You are on page 1of 3

Committee: ​SPECPOL (The Special Political and Decolonization Committee)

Issue: ​The question of addressing online data privacy laws


Name: ​Isha Banerjee​ ​& Kanav Patel
Position:​ ​SPECPOL Chair

Introduction

Internet privacy involves the right or mandate


of personal privacy concerning the storing,
repurposing, provision to third parties, and
displaying of information pertaining to
oneself via of the Internet. Internet privacy is
a subset of data privacy. Privacy concerns
have been articulated from the beginnings of
large scale computer sharing. Privacy can
entail either Personally Identifying
Information (PII) or non-PII information such
as a site visitor behavior on a website. PII
refers to any information that can be used to
identify an individual. For example, age and
physical address alone could identify who an
individual is without explicitly disclosing
their name, as these two factors are unique enough to typically identify a specific person.
It is now up to the SPECPOL committee to decide what action must be taken.

Definition of Key Terms

Online​ ​-​ ​controlled by or connected to another computer or to a network.

Data​ ​- ​facts and statistics collected together for reference or analysis.

Privacy​ - the state of being free from public attention.

Data Security​ ​- protective digital privacy measures that are applied to prevent unauthorized
access to computers, databases and websites.

Personal Data​ - any information relating to an identified or identifiable individual


Major Countries and Organizations Involved

United Nations Global Pulse:​ ​United Nations Global Pulse partnered with MIT to start a project
called ​‘Mapping the Risk-Utility Landscape of Mobile Data for Sustainable Development and
Humanitarian Action.’ ​This project aims to determine how insights from mobile data might be
used to maximum effect in support of policy planning and crisis response with minimal risk to
privacy.

National Cyber Security Alliance (NCSA):​ ​The National Cyber Security Alliance (NCSA)
builds strong public/private partnerships to create and implement broad-reaching education and
awareness efforts to empower users at home, work and school with the information they need to
keep themselves, their organizations, their systems and their sensitive information safe and
secure online and encourage a culture of cybersecurity.

The General Data Protection Regulation:​ a rule passed by the European Union in 2016,
setting new rules for how companies manage and share personal data. In theory, the GDPR only
applies to EU citizens’ data, but the global nature of the internet means that nearly every online
service is affected, and the regulation has already resulted in significant changes for US users as
companies scramble to adapt.

Commission nationale de l'informatique et des libertés (CNIL): ​The Commission nationale


de l'informatique et des libertés is an independent French administrative regulatory body whose
mission is to ensure that data privacy law is applied to the collection, storage, and use of personal
data.
Possible Solutions

Encryption​ - ​used to be the sole province of geeks and mathematicians, but a lot has changed in
recent years. In particular, various publicly available tools have taken the rocket science out of
encrypting (and decrypting) email and files. GPG for Mail, for example, is an open source
plug-in for the Apple Mail program that makes it easy to encrypt, decrypt, sign and verify emails
using the OpenPGP standard. And for protecting files, newer versions of Apple's OS X operating
system come with FileVault, a program that encrypts the hard drive of a computer. Those
running Microsoft Windows have a similar program. This software will scramble your data, but
won't protect you from government authorities demanding your encryption key under the
Regulation of Investigatory Powers Act (2000), which is why some aficionados recommend
TrueCrypt, a program with some very interesting facilities, which might have been useful to
David Miranda.

Stop incursion and breaching response​ ​-​ Shutting down the avenues to the company’s
warehouse will prevent incursions by the hacker. Management, production and security solutions
must be combined to prevent the targeted attacks.
Having a breach response plan will help in triggering quick response to data breaches and
help in the reduction of harm. The plan could contain steps involving notification of the
concerned staff or the agency who could contain the breach.

Tracking data​ - Tracking the motion of data within the organisational network will prevent any
unintentional use of sensitive information.

Defining ​accessibility​ - Defining accessibility to those who are working on company’s sensitive
data will bring down the risk of malicious users.

Useful Links

- http://undocs.org/A/RES/68/167
- http://bigdata-madesimple.com/15-ways-to-prevent-data-security-breaches/
- https://europa.eu/youreurope/citizens/consumers/internet-telecoms/data-protection-privac
y/index_en.htm
- https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/