in the integrity of elections they become disillusioned and disengaged from participating in democracy.

MEDICAL DATA

With the increased incorporation of electronic health records into care delivery and research, the growing volumes of data for evidence base research and care might eventually force significant changes to strike a balance between privacy and medical data.

People may not wish for their medical records to be revealed to others due to confidentiality and sensitivity of what the data might reveal about their health. They might be concerned that it might affect their Insurance coverage or employment, some people might not wish for others to know about any medical or psychological conditions or treatments that might bring embarrassment upon themselves or social scrutiny.

Revealing medical data could also reveal other defects about one’s personal life, health-care data breach can result from hacking, data theft or loss, unauthorized access and when this occurs all parties suffer a loss.

Data breaches are not just a concern and complication for security experts, it also affects, stakeholders and organizations.

The Internet of Medical Things (IOMT), smart devices, information systems and cloud services have led to a digital transformation of the healthcare industry with this technologies sensitive data is collected by healthcare organizations from patients stored on network servers for easy accessibility at all times so as to facilitate patient care.

Cyber criminals use ransomware to steal a victim’s medical records from a healthcare provider by decrypting the data or device in turn for a ransom, hackers knowing that most health care providers store and manage medical records online, most Healthcare providers use the Remote Desktop Protocol (RDP)to access medicals records, cyber criminals try to exploit vulnerabilities of unsecured RDP to steal medical records.

EDUCATIONAL DATA

Stolen student records can come back to haunt children when they attain adulthood; for example say a student has a history of drug use that’s been successfully overcome or they have disciplinary records that should have been expunged but are publicly available, this data could resurface in College Applications, Job Interviews and Court Hearings.

In an era where education data mining is prevalent a robust cyber security is essential for protecting everyone within the education ecosystem, as security breaches in higher education can lead to significant data loss, affecting personal information and institutional data. Implementing stringent data security protocols and response strategies is vital.

BEST TECHNOLOGIES FOR DATA PRIVACY PRACTICES

These are just some of the technologies available today that can protect user privacy and keep data more secure.

I. ENCRYPTION

Encryption is a way to conceal information by scrambling it so that it appears to be random data. Only parties with the encryption key can unscramble the information, this involves the use PGP.

Pretty Good Privacy (PGP) is a widely recognized encryption system used for securing digital communications and data. PGP keys employ a combination of symmetric and asymmetric encryption techniques to ensure the confidentiality, integrity, and authenticity of information.

PGP keys consist of two parts: a public key and a private key. The public key can be freely shared and is used for encrypting data, while the private key is kept secure and is used to decrypt the information. This dual-key mechanism ensures that only the intended recipient can access the encrypted message.

Moreover, PGP allows for digital signatures, enabling the sender to verify their identity and the message's integrity. This provides a high level of trust, making PGP ideal for secure communications, email encryption, file encryption, and software distribution.

PGP keys offer robust security by leveraging advanced cryptographic principles, ensuring data privacy and authenticity. Their reliability and effectiveness have made them a cornerstone in secure communication practices, widely adopted across various industries to protect sensitive information.

II. ACCESS CONTROL

Access control ensures that only authorized parties access systems and data. Access control can be combined with data loss prevention (DLP) to stop sensitive data from leaving the network.

Access Control is a fundamental security mechanism used to regulate who or what can view or use resources in a computing environment. It is crucial for protecting sensitive data, ensuring that only authorized users have the right to access, modify, or manage particular resources, systems, or information.

There are several types of access control models, each serving different security requirements:

• Discretionary Access Control (DAC) allows resource owners to control access based on user identities.

• Mandatory Access Control (MAC) uses strict policies controlled by a central authority to manage access based on classification levels.

• Role-Based Access Control (RBAC) grants access based on a user’s role within an organization, offering scalability and efficiency in managing permissions.

• Attribute-Based Access Control (ABAC) provides dynamic, context-aware access based on attributes like user role, time of access, and location.

Effective access control ensures data confidentiality, integrity, and availability by preventing unauthorized access, reducing the risk of data breaches, and ensuring regulatory compliance. In today’s digital landscape, implementing robust access control measures is critical for safeguarding organizational assets, maintaining trust, and protecting against cyber threats.

In conclusion, Access Control is a vital element of cybersecurity that helps organizations enforce security policies, manage permissions efficiently, and protect sensitive information, making it a cornerstone of data protection and information security strategies.

III. TWO FACTOR AUTHENTICATION

Two-factor authentication is one of the most important technologies for regular users, as this makes it far harder for attackers to gain unauthorized access to personal accounts.

Two-Factor Authentication (2FA) is a security process that requires two forms of verification to access an account or system. It combines something you know (like a password) with something you have (such as a smartphone or security token) or something you are (biometrics like fingerprints). This additional layer of security makes it harder for unauthorized users to gain access, even if they have the password, thereby enhancing protection against cyber threats.