Privacy

Created by

Oabusa Madubung

Cards (13)

Edward Snowden: 'Saying you don't need privacy because you have nothing to hide, is like saying you don't need freedom of speech because you have nothing to say.'
Data privacy 
About access, use, collection of data, and the data subject's legal right to the data
Data privacy includes 
Freedom from unauthorized access to private data
Inappropriate use of data
Accuracy and completeness of a person's data
Availability of data to the data subject
The right to inspect, update, and correct this data
There is no such thing as privacy on the internet
Ways to achieve data privacy
Technical – using software and hardware to safeguard data
Social – raising awareness among the internet userbase and the policy makers
Regulatory – complying with regulations such as the GDPR or the Hong Kong regulations
GDPR 
Aims to shift power to the consumer by ensuring users know, understand, and consent to the data collected about them
Companies have to be clear and concise about what will be collected and why and also whether this data will be used to create profiles based on people's behaviour and habits
Allows users to request deletion of photos of them as a minor and requires companies to inform other websites and search engines to remove the photos
Limits the type of data companies can collect, e.g. a ride-sharing app may ask your name, address, and credit card number, but cannot ask your race, political affiliation, religion, or sexual orientation
The South African constitution states that we all have the right to privacy, which includes the right not to have our person or home searched, our property searched, our possessions seized, or the privacy of our communications infringed
The eight principles of the POPI Act
Personal information must be obtained in a lawful and fair manner
The information can only be used for the specified purpose it was originally obtained for
Processing may not be done for purposes beyond the original scope that was agreed to by the data subject
The person who processes the information must ensure that the information is complete, not misleading, up to date and accurate
There should be open communication between the information regulator and the data subject
The person processing the data is accountable to ensure that the measures that give effect to these principles are complied with when processing personal information
The data subject must be able to participate and access the personal information that a responsible party has on them and must be able to correct the information
The person processing data must ensure that the proper security safeguards and measures to safeguard against loss, damage, destruction and unauthorised or unlawful access or processing of the information, has been put in place
FICA (Financial Intelligence Centre Act) laws in South Africa govern financial information to prevent crimes such as money laundering, tax evasion, and other illegal financial acts
Privacy by design 
Embedding data privacy into product design and development using 7 principles: 1) Proactive not reactive, 2) Privacy is the default, 3) Embed privacy into design, 4) Retain full functionality, 5) Ensure E2E security, 6) Maintain visibility and transparency, 7) Keep it user-centric
AI bias 
AI systems can contain racial, ideological, or gender bias due to the data they are trained on, a possible solution is to use contractual ethics where machines are taught certain principles and decision-making skills to apply certain values
Data breaches are sometimes caused by hackers breaking into a database but more often by carelessness or failure to follow good security practices
Major data breaches 
26 million records stolen from the US Veteran's Affairs with no encryption
PlayStation Network breach in 2011
Yahoo breach in 2015 where 500 million accounts were compromised
Zappos (a subsidiary of Amazon) had a major data breach where a cybercriminal gained access to names, email addresses, phone numbers, and encrypted passwords of 24 million customers