Chapter 4

Data Protection and Privacy

1
Data Protection

 Data protection: is focused on protecting IT assets from

unauthorized use, while data privacy: defines who has
authorized access.
 data protection focuses on keeping that information
from hackers, while data privacy is about keeping your
information from being sold or shared.
 One can say that data protection is mostly a technical
control, while data privacy is more of a process or legal
matter.
 One doesn’t ensure the other, and we need both to
work together as a proper control mechanism. 
2
Data Protection

 Any personal data that could be sensitive or can be used

maliciously by someone is included when
considering data privacy.
 Data protection ensures that your data is safeguarded
from unlawful access by unauthorized parties.

3
Data Protection

 In the digital age, we typically apply the concept of data

privacy to critical personal information, also known as
personally identifiable information (PII) and personal
health information (PHI).
 This can include Social Security numbers, health and
medical records, financial data, including bank account
and credit card numbers, and even basic, but still
sensitive, information, such as full names, addresses
and birthdates. 

4
Data Protection

 Data privacy controls are mostly given to users. Users

can usually control which data is shared with whom.
 Data protection is mostly a company’s responsibility.
 Companies basically need to make sure that the level of
privacy their users have set is implemented and data is
protected.
 Privacy and all associated regulations take place
in four different dimensions:
 informational privacy
 social privacy
 psychological privacy
 physical privacy 5
Data Protection

 Data Protection compliance is a must for any business

which processes data relating to people – which is most
businesses in the world.
 Failure to comply with the regulatory regime can lead to
significant fines and injunctions.
 So you should do regular checks to ensure your policies
and procedures are up to date.
 Making sure that your computer systems are safe and
secure is now an item which ought to be on the top of
the agenda of every business.
 Failures to adequately protect data can leave your
business at significant risk. 6
Importance of Data Privacy

 When data that should be kept private gets in the wrong

hands, bad things can happen.
 A data breach at a government agency can, for
example, put top secret information in the hands of an
enemy state.
 A breach at a corporation can put proprietary data in the
hands of a competitor.
 A breach at a school could put students’ PII in the hands
of criminals who could commit identity theft.
 A breach at a hospital or doctor’s office can put PHI in
the hands of those who might misuse it.
7
Importance of Data Privacy

 Personal data is used to make very important decisions

in our lives.
 Personal data can be used to affect our reputations; and
it can be used to influence our decisions and shape our
behavior.
 It can be used as a tool to exercise control over us.
 And in the wrong hands, personal data can be used to
cause us great harm.

8
Why Privacy Matters?

 Limit on Power: Privacy is a limit on government power,

as well as the power of private sector companies. The
more someone knows about us, the more power they
can have over us.
 Respect for Individuals.
 Reputation Management: Privacy enables people to
manage their reputations.
 Maintaining Appropriate Social Boundaries.

9
Why Privacy Matters?

 Trust: In relationships, whether personal, professional,

governmental, or commercial, we depend upon trusting
the other party. Breaches of confidentiality are breaches
of that trust.
 Control Over One's Life.

10
Information rights: privacy and freedom
in the internet age

 Information technology and systems threaten individual

claims to privacy by making the invasion of privacy
cheap, profitable, and effective.
 In some countries, privacy protection is much more
stringent than other countries. For example, some
countries do not allow businesses to use personally
identifiable information without consumers’ prior consent.

11
Internet Challenges to Privacy

 Internet technology has posed new challenges for the

protection of individual privacy:
1) Information sent over this vast network of networks
may pass through many different computer systems
before it reaches its final destination. Each of these
systems is capable of monitoring, capturing, and
storing communications that pass through it. For
example, an ISP can collect information about which
files you have accessed and which WEB sites you
have visited. Also the sites you visit may collect
information about you.

12
Internet Challenges to Privacy

2) Web sites track searches that have been conducted,

the Web sites and Web pages visited, the online
content a person has accessed, and what items that
person has inspected or purchased over the Web. This
monitoring and tracking of Web site visitors occurs in
the background without the visitor’s knowledge.
3) Cookies: Are tiny files deposited on a computer hard
drive when a user visits certain Web sites. Cookies
identify the visitor’s web browser software and track
visits to the Web site.

13
Cookies are written by a Web site on a visitor’s hard drive. When the visitor
returns to that Web site, the Web server requests the ID number from the cookie
and uses it to access the data stored by that server on that visitor. The Web site
can then use these data to display personalized information
Internet Challenges to Privacy

4) Web beacons, also called Web bugs (or simply

“tracking files”), are tiny software programs that keep a
record of users’ online click stream and report this data
back to whomever owns the tracking file invisibly
embedded in e-mail messages and Web pages that
are designed to monitor the behavior of the user
visiting a Web site or sending e-mail.
5) Spyware can secretly install itself on an Internet user’s
computer by piggybacking on larger applications. Once
installed, the spyware calls out to Web sites to send
banner ads and other unsolicited material to the user,
and it can report the user’s movements on the Internet
to other computers.
15
Technical Solutions for Internet Challenges to Privacy

 Different techniques can be used to protect user privacy

during interactions with Web sites:
1) Encrypting e-mail.
2) Making e-mail or surfing activities appear anonymous.
3) Preventing client computers from accepting cookies.
4) Detecting and eliminating spyware.
5) Applying the Platform for Privacy Preferences (P3P).

16
P3P: Platform for Privacy Preferences

 P3P enables automatic communication of privacy

policies between an e-commerce site and its visitors.
 P3P provides a standard for communicating a Web site’s
privacy policy to Internet users and for comparing that
policy to the user’s preferences or to other standards.
 Users can use P3P to select the level of privacy they
wish to maintain when interacting with the Web site.
 The P3P standard allows Web sites to publish privacy
policies in a form that computers can understand.
 Once it is codified according to P3P rules, the privacy
policy becomes part of the software for individual Web
pages. 17
P3P: Platform for Privacy Preferences

 P3P enables Web sites to translate their privacy policies

into a standard format that can be read by the user’s
Web browser software. The user’s Web browser
software evaluates the Web site’s privacy policy to
determine whether it is compatible with the user’s
privacy preferences.

18
Property Rights: Intellectual Property

 Contemporary information systems have severely

challenged existing law and social practices that protect
private intellectual property.
 Intellectual property is considered to be intangible
property created by individuals or corporations.

20
Internet Challenges to Intellectual Property

 Contemporary information technologies, especially

software, pose severe challenges to existing intellectual
property regimes and, therefore, create significant
ethical, and social issues.
 Digital media differ from books, periodicals, and other
media in terms of ease of replication; ease of transmission;
ease of alteration; difficulty in classifying a software work
as a program, book; compactness—making theft easy; and
difficulties in establishing uniqueness.
 Information technology has made it difficult to protect
intellectual property because computerized information
can be so easily copied or distributed on networks.

21
Technical Solutions for Internet Challenges to
Intellectual Property

 Intellectual property is subject to a variety of protections

under three different legal traditions:
1) trade secrets: Any intellectual work product—a formula,
device, pattern, or compilation of data—used for a
business purpose can be classified as a trade secret,
provided it is not based on information in the public
domain. Trade secret laws grant a monopoly on the ideas
behind a work product.
2) copyright: is a statutory grant that protects creators of
intellectual property from having their work copied by
others for any purpose during the life of the author
3) patent law: A patent grants the owner an exclusive
monopoly on the ideas behind an invention for 20 years.
22