Data Protection

and Privacy
Data Protection and Privacy
Data privacy defines who has access to data, while data protection provides tools
and policies to actually restrict access to the data

Data protection and privacy is typically applied to personal health information and
personally identifiable information

Data protection signifies the strategic and procedural steps undertaken to

safeguard the privacy, availability, and integrity of sensitive data, and is often
interchangeably used with the term ‘data security.’ These protective measures,
critical for organizations that collect, process, or store sensitive data, aim to
prevent data corruption, loss, or damage
Data Protection
Principles
Data availability—ensuring users can access and use
the data required to perform business even when
this data is lost or damaged
Data lifecycle management—involves automating
the transmission of critical data to offline and online
storage
Information lifecycle management—involves the
valuation, cataloging, and protection of information
assets from various sources, including facility
outages and disruptions, application and user errors,
machine failure, and malware and virus attacks
Data Privacy and its
Importantance
Data privacy is a guideline for how data should be
collected or handled, based on its sensitivity and
importance

Data privacy is typically applied to personal health

information and personally identifiable information

Data privacy helps ensure that sensitive data is

only accessible to approved parties
 DATA PROTECTION REGULATIONS GOVERN
HOW CERTAIN DATA TYPES ARE COLLECTED,
TRANSMITTED, AND USED

Data PERSONAL DATA INCLUDES VARIOUS TYPES

OF INFORMATION, INCLUDING NAMES,
Protection PHOTOS, EMAIL ADDRESSES, BANK ACCOUNT
Regulations DETAILS, IP ADDRESSES OF PERSONAL
COMPUTERS, AND BIOMETRIC DATA

DATA PROTECTION AND PRIVACY

REGULATIONS VARY BETWEEN COUNTRIES,
STATES, AND INDUSTRIES
Data Protection vs Data Privacy

Although both data One addresses policies, the Data privacy defines the Data Protection Technologies
protection and privacy are other mechanisms Data policies that data protection and Practices to Protect Your
important and the two often privacy is focused on tools and processes employ Data Data Discovery- Before
come together, these terms defining who has access to you can protect your data,
do not represent the same data while data protection you need to know what you
thing focuses on applying those have and where it is located
restrictions
Automated Discovery Tools
Data loss prevention is a critical component of data protection, designed to
prevent unauthorized access, leakage, or theft of sensitive information

DLP technologies consist of various tools and processes that help organizations
maintain control over their data

DLP technologies often include monitoring and alert systems that can detect
potential data breaches or other security incidents
Storage with Built-in
Data Protection
Choosing the right storage solution is essential for
ensuring the safety of your data

Modern storage technologies now come equipped

with built-in data protection features, offering
additional layers of security

One of the primary ways storage technologies

protect data is through redundancy
Error Correction
This technology can automatically detect and repair data corruption, ensuring the
integrity of your information

Finally, storage systems with built-in data protection often include granular access
controls, allowing you to restrict who can access your data and under what
circumstances

Backup Backing up your data is a fundamental aspect of data protection

Incremental and Full
Backups
Incremental backups save only the changes made
since the last backup, while full backups create a
complete copy of your data

This can involve daily, weekly, or even monthly

backups, depending on your organization’s needs
and the sensitivity of your data

Snapshots offer an additional layer of protection

for your data by creating point-in-time copies of
your systems and files
Instant Recovery

STORAGE EFFICIENCY
SNAPSHOTS ALSO
DUE TO THEIR
ONE OF THE PRIMARY PROVIDE A FORM OF
INCREMENTAL
BENEFITS OF VERSIONING,
NATURE, SNAPSHOTS
SNAPSHOTS IS THEIR ALLOWING YOU TO
CAN BE MORE
ABILITY TO FACILITATE MAINTAIN MULTIPLE
STORAGE-EFFICIENT
INSTANT RECOVERY VERSIONS OF YOUR
THAN TRADITIONAL
DATA AND SYSTEMS
BACKUPS
Load Balancing
Firewalls play a crucial role in data protection by acting as a barrier between your
internal systems and the outside world

Firewalls can also provide application control, allowing you to restrict or allow
specific applications from accessing your data

Authentication and Authorization Authentication and authorization are essential

components of data protection, ensuring that only authorized individuals can
access your data

Role-based access control is a method of authorization that assigns users specific

roles within your organization, each with its own set of permissions
Identity and Access
Management
Identity and access management systems are
designed to manage user identities and access
rights across your organization

By centralizing authentication and authorization

processes, IAM can help streamline data protection
efforts and improve security

Encryption is the process of converting data into a

code that can only be read by authorized parties
Symmetric Encryption
Symmetric encryption involves using a single key
to encrypt and decrypt data

Asymmetric encryption, also known as public-key

encryption, uses two keys: one to encrypt data
and another to decrypt it

End-to-end encryption is a method of encryption

that ensures data remains protected from the
moment it is sent until it is received by the
intended recipient
Data Erasure
Data erasure involves securely and permanently deleting data from
your systems

Secure data erasure methods involve overwriting the existing

data with new data, making it impossible to recover the original
information

This process is essential for ensuring business continuity and can

help minimize the impact of disasters

This plan should outline the procedures for responding to

disasters and restoring systems and data To ensure the
effectiveness of your disaster recovery plan, it’s important to
regularly test and maintain your procedures
Critical Best Practices for
Ensuring Data Privacy
The following best Part of ensuring data
Your policies should
Creating policies for practices can help privacy is
define how this
data privacy can be you ensure that the understanding what
information is
challenging but it’s policies you create data you have, how it
collected and acted
not impossible are as effective as is handled, and
upon
possible where it is stored

Your privacy policies Policies should also These systems use

should clearly outline include processes for third-party data to
what protections are auditing protections verify users and
needed for your to ensure that eliminate the need to
various data privacy solutions are applied store or transfer user
levels correctly data to your systems
Critical Best Practices for
Ensuring Data Privacy
Many users are aware of privacy concerns and are
likely to appreciate transparency when it comes to how
you’re using and storing data

Data Portability and Data Sovereignty Data portability

is an important requirement for many modern IT
organizations

Data portability also has legal implications—when data

is stored in different countries, it is subject to different
laws and regulations

Cloud data migration was also extremely difficult, in

the early days of cloud computing
Difference between Freedom of
Information and Data Protection

FOI COVERS
INFORMATION HELD BY
PUBLIC AUTHORITIES, DATA PROTECTION
FOI IS ABOUT
BUT NOT REQUESTS LEGISLATION
PROVIDING ACCESS TO
FOR PERSONAL PROTECTS PERSONAL
PUBLIC INFORMATION
INFORMATION ABOUT DATA
THE PERSON MAKING
THE REQUEST