Table of contents
- What Is Data Privacy
- Data Privacy and U.S. Law
- Data Privacy and the GDPR
- What Is Data Protection
- What are Data Protection Principles?
- Key Differences Between the Branches of Data Protection
- Data Privacy vs. Data Protection
- Data Protection vs. Data Security
- Data Security vs. Data Privacy
- Data Protection Technologies and Practices to Protect Your Data
What Is Data Privacy
Data privacy is one of the three main arms of data protection, along with traditional data protection (like backups) and data security. Data privacy practices ensure that sensitive data (including personal data) is only accessed by those who should have access to it.
However, the inherent problem with data privacy is that the laws, recommendations, and best practices are notoriously complex and broad.
They differ depending on which country (and even state) you’re from, so understanding what to do to protect your data (and what people can do with your information) can be pretty difficult.
Below, we’ll explain how data privacy is approached by two major regions – the U.S. and Europe.
Data Privacy and U.S. Law
The U.S. doesn’t have any single comprehensive law that covers all data privacy requirements. Instead, data privacy requirements are derived from a combination of multiple state laws.
However, in recent years, a push has been made toward comprehensive laws for customer data privacy.
The best example of this is the California Privacy Rights Act (CPRA) which was introduced in 2020. This Act expands the rights of consumers and places further compliance obligations on businesses to safeguard these rights.
In most states:
- Companies can use, share, and sell any data they collect about you without telling you that they’re doing so. Any third party they sell the data to can do the same without notifying you.
- There is no standardized requirement for when companies have to tell you that your data was breached.
But recently, a new federal law has been proposed – the American Data Privacy Protection Act (ADPPA). While it still has a long way to go, if introduced, it could nationalize some of the important aspects of other privacy bills like the CPRA.
Other important federal laws that govern data collection include:
- The Children’s Online Privacy Protection Act (COPPA) regulates data collection for minors.
- The Health Insurance Portability and Accounting Act (HIPAA) regulates the collection of health information.
- The Gramm Leach Bliley Act (GLBA) governs data collected by banks and other financial institutions.
- The Fair Credit Reporting Act (FCRA) governs the use of credit information.
Data Privacy and the GDPR
Europe has a comprehensive privacy law known as the General Data Protection Regulation (GDPR) that places several legal requirements on businesses when it comes to data privacy.
Although it’s a European law, the GDPR places obligations on organizations everywhere as long as they’re targeting people who reside in the EU.
The GDPR recognizes several privacy rights for what they call “data subjects”. Data subjects are people who use the internet. Here are people’s rights according to the GDPR:
- The right to be informed. Organizations must inform individuals about what they’re going to do with their personal data.
- The right of access. Individuals have the right to request a copy of their personal data, which is being used in any way by an organization.
- The right to rectification. If an individual’s data is incomplete or incorrect, they have the right to have it fixed.
- The right to erasure. Every individual has the right to have their data deleted without unnecessary delay if the data is no longer necessary.
- The right to restrict processing. In certain circumstances, individuals have the right to limit the way organizations use their data.
- The right to data portability. Individuals, in some cases, can transmit data from one organization to another without hindrance (meaning that data cannot be stored in silos that are incompatible with other data platforms).
- The right to object. Individuals can prevent an organization from using their data.
- Rights in relation to automated decision-making and profiling. In some cases, individuals have the right not to be subject to decision-making that is based solely on automated processing.
What Is Data Protection
Data protection is the overarching method of safeguarding digital information from corruption, loss, or theft. Data privacy, data security, and traditional data protection make up the three arms of data protection.
What are Data Protection Principles?
The Federal Trade Commission (FTC) has introduced seven key principles of data protection. These are recommendations (not requirements) for businesses that expand on how they should treat consumer data.
The key principles of data protection, according to the FTC, are:
- Transparency. Businesses are recommended to have clearer, shorter privacy notices that are easily comprehensible. They should also provide reasonable access to held consumer data, as long as it isn’t sensitive. Finally, businesses should make efforts to educate consumers about data privacy practices.
- Lawful basis for processing. The FTC recommends that businesses provide notice to consumers that they are collecting their data. They should also notify the consumers of what they plan to do with the data and seek their consent to do so.
- Purpose limitation. Businesses should limit data collection practices to those which are required for the business to continue operations. In other words, they shouldn’t collect data that is unnecessary.
- Data minimization. As little consumer data as possible should be collected and held. This minimization helps to reduce risks involved with consumer data retention.
- Proportionality. Similar to purpose limitation, businesses should only collect data that is relevant to the purpose of the data. In other words, data should only be collected if the purpose cannot be completed by any other means.
- Retention. Businesses should delete data which has outlived the purpose for which it was collected. As soon as the data becomes unnecessary, it should be removed.
Key Differences Between the Branches of Data Protection
As we mentioned above, the three branches of data protection are traditional data protection (things like backups), data privacy, and data security.
The differences between these branches can be confusing as there’s a fair bit of overlap, so here’s an explanation:
Data Privacy vs. Data Protection
Data privacy concerns the legality and regulation of data use. Data protection concerns the tools and technologies used to protect data from corruption or loss.
Here’s the major difference between data protection and privacy:
- Data privacy is when an individual or organization determines who has authorized access to particular information in their databases.
- Data protection is the process of safeguarding information from corruption, compromise, or loss. This might involve processes for backup and recovery, like policies that ensure data is retrievable if accidentally deleted.
Data Protection vs. Data Security
Most people use the terms “protection” and “security” interchangeably. However, when it comes to data, these have complex, different meanings.
The major difference is that while data protection seeks to prevent the accidental loss or damage of data, data security seeks to prevent unauthorized access to the data from hackers or other third parties.
An example of data protection is creating backups for data so that it can be recovered in the case that it’s damaged.
Data security, on the other hand, can be defined as the defense against malicious external or internal threats.
An example of a data security measure is multi-factor authentication (MFA) where users must submit multiple verifications to prove their identity and access particular information.
Data Security vs. Data Privacy
Data privacy defines who should have access to certain information. It sets out rules that businesses need to follow to protect the privacy of individuals. Data security concerns the tools and technical processes used to safeguard this data.
Here are the major differences between data privacy and data protection:
- Data security is about protecting digital assets from unauthorized users, whereas data privacy defines who is authorized to access the data.
- Data privacy is the set of policies and regulations that define who can use certain data. Data security, on the other hand, is the mechanism, tools, and procedures used to enforce the policies and regulations set out by data privacy.
- Data privacy is about keeping your data safe from being sold without your permission while data security is about preventing that data from being hacked or stolen.
As you can see, both privacy and data security overlap. You can’t have data privacy without security, but security doesn’t guarantee privacy.
Data Protection Technologies and Practices to Protect Your Data
There are many technologies, services, and even daily habits you can use to protect your data. The most important thing is to practice good cyber hygiene. Cyber hygiene includes all of the practices that you and your family can use to increase your digital security.
Here are some things you can do to protect your data:
- Minimize your digital footprint. Your digital footprint is all of the information you leave about yourself online, like on social media. This information can be used to steal your identity or scam you, and minimizing it is an effective way to protect your data and maintain privacy online.
- Perform regular updates on software and devices. Operating system updates (for PC, Mac, Android, and iOS) often include security patches that safeguard your device against the latest malware and viruses. Likewise, updates for software usually patch vulnerabilities in the code that hackers might exploit.
- Ensure that your accounts are safe. Make sure you use complex, long, and unique passwords for each account and use two-factor authentication (2FA). You should also store your passwords in an encrypted password manager rather than leave them somewhere they can be accessed by a hacker.
- Stay up to date with online threats and scams. Knowing how to spot malicious phishing emails and other scams is essential if you’re going to keep your data private in today’s world. You should regularly check for data leaks and security breaches and make sure your data isn’t for sale on the Dark Web.
- Create regular backups. You should back up your data at regular intervals so that if it’s accidentally deleted (or held ransom), you can retrieve it. Always back up to a separate location like an external hard drive or a cloud storage service.
- Encrypt important data. If any of your devices contain particularly sensitive data, you can encrypt them to prevent hackers from gaining access. Here’s how you can enable encryption on your Mac or Windows computer. Services like Gmail, Outlook, and iOS also provide email encryption capabilities.
- Use a reputable antivirus to protect yourself from hackers. Clario’s all-in-one digital security solution includes a powerful antivirus that can protect your devices from the latest malware, adware, and spyware.
- Use a Virtual Private Network (VPN) to protect your network. A VPN encrypts the data on your network so that unauthorized people can’t gain access to it. Alongside a VPN, you should ensure that your Wi-Fi passwords are updated regularly and are impossible to guess.
In an ever-digital world, keeping your data safe and secure is one of the most important things you can do.