Definition - is about using data responsibly. (what - is about protecting data from and how much information about an malicious threats. (is an attempt to individual is available to other and to avoid undesirable events - sharing whom it is available) information with a competitor, as a - is concern with ensuring that the loss of confidentiality or data integrity) sensitive data an organization - is concern with securing sensitive processes, stores, or transmits is data. ingested compliantly and with consent from the owner of that sensitive data. (同意)
What is - protects identity - protects data
being protected Examples - personal data (name, identification - preventing unauthorized access to card, contact number, email address, data via breaches or leaks, regardless location data, bank account number, of who the unauthorized party is. photos) How the it is - preventing the linking of sensitive data - using tools and technology such as being to its data subject or natural person - firewalls, user authentication, network protected? such as de-identifying personal data, limitations, and internal security or storing it in different places to practices to deter unauthorized reduce the likelihood of re- access to data. identification. Relationship - privacy concerns are impossible to - security controls can be met without between address without first employing also satisfying privacy considerations. privacy and effective security practices. security Limit access - privacy limits access. - security is the process or application for limiting that access. Common 1. Payment Card Industry Data Security Standard (PCI DSS) regulation o It is a set of rules for protecting sensitive payment card information and cardholder data. o It standardizes the security controls for the processing, storage, and transmission of payment data, and measures for personal information often associated with payments, such as names and addresses. o It applies to banks, merchants, third parties, and all other entities that handle cardholder data from the major payment card brands.
2. European Union’s General Data Protection Regulation (GDPR)
o It is an international standard for protecting the privacy of EU citizens. o It establishes important terms and definitions for whose data should be protected, what types of data that entails, and how that data should be managed and secured. o It applies to entity that collects the data of EU citizens.
3. California Consumer Privacy Act (CCPA)
o It is the benchmark United States law regulating how organizations are allowed to process the data of California citizens and their households. o It documents which data is protected and details the requirements for protecting that data. o It applies to all organizations that handle data from Californians.
4. Health Insurance Portability and Accountability Act (HIPAA)
o It is concerned with protecting the sensitive health information of patients across the U.S. o It is particularly complex because of the vast amount and variety of health care data available - everything from a patient’s date of birth to its prescribed medication and X-rays. o It also exists in both physical and digital forms that need to be protected differently, which makes securing private health information. 5. Tokenization o It has the potential to satisfy both data privacy and security concerns. o It can act as a security failsafe to protect sensitive data in the event of a breach, rendering the data stored in the breached system unreadable to cybercriminals. o It can virtually eliminate the risk of data theft, making it a particularly useful tool for risk reduction and compliance in terms of both data privacy and security considerations as it removes sensitive data from internal systems.