Upcoming SlideShare
Loading in...5

Like this? Share it with your network








Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds


Upload Details

Uploaded via as Microsoft Word

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Ss Document Transcript

  • 1. Discuss about privacy and confidential information and effect ofthe laws pertaining to itIntroductionEvery business must be aware of the types of information that it handles and whetherthis constitutes personal, sensitive personal and/or confidential information, in orderthat it can comply with all applicable legal obligations. The starting point inascertaining such obligations must be to conduct a thorough information audit. Thiswill produce a snapshot of all information processed by a business at any one time.Where possible, this should be carried out by independent auditors but whether this isappropriate will depend upon the size of the business.What is the privacy and confidential information-?Information privacy, or data privacy is the relationship between collection anddissemination of data, technology, the public expectation of privacy, andthe legal and political issues surrounding them.Privacy concerns exist wherever personally identifiable information is collected andstored – in digital form or otherwise. Improper or non-existent disclosure control canbe the root cause for privacy issuesConfidentiality is an ethical principle of discretion associated with the professions,such as medicine, law, psychotherapy. In the field of ethics, law, and mediation, analternative type of legal dispute-resolution, there exist communications between theclient and the professional, which are “privileged” communications that legallycannot be discussed with or divulged to third parties. In business, the confidentialityof information, a mainstream adaptation of the “need to know” principle of themilitary ethic, is basic to the security of corporate information; the employee occupiesa “confidentiality bubble” that restricts the flow of positive and negative informationthat he or she requires to do a job.[1]There are differences between confidentiality and privacy issues.Confidentiality, as it pertains to the triad of information security (confidentiality,integrity and availability), deals with the fact that we need assurances that theinformation being transmitted can be viewed only by the intended recipients.Encryption is a good enabling technology that makes confidentiality possible. Privacy,on the other hand, is the level of confidentiality provided.Corporate users, for instance, have an expectation of privacy, for example, when it
  • 2. comes to e-mail. That is, they believe that their corporate e-mail account is privateand no one should view their e-mail. In reality, most companies do have a privacypolicy that states effectively that employees e-mail is NOT private and that thecompany has the right to view the employees e-mail at any time.PolicyPrivacy Right and Access to Personal InformationThe right of privacy includes an individual’s right to determine with whom he or shewill share information and to know of and exercise control over collection, use,disclosure, access and retention concerning any information collected about him orher. The right of privacy and consent are essential to the trust and integrity of theclient care or service provider relationship.Information rights include the right of access to records, with limited exception andthe right to request correction of personal information about oneself. Individualsmay formally request access to or correction of personal information by followingproper procedures as outlined in the access to and release of information policies.For example, privacy has become a problem for online customers, since the Internethas become transmission line and repository for privacy information. In thee-commerce environment, security system provider asks customers to provide theirown personal information, but customers have little knowledge about how theirinformation will be used. There is still a lack of standards for privacy protection in theonline environment, by taking the limitations and risks of current Internettechnologies into account.Responsibility for ConfidentialityConfidentiality information will have the necessary quality of confidence where it isof confidential character. All reasonable measures must be taken to ensure thatpersonal information is collected, used and disclosed only in circumstances necessaryand authorized for client care, research, education, or as necessary in the conduct ofthe business of the organization. Use, sharing or disclosure of information must bein accordance with the appropriate legislative authority
  • 3. Intentionally viewing confidential information that is not necessary to perform anIndividual’s role is considered a breach of confidentiality even if that information isnot disclosed to another party. Confidential information must not be discussed in anyphysical location where others, not entitled to receive that information, are presentand likely to overhear, unless required in order to fulfill one’s professional role, bylawor with permission from an authorized individual.All companies have secrets. Some are technical such as the detailed specification of amanufacturing process; some are business-related such as a list of customer namesand addresses, which would be useful to a competitor. Some are of enormous value,e.g. the recipe for Coca Cola; others are less valuable. Some are simple, even oneword long, such as the name of a company takeover target, others are complex, suchas the details of a planned advertising campaign. The common factor is that all can beprotected.According to which theories to security and protect the privacy and confidentialinformationPrivacy Policies and Technology:Privacy policies specify under which conditions business can exchange andlegitimately use customer personal information. Each privacy policy, however, differsgreatly because of the lack of standardization across different industries andorganizations. Privacy technologies that address customer’s personal concerns areintroduced to facilitate the applications of privacies policies. The platform for privacypreferences is one of the privacy technologies which allow Web sites to convey theirprivacy policies in a computer-readable format. Another common technology, theLucent Personal Web Assistant (LPWA), provides a pseudonym proxy for logging into Web sites, gives customers consistent access to registration based systems withoutrevealing potentially sensitive personal information.Technology solutions:Confidentiality in an Internet transaction is usually provided by encryption. There areseveral existing mechanisms to secure transactions based on cryptography, includingSSL (Secure Socket Layer), TLS (Transport Layer Security), IPsec (IP security) andVPN (Virtual Private Network). Although IPsec offers a global security to allapplications, the complexity of IPsec comes from the requirements of an IPsec stachto installed, Similarly, due to the dynamic and distributed nature of VPN, asophisticated system is required, In contrast, SSL is widely deployed and itsembedded base will cause it to supersede any other session-layer protocols. Thus, SSLand TLS protocol have been widely implemented and is now regarded as the “de facto
  • 4. standard” for providing secure e-commerce transactions over the Internet.