Data Security

Data security is the process of safeguarding digital information throughout its entire life cycle to protect it from corruption, theft, or unauthorized access

How many categories are personal data split into

three

Observed Data

Data generated by your devices without your consent

Inferred Data

Data gathered based on combinations of volunteered or observed data (e.g., a credit rating) to influence on any purchase of your interest

Cyber Hygiene

Routine practices that protect against data loss and cyber intrusion.

What is Data

It is raw facts and figures that have no meaning

General principles for keeping data secured online

Use two step authentication, do not save passwords to browser, do not forget to sign out, use privacy web site settings

Where is your personal data stored

In Data Centres across EU

Volunteered Data

Data generated by you when shared and posted on social media platforms

What is Data Centre

A large group of network servers used for storing and processing large amounts of data

What does The Data Protection Act 1988 do

Sets how Governments and organizations use our personal information

Who is your information traded by

By the advertiser and the device manufacturer

Personal data

Information relating to an identified person

Causes of data breach

Weak or stolen passwords, back door and application vulnerabilities, malware, malicious insider, human error, simple solution

List the categories of personal data

Volunteered, observed and inferred

Data and information generated

Digital Footprint

RIPA

Regulation of Investigatory Powers Act

HIBP

A website that allows internet users to check if their personal dat has been compromised by data breaches

Example of a company that suffered from reputation damage

T-Mobile in August 2021

Examples of personal information

Name, address, IP address, biometric data etc.

Meaning of GDPR

To protect individuals' fundamental rights and freedoms, particularly their right to protection of their personal data

Example of a company that suffered from financial loss

The First American Corporation in March 2019

Types of personal data

2

HTTPS (Hypertext Transfer Protocol Secure)

An encrypted and secured version of HTTP which means all communications between the browser and web are encrypted

Example of a company that paid fines as a punishment due to the breach

Amazon in summer 2021

HTTP (Hypertext Transfer Protocol)

the protocol used for transmitting web pages or files over the Internet

Three examples of companies affected by data breach

DarkBeam, Real Estate Wealthy Network & ICMR

ICMR

Indian Council of Medical Research

Meaning of ICO

Provides guidance on data security breach management for companies and organizations

When was the Data Protection Act replaced

In May 2018

Encryption

Process of converting readable data into unreadable characters to prevent unauthorized access.

Example of a company that suffered from theft of data

CAM4 in March 2020

Examples of non-personal information

Data logs, weather and financial systems

The 3 main laws related to collecting & storing data

The European Convention on Human Rights Article 8, Freedom of Information Act (Scotland) & General Data Protection Regulation 2018

Who does the FOISA apply to

All local authorities, NHS, colleges and universities

What does the GDPR state for data stored outside Europe

That it can only be transferred if an adequate level of protection is guaranteed

List the types of personal data

Personal information and non-personal information

ICO

Information Commissioners Office

Data Breach

When sensitive or confidential information is copied, transmitted, or viewed by an individual who is not authorized to handle the data.

Effects of data breach

Reputation damage, theft of data, financial loss & fines

Meaning of RIPA

controls and regulates surveillance and other means of information gathering which public bodies employ in the discharge of their functions.

Data Processor

Maintains records and activities carried out on the personal data.

Has legal liability and is responsible for a data breach

Non-personal data

Information that does not relate to a person and could be

GDPR does not apply to the UK but to all of EU laws so what does

The Data Protection Act 1988

7 Principles of GDPR

Lawfulness, fairness & transparency, Purpose limitation, accountability, accuracy, storage limitations, integrity and confidence, data minimization

When did Freedom of Information Act (Scotland) Act 2002 (or FOISA) came into force

On January 1 2005

List the consents requested to have access to personal data

* Can be withdrawn at any time

* Is not always appropriate

* Needs to remain valid

*****

GDPR

General Data Protection Regulation

Freedom of Information Act (Scotland)

provides public access to information held by the authorities

Who in the company does the GDPR apply to

Data controller and processor

The European Convention on Human Rights Article 8

Everyone has the right to respect for his or her private and family life, home and correspondence

What law was replaced by GDPR 2018

Data Protection Act

What are the exemptions of the FOISA

Relating to matters such as national security, police investigations and the formation of government policy

Data Controller

someone who determines why and how personal data is processed

Exemptions of ECHR

interests of national security, public safety, prevention of disorder or crime