Privacy - CompTIA Security+ SY0-701 - 5.4

Privacy Concerns in Data Collection

• Organizations gather vast amounts of data, leading to significant privacy concerns.

• Various privacy laws dictate how organizations must protect this data.

Levels of Privacy Legislation

• Local and State Level: Privacy concerns often begin at local and state levels:

  • Local governments collect data about homes, vehicles, and medical licensing.

• National Level: National laws protect citizens' privacy:

  • Example: HIPAA (Health Insurance Portability and Accountability Act) protects healthcare information for all U.S. citizens.

• International Cooperation: Countries collaborate on privacy laws to protect all citizens globally.

General Data Protection Regulation (GDPR)

• The GDPR is a key privacy law in the EU affecting residents’ privacy rights.

• Data Covered: Protects personal information including:

  • Name, address, photo, email, bank information, online social media posts, etc.

• Control of Data: GDPR empowers individuals to control their data:

  • Individuals can request removal of their data from websites.

  • This autonomy is often referred to as the "right to be forgotten."

• Data Subject Definition: A data subject is any identifiable natural person, extending privacy rights to all residents of member countries.

Shifts in Privacy Perspective

• The GDPR emphasizes data privacy from the data subject's viewpoint:

  • This contrasts with earlier privacy laws that primarily imposed requirements on organizations.

Roles Related to Data Management

• Data Owner: Responsible individual for specific sets of data:

  • Example: Vice president of sales owns customer relationship data.

  • Treasurer owns financial data.

• Data Controller: Manages data usage and compliance:

  • Ex: Payroll department is the data controller for payroll data.

• Data Processor: Actual user of the data:

  • Can be internal or a third-party service (e.g., external payroll processing company).

  • Data processors may operate under a non-disclosure agreement to ensure privacy.

Data Inventory Management

• Organizations maintain a data inventory, akin to physical inventory:

  • Records what data is collected, ownership, update frequency, and data format.

• Understanding Privacy Implications:

  • Understanding usage helps identify privacy concerns:

  • Data may be used internally across various departments, including IT security and collaboration.

• Legal Compliance: When sharing data, adherence to privacy laws is crucial:

  • Awareness of the data inventory and its categories is essential for lawful data sharing.