✕ CLOSE Online Special City News Entrepreneurship Environment Factcheck Everything Woman Home Front Islamic Forum Life Xtra Property Travel & Leisure Viewpoint Vox Pop Women In Business Art and Ideas Bookshelf Labour Law Letters
Click Here To Listen To Trust Radio Live

What you should know about data privacy

As Nigeria joins the rest of the  world to mark this year’s data privacy week, many Nigerians still don’t know what data privacy is and…

As Nigeria joins the rest of the  world to mark this year’s data privacy week, many Nigerians still don’t know what data privacy is and how to protect their personal data.  And it is important, too, to know the difference between data privacy and the better known field of data security.

Data privacy, sometimes also referred to as information privacy, is an area of data protection that concerns the proper handling of sensitive data including personal data,  financial data and intellectual property data.

Information security experts said data protection spans three broad categories, namely, traditional data protection (such as backup and restore copies), data security, and data privacy.

Why should companies and individuals care about data privacy?

Experts said companies should care about data privacy because data is perhaps the most important asset a business owns. “We live in a data economy where companies find enormous value in collecting, sharing and using data about customers or users, especially from social media. Transparency in how businesses request consent to keep personal data, abide by their privacy policies, and manage the data that they’ve collected, is vital to building trust with customers who naturally expect privacy as a human right’’, a data privacy expert, Odion Okeychukwu told Daily Trust.

But Okeychuwu said managing data to ensure regulatory compliance is even more important as business may have to meet legal responsibilities about how they collect, store, and process personal data, and non-compliance could lead to a huge fine. “If the business becomes the victim to a hack or ransomware, the consequences in terms of lost revenue and lost customer trust could be even worse’’, he added.

About 7,680 direct and indirect jobs were created  in Nigeria between 2019 and 2021 through the data privacy protection policy of the Federal Government, the National Information Technology Development Agency (NITDA) said on Monday.  

NITDA’s Director General, Kashifu Inuwa Abdullahi, who disclosed this at a press conference to unveil Data Privacy Week’s programme in Abuja, added that about 103 Data Protection Compliance Organizations (DPCOs) were also licensed by NITDA.

The NITDA DG said N4.8billion had been reported as the estimated value of Nigeria’s Data Protection Industry in just two years.

He said the federal government took the issue of data privacy serious because it could make or mar democracy or literally undermine national security with far-reaching dire consequences to Nigeria and its people. 

What are some of the challenges users face when protecting their online privacy?

Online tracking: User behaviour is regularly tracked online. Cookies often record a user’s activities, and while most countries require websites to alert users of cookie usage, users may not be aware of to what degree cookies are recording their activities.

Losing control of data: With so many online services in common use, individuals may not be aware of how their data is being shared beyond the websites with which they interact online, and they may not have a say over what happens to their data.

Lack of transparency: To use web applications, users often have to provide personal data like their name, email, phone number, or location; meanwhile, the privacy policies associated with those applications may be dense and difficult to understand.

Social media: It is easier than ever to find someone online using social media platforms, and social media posts may reveal more personal information than users realize. In addition, social media platforms often collect more data than users are aware of.

Cybercrime: Many attackers try to steal user data in order to commit fraud, compromise secure systems, or sell it on underground markets to parties who will use the data for malicious purposes. Some attackers use phishing attacks to try to trick users into revealing personal information; others attempt to compromise companies’ internal systems that contain personal data.

What are some of the challenges businesses face when protecting user privacy?

Communication: Organizations sometimes struggle to communicate clearly to their users what personal data they are collecting and how they use it.

Cybercrime: Attackers target both individual users and organizations that collect and store data about those users. In addition, as more aspects of a business become Internet-connected, the attack surface increases.

Data breaches: A data breach can lead to a massive violation of user privacy if personal details are leaked, and attackers continue to refine the techniques they use to cause these breaches.

Insider threats: Internal employees or contractors might inappropriately access data if it is not adequately protected.

Personal data can be misused in a number of ways if it is not kept private or if people don’t have the ability to control how their information is used:

Criminals can use personal data to defraud or harass users.

Entities may sell personal data to advertisers or other outside parties without user consent, which can result in users receiving unwanted marketing or advertising.

When a person’s activities are tracked and monitored, this may restrict their ability to express themselves freely, especially under repressive governments.

For individuals, any of these outcomes can be harmful. For a business, these outcomes can irreparably harm their reputation, as well as resulting in fines, sanctions, and other legal consequences.

In addition to the real-world implications of privacy infringements, many people and countries hold that privacy has intrinsic value: that privacy is a human right fundamental to a free society, like the right to free speech.

Data privacy is not data security

Businesses are sometimes confused by the terms and mistakenly believe that keeping personal and sensitive data secure from hackers means that they are automatically compliant with data privacy regulations. This is not the case. Data security protects data from compromise by external attackers and malicious insiders whereas data privacy governs how the data is collected, shared and used.

A comprehensive data strategy enables us to layer data security and data privacy tools to achieve both sets of goals. Imagine that we want to transmit sensitive data to be processed. Encryption in transit or at rest, a data security tool, can help to maintain data confidentiality when data is moved or stored as an attacker who intercepts the transmission or accesses the data would be unable to read the encrypted data. However, the intended recipient who is authorised to access the data would need to decrypt the data in order to process it. Here, data privacy tools like de-identification achieve the goal of disassociability – protecting the data subject. Even if the authorised individual accessing the data misuses it, maliciously or by accident, the identity of those in the dataset is still protected. In this way data security and data privacy are complementary, and a comprehensive data protection strategy requires both.

What are the laws that govern data privacy?

As technological advances have improved data collection and surveillance capabilities, governments around the world have started passing laws regulating what kind of data can be collected about users, how that data can be used, and how data should be stored and protected. Some of the most important regulatory privacy frameworks to know include:

General Data Protection Regulation (GDPR): Regulates how the personal data of European Union (EU) data subjects, meaning individuals, can be collected, stored, and processed, and gives data subjects rights to control their personal data (including a right to be forgotten).

National data protection laws: Many countries, such as Canada, Japan, Australia, Singapore, and others, have comprehensive data protection laws in some form. Some, like Brazil’s General Law for the Protection of Personal Data and the UK’s Data Protection Act, are quite similar to the GDPR.

California Consumer Privacy Act (CCPA): Requires that consumers be made aware of what personal data is collected and gives consumers control over their personal data, including a right to tell organizations not to sell their personal data.

There are also industry-specific privacy guidelines in some countries: for instance, in the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern how personal healthcare data should be handled.

However, many privacy advocates argue that individuals still do not have sufficient control over what happens to their personal data. Governments around the world may pass additional data privacy laws in the future.

What are some of the most important technologies for data privacy?

Encryption is a way to conceal information by scrambling it so that it appears to be random data. Only parties with the encryption key can unscramble the information.

Access control ensures that only authorized parties access systems and data. Access control can be combined with data loss prevention (DLP) to stop sensitive data from leaving the network.

Two-factor authentication is one of the most important technologies for regular users, as it makes it far harder for attackers to gain unauthorized access to personal accounts.

These are just some of the technologies available today that can protect user privacy and keep data more secure. However, technology alone is not sufficient to protect data privacy.

VERIFIED: It is now possible to live in Nigeria and earn salary in US Dollars with premium domains, you can earn as much as $12,000 (₦18 Million).
Click here to start.