CSAP (Cyber Security Alliance Pakistan) highlights the importance of data protection & privacy in a webinar.
Since data protection & privacy both are a prevalent issue, organizations from both public and private sectors have invested millions in protecting their data that includes personal information, customer information, and trade secrets against internal and external breaches. In Pakistan, Government has introduced a draft Data Protection Bill in a similar context.
The webinar was joined by a panel of Global industry leaders and experts, Ammar Jaffri from Pakistan (Former DG FIA – Founder of E-Pakistan and Chief Patron of CSAP), Abdus Saboor from Saudi Arabia (CoFounder CSAP – Founder of IPNEC and Priv0), Steve Gentry from USA (Former InfoSec Officer at Adobe and VMware), Asim Jahan from Netherlands (Sr. Advisor Privacy at Ministry of Justice & Security) and Tauseef Aslam from Pakistan (Business InfoSec Officer at Telenor). They explicitly discussed the challenges organizations come across while rolling out security and privacy programs. The panelists provided guidance and practical approaches in implementing Data Protection and Privacy practices that can assist in devising a way forward for organizations.
The million-dollar question for many organizations is what data to secure and how to secure it. What is important to understand is when comparing between data privacy and data protection is that you can’t ensure privacy unless the required data governance is in place unless data is recognized/classified and further protected by the layer of the right technological components. All this is needed to prevent the compromise of confidentiality and integrity of data.
Data privacy and data protection are very closely interconnected, to the extent that many people often think they are the same thing. But the distinctions between data privacy and data protection are fundamental to understanding how one complements the other. In a nutshell, data protection is about securing data against unauthorized access. data privacy, on the other hand, is about authorized access — who & how has access to data, and who defines it. Another way to probably look at it is that: data protection is essentially a technical issue, whereas data privacy is a legal one.
If someone can steal personal data, it can put you at risk for identity theft and other security breaches. Let us take an example of swiping your credit card for a service provider, you’re doing two things here. Firstly, you’re trusting the service provider and payment system with your personal data protection — with things in mind like Cybercriminals or any unauthorized parties can’t access your credit information without your consent. Secondly, you are also trusting them to honor the right privacy to your data by not misusing the information even though you provided it to them.
The point is that technology alone cannot ensure the privacy of data. Most privacy protection protocols are still vulnerable to authorized individuals who might access the data, which in some cases are also known as malicious insiders. The burden on these authorized individuals is, above all, the privacy laws and related compliances, not technological parameters.