Data Protection

Data protection entails safeguarding any personal financial or health information that you have in your custody against misuse, accidental disclosure, theft or damage.

Complying with local and international data protection laws can protect your business from hefty regulatory fines. It can also help you build trust with your customers in this digital age.

Data Privacy vs. Data Protection

The terms data privacy and data protection may seem interchangeable, but there are important distinctions. In the European Union, data privacy is often a basic right guaranteed by law. It gives digital users greater control over access to their personal information. Even without such measures, you can take steps to protect your privacy online.

In contrast, data protection refers to technical data security mechanisms that enable compliance with privacy policies. Businesses, governmental agencies and other groups and organizations can build public trust by guaranteeing the privacy of their customers’ and partners’ sensitive information.

To keep yourself and your data safe, identify any personal information or asset that may be at risk when you open an email or an email attachment, buy a product or service online or surf the internet. Also, avoid practices such as data mining — gathering large amounts of personal, financial or medical information in one place. That creates a potential treasure trove for hackers.

Other steps to protect your information, money, passwords and computer system against various cyber threats include:

It’s likely that many websites you visit collect personal information about you for marketing purposes. They do this through digital cookies they add to your computer browser to track your internet navigation. You can install software to prevent some of the collection. Some sites also allow you to opt out of cookie collection.

7 Principles of Data Protection

If you store or process personal data in your organization, there are basic data protection standards you should keep in mind. Many stakeholders and agencies around the world recognize the following General Data Protection Regulation principles:

Organizations should establish a data management framework that allows them to track, classify and protect personal information in line with these key data protection principles.

Over the past decade, storing information in the cloud has grown as a frontline solution for access and security. Cloud data protection brings on new decisions, such as what model (public clouds, private clouds, community clouds or hybrid clouds) and what services to use. Services include software-as-a-service, platform-as-a-service, function-as-a-service and infrastructure-as-a-service. Cloud storage is most vulnerable to security hacks and data breaches.

A data breach occurs when bad actors illegally access your sensitive personal information. This can include Social Security numbers, banking information and credit card details.

For example, in April 2023, criminals may have accessed names and other sensitive Medicaid details for about 20,800 Iowans. And in February 2023, Brightline discovered hackers had breached Stanford University’s health plan data belonging to covered employees, post-doctoral students and dependents

In a ransomware attack impacting Latitude Financial in March 2023, criminals breached 330,000 customer records, including credit card details of Cole supermarket customers. Since 2005, 14 million Latitude customer records have been stolen.

In March 2023, hackers stole 10 terabytes of data from Western Digital Corp., including volumes of customer information. They demanded a minimum eight-figure ransom not to publish the breached data.

Identity Theft

Identity theft occurs when a cyber criminal steals your personal information and uses it to impersonate you in fraudulent transactions. They can use your credit card or bank account details to make purchases or open bank accounts in your name. Credit card fraud and tax-related fraud are the two most prevalent types of identity theft, but there are many others.

Identity thieves can target anyone. To protect yourself, regularly check your bank and credit card accounts for strange and unexplained transactions, especially unknown purchases. Also use password managers to keep your various passwords secure.

Report any unfamiliar accounts on your credit report. Act quickly if you receive a data breach notification from your service provider.

Scams and Fraud

According to the Federal Trade Commission, scammers stole about $8.8 billion from consumers in 2022. Imposter scams, in which fraudsters impersonate someone you trust or know to trick you into sending them money, accounted for most of the reported losses.

If you’ve been scammed, you can file a complaint with the FTC on their official website. Econsumer.gov is another useful online resource for reporting international fraud.

Personal Health Information

Your medical information is also a lucrative target for theft, as criminals can use it to secure prescription drugs or file insurance claims in your name. In 2022, health care and other organizations reported 707 data breaches impacting 51.9 million records to the Department of Health and Human Services’ Office for Civil Rights.

To protect yourself against the growing risk of medical identity theft, scrutinize your health plan statements and medical files regularly for any inconsistencies.

Experts recommend turning off location tracking and data sharing for marketing purposes whenever possible. If your smart device supports automatic connectivity with nearby devices, disable the feature to protect your personal data.

To help fix bugs and improve the user experience, apps, browsers and consumer tech gadgets like smartphones and laptops often collect your usage data by default. This means your privacy may be at risk if you don’t change the defaults to limit data sharing.

The U.S. has enacted several “standalone” data protection laws, each for a specific sector. Examples include the Health Insurance Portability and Accountability Act for medical information, the Graham-Leach-Bliley Act for the financial realm, and the Privacy Act of 1974 for federal agencies.

The GDPR is more comprehensive and recognizes the right to privacy in Europe. A complementary law, the Data Protection Act, provides rights to residents of the United Kingdom. In the U.S., California has GDPR-inspired data protection laws, and four more states will begin enforcing similar statutes in 2023.

Data Protection Compliance

For regulatory compliance purposes, your organization should establish standard protocols that govern the secure creation, collection, storage and processing of personal information. A data protection officer can oversee the specification of technical requirements, compliance documentation and staff training.