SlideShare a Scribd company logo

Unit 6 Privacy and Data Protection 8 hr

Download as PPTX, PDF
Tushar Rajput
Tushar Rajput

The document discusses privacy and data protection. It defines privacy as an individual's ability to control how and when personal information is shared with others. It outlines several international agreements that establish privacy as a universal human right. The document also discusses the three dimensions of privacy - personal, territorial, and informational - and basic privacy principles like transparency and purpose limitation.

Education
1 of 20
Privacy and Data Protection
Right to Privacy and its Legal Framework  The right of privacy is well established in international law. The core privacy principle in modern law may be found in the Universal Declaration of Human Rights. Article 12 of the UDHR states ""No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."  The UN Guidelines for the Regulation of Computerized Personal Data Files (1990) set out Fair Information Practices and recommend the adoption of national guidelines to protect personal privacy. Appropriately, the UN Guidelines note that a derogation from these principles "may be specifically provided for when the purpose of the file is the protection of human rights and fundamental freedoms of the individual concerned or humanitarian
The Concept of Privacy  Def. of privacy = the claim of individuals, groups and institutions to determine for themselves, when, how and to what extent information about them is communicated to others  3 dimensions of privacy: 1) Personal privacy Protecting a person against undue interference (such as physical searches) and information that violates his/her moral sense 2) Territorial privacy Protecting a physical area surrounding a person that may not be violated without the acquiescence of the person  Safeguards: laws referring to trespassers search warrants 3) Informational privacy Deals with the gathering, compilation and selective dissemination of information
 Basic privacy principles ◦ Lawfulness and fairness ◦ Necessity of data collection and processing ◦ Purpose specification and purpose binding  There are no "non-sensitive" data ◦ Transparency  Data subject´s right to information correction, erasure or blocking of incorrect/ illegally stored data ◦ Supervision (= control by independent data protection authority) & sanctions ◦ Adequate organizational and technical safeguards  Privacy protection can be undertaken by: ◦ Privacy and data protection laws promoted by government ◦ Self-regulation for fair information practices by codes of conducts promoted by businesses ◦ Privacy-enhancing technologies (PETs) adopted by individuals ◦ Privacy education of consumers and IT professionals
International Privacy Standards  Privacy is a universal human right. Here is a list of international accords related to privacy that serve as the foundation for national laws, policy frameworks, and international agreements throughout the world.  The Privacy Office is an integral part of the Department’s international engagement efforts, since much of the Department’s work entails cooperation with international partners. Because privacy frameworks vary around the world, it is important to work closely with these partners to ensure that collaborative efforts are consistent with all relevant privacy laws and policies.
Privacy's Role in the International Privacy Arena In support of the Department’s mission, the Privacy Office:  Provides counsel on international agreements related to personal information collection and sharing;  Offers educational outreach and leadership on the Department’s privacy policies and emerging international privacy issues;  Interprets international data protection frameworks to aid in interaction with international partners; and  Counsels the Department and other agency partners on global privacy practices and policy approaches.
Privacy Related Wrongs and Remedies  William Prosser had reviewed the court decisions on privacy cases after the WarrenBrandeis article on privacy and he had opined that the classes of tort actions in relation to privacy matters could be broadly be classified into four heads which are all regarded .These are –  1. Intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs.  2. Public disclosure of embarrassing private facts about the plaintiffas different torts.  3. Publicity which places the plaintiff in a false light in the public eye.  4. Commercial appropriation of the plaintiff’s likeness or name.
The Concept of Security in Cyberspace WHAT IS CYBER SECURITY? Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.
WHY IS CYBER SECURITY IMPORTANT? Governments, military, corporations, financial institutions, hospitals and other businesses collect, process and store a great deal of confidential information on computers and transmit that data across networks to other computers. With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information, as well as safeguard national security. During a Senate hearing in March 2013, the nation's top intelligence officials warned that cyber attacks and digital spying are the top threat to national security, eclipsing terrorism.
Technological Vulnerability  In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.  Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.  To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.
Vulnerability and risk factor models
Information Security Audit Vulnerability Assessment and Penetration Testing Services (VAPT)  Vulnerability Assessments are a process of identifying, quantifying, and prioritizing vulnerabilities in a system. A vulnerability refers to the inability of the system to withstand the effects of a hostile environment.  Penetration Tests are a method of evaluating computer and network security simulating attacks on a computer system or network from external and internal threats.They are usually defined by a given test objective.
NEED OF VAPT  VAPT is a process in which the Information & Communication Technologies (ICT) infrastructure consists of computers, networks, servers, operating systems and application software are scanned in order to identify the presence of known and unknown vulnerabilities.  As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information, product IP, customer lists etc. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc.
Dig: Vulnerability Assessment and Penetration Testing Services (VAPT
Data Protection Position in India  Data protection law in India (Present status):- Data Protection law in India is included in the Act under specific provisions. Both civil and criminal liabilities are imposed for violation of data protection. (1) Section 43 deals with penalties for damage to computer, computer system etc. (2) Section 65 deals with tampering with computer source documents. (3) Section 66 deals with hacking with computer system. (4) Section 72 deals with penalty for breach of confidentiality and privacy. Call centers can be included in the definition of ‘intermediary’ and a ‘network service provider’ and can be penalized under this section.
BPOs AND THE LEGAL REGIME IN INDIA:  Business Process Outsourcing (“BPO”) has emerged as the most challenging sector that has not only generated employment potential in India, but has also brought huge inflow of foreign exchange into the country. Today, India is home to some of the world’s leading BPO companies.  In this context, it is becoming increasingly important to study and examine the legal regime in India pertaining to BPOs and to undertake an examination of data protection laws in the light of the growing concern that data transferred to India may not be adequately protected.
 A BPO takes within its fold various elements such as finance and accounting, customer relationship management, human resources, business process, transcription, and so on. A parent company instead of performing these operations delegates them to a BPO.  It may be an in house operation or a different company may be engaged to perform a particular task. It may be in the same country or in a different country.  The BPO sector in India has an extremely advantageous position because of its low cost structure and large pool of skilled manpower
Child’s Privacy Online  As a parent, you have control over the personal information companies collect online from your kids under 13.  The Children’s Online Privacy Protection Act gives you tools to do that.  The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule. If a site or service is covered by COPPA, it has to get your consent before collecting personal information from your child and it has to honor your choices about how that information is used.
What is COPPA?  The COPPA Rule was put in place to protect kids’ personal information on websites and online services — including apps — that are directed to children under 13. The Rule also applies to a general audience site that knows it’s collecting personal information from kids that age.  COPPA requires those sites and services to notify parents directly and get their approval before they collect, use, or disclose a child’s personal information. Personal information in the world of COPPA includes a kid’s name, address, phone number or email address; their physical whereabouts; photos, videos and audio recordings of the child, and persistent identifiers, like IP addresses, that can be used to track a child’s activities over time and across different websites and online
EVOLVING TRENDS IN DATA PROTECTION AND INFORMATION SECURITY:  The legal systems which deal with them, have been forced to evolve rapidly. Though the changes in law have had to deal with a number of issues in the broad area of cyber laws, the most vibrant of those have been concerned with privacy, information security, information warfare, egovernance, e-commerce and crimes on the Internet.  E-GOVERNANCE  INFORMATION WARFARE  DATA TRANSFER REGIME  PRIVACY

Recommended

Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
tomasztopa
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
WilmerHale
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection Presentation
IBM Business Insight
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
Home
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
Eryk Budi Pratama
 
Data protection
Data protectionData protection
Data protection
Lewis Silkin
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
grahamwell
 

Recommended

Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
tomasztopa
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
WilmerHale
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection Presentation
IBM Business Insight
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
Home
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
Eryk Budi Pratama
 
Data protection
Data protectionData protection
Data protection
Lewis Silkin
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
grahamwell
 
Data protection
Data protectionData protection
Data protection
RaviPrashant5
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
Jisc Scotland
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacy
himanshu jain
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and Privacy
Vertex Holdings
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
SPIN Chennai
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 
GDPR
GDPRGDPR
GDPR
Gopi PD
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
sidra batool
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
The Pathway Group
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
primeteacher32
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
DipanjanDey12
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
SaimaRafiq
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simple
Aurora Computer Studies
 
Introduction to cyber law.
Introduction to cyber law. Introduction to cyber law.
Introduction to cyber law.
PROF. PUTTU GURU PRASAD
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Security
mtvvvv
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
Priyab Satoshi
 
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
ProductNation/iSPIRT
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
abdukadirabdullahuad
 

More Related Content

What's hot

General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
SaimaRafiq
 

What's hot (20)

Data protection
Data protectionData protection
Data protection
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacy
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and Privacy
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
 
GDPR
GDPRGDPR
GDPR
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simple
 
Introduction to cyber law.
Introduction to cyber law. Introduction to cyber law.
Introduction to cyber law.
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Security
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 

Similar to Unit 6 Privacy and Data Protection 8 hr

iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
ProductNation/iSPIRT
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
adampcarr67227
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
Dmcenter
 
iSPIRT’s Response- White Paper on Data Protection Framework for India
iSPIRT’s Response- White Paper on Data Protection Framework for IndiaiSPIRT’s Response- White Paper on Data Protection Framework for India
iSPIRT’s Response- White Paper on Data Protection Framework for India
ProductNation/iSPIRT
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Dr. Donald Macfarlane
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance
Raffa Learning Community
 

Similar to Unit 6 Privacy and Data Protection 8 hr (20)

iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
Cie 2 cyber law
Cie 2 cyber lawCie 2 cyber law
Cie 2 cyber law
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Data privacy Legislation in India
Data privacy Legislation in IndiaData privacy Legislation in India
Data privacy Legislation in India
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptx
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
Review questions
Review questionsReview questions
Review questions
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?
 
iSPIRT’s Response- White Paper on Data Protection Framework for India
iSPIRT’s Response- White Paper on Data Protection Framework for IndiaiSPIRT’s Response- White Paper on Data Protection Framework for India
iSPIRT’s Response- White Paper on Data Protection Framework for India
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance
 

More from Tushar Rajput

M.c.a.(sem iii) operation research
M.c.a.(sem iii) operation researchM.c.a.(sem iii) operation research
M.c.a.(sem iii) operation research
Tushar Rajput
 
M.c.a. (sem ii) operating systems
M.c.a. (sem ii) operating systemsM.c.a. (sem ii) operating systems
M.c.a. (sem ii) operating systems
Tushar Rajput
 
MTP for MCA
MTP for MCAMTP for MCA
MTP for MCA
Tushar Rajput
 
MTP for MCA
MTP for MCAMTP for MCA
MTP for MCA
Tushar Rajput
 
MTP for MCA
MTP for MCAMTP for MCA
MTP for MCA
Tushar Rajput
 
System analysis and_design
System analysis and_designSystem analysis and_design
System analysis and_design
Tushar Rajput
 

More from Tushar Rajput (12)

M.c.a.(sem iii) operation research
M.c.a.(sem iii) operation researchM.c.a.(sem iii) operation research
M.c.a.(sem iii) operation research
 
M.c.a. (sem ii) operating systems
M.c.a. (sem ii) operating systemsM.c.a. (sem ii) operating systems
M.c.a. (sem ii) operating systems
 
MTP for MCA
MTP for MCAMTP for MCA
MTP for MCA
 
MTP for MCA
MTP for MCAMTP for MCA
MTP for MCA
 
MTP for MCA
MTP for MCAMTP for MCA
MTP for MCA
 
System analysis and_design
System analysis and_designSystem analysis and_design
System analysis and_design
 
PHP HTML CSS Notes
PHP HTML CSS NotesPHP HTML CSS Notes
PHP HTML CSS Notes
 
Unit 5 Intellectual Property Protection in Cyberspace
Unit 5 Intellectual Property Protection in CyberspaceUnit 5 Intellectual Property Protection in Cyberspace
Unit 5 Intellectual Property Protection in Cyberspace
 
Unit 4 Commerce and Cyberspace
Unit 4 Commerce and CyberspaceUnit 4 Commerce and Cyberspace
Unit 4 Commerce and Cyberspace
 
Unit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrUnit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hr
 
Unit 2 Regulation of Cyberspace
Unit 2 Regulation of CyberspaceUnit 2 Regulation of Cyberspace
Unit 2 Regulation of Cyberspace
 
Unit 1 Introducation
Unit 1 IntroducationUnit 1 Introducation
Unit 1 Introducation
 

Recently uploaded

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 

Unit 6 Privacy and Data Protection 8 hr

  • 1. Privacy and Data Protection
  • 2. Right to Privacy and its Legal Framework  The right of privacy is well established in international law. The core privacy principle in modern law may be found in the Universal Declaration of Human Rights. Article 12 of the UDHR states ""No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."  The UN Guidelines for the Regulation of Computerized Personal Data Files (1990) set out Fair Information Practices and recommend the adoption of national guidelines to protect personal privacy. Appropriately, the UN Guidelines note that a derogation from these principles "may be specifically provided for when the purpose of the file is the protection of human rights and fundamental freedoms of the individual concerned or humanitarian
  • 3. The Concept of Privacy  Def. of privacy = the claim of individuals, groups and institutions to determine for themselves, when, how and to what extent information about them is communicated to others  3 dimensions of privacy: 1) Personal privacy Protecting a person against undue interference (such as physical searches) and information that violates his/her moral sense 2) Territorial privacy Protecting a physical area surrounding a person that may not be violated without the acquiescence of the person  Safeguards: laws referring to trespassers search warrants 3) Informational privacy Deals with the gathering, compilation and selective dissemination of information
  • 4.  Basic privacy principles ◦ Lawfulness and fairness ◦ Necessity of data collection and processing ◦ Purpose specification and purpose binding  There are no "non-sensitive" data ◦ Transparency  Data subject´s right to information correction, erasure or blocking of incorrect/ illegally stored data ◦ Supervision (= control by independent data protection authority) & sanctions ◦ Adequate organizational and technical safeguards  Privacy protection can be undertaken by: ◦ Privacy and data protection laws promoted by government ◦ Self-regulation for fair information practices by codes of conducts promoted by businesses ◦ Privacy-enhancing technologies (PETs) adopted by individuals ◦ Privacy education of consumers and IT professionals
  • 5. International Privacy Standards  Privacy is a universal human right. Here is a list of international accords related to privacy that serve as the foundation for national laws, policy frameworks, and international agreements throughout the world.  The Privacy Office is an integral part of the Department’s international engagement efforts, since much of the Department’s work entails cooperation with international partners. Because privacy frameworks vary around the world, it is important to work closely with these partners to ensure that collaborative efforts are consistent with all relevant privacy laws and policies.
  • 6. Privacy's Role in the International Privacy Arena In support of the Department’s mission, the Privacy Office:  Provides counsel on international agreements related to personal information collection and sharing;  Offers educational outreach and leadership on the Department’s privacy policies and emerging international privacy issues;  Interprets international data protection frameworks to aid in interaction with international partners; and  Counsels the Department and other agency partners on global privacy practices and policy approaches.
  • 7. Privacy Related Wrongs and Remedies  William Prosser had reviewed the court decisions on privacy cases after the WarrenBrandeis article on privacy and he had opined that the classes of tort actions in relation to privacy matters could be broadly be classified into four heads which are all regarded .These are –  1. Intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs.  2. Public disclosure of embarrassing private facts about the plaintiffas different torts.  3. Publicity which places the plaintiff in a false light in the public eye.  4. Commercial appropriation of the plaintiff’s likeness or name.
  • 8. The Concept of Security in Cyberspace WHAT IS CYBER SECURITY? Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.
  • 9. WHY IS CYBER SECURITY IMPORTANT? Governments, military, corporations, financial institutions, hospitals and other businesses collect, process and store a great deal of confidential information on computers and transmit that data across networks to other computers. With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information, as well as safeguard national security. During a Senate hearing in March 2013, the nation's top intelligence officials warned that cyber attacks and digital spying are the top threat to national security, eclipsing terrorism.
  • 10. Technological Vulnerability  In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.  Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.  To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.
  • 11. Vulnerability and risk factor models
  • 12. Information Security Audit Vulnerability Assessment and Penetration Testing Services (VAPT)  Vulnerability Assessments are a process of identifying, quantifying, and prioritizing vulnerabilities in a system. A vulnerability refers to the inability of the system to withstand the effects of a hostile environment.  Penetration Tests are a method of evaluating computer and network security simulating attacks on a computer system or network from external and internal threats.They are usually defined by a given test objective.
  • 13. NEED OF VAPT  VAPT is a process in which the Information & Communication Technologies (ICT) infrastructure consists of computers, networks, servers, operating systems and application software are scanned in order to identify the presence of known and unknown vulnerabilities.  As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information, product IP, customer lists etc. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc.
  • 14. Dig: Vulnerability Assessment and Penetration Testing Services (VAPT
  • 15. Data Protection Position in India  Data protection law in India (Present status):- Data Protection law in India is included in the Act under specific provisions. Both civil and criminal liabilities are imposed for violation of data protection. (1) Section 43 deals with penalties for damage to computer, computer system etc. (2) Section 65 deals with tampering with computer source documents. (3) Section 66 deals with hacking with computer system. (4) Section 72 deals with penalty for breach of confidentiality and privacy. Call centers can be included in the definition of ‘intermediary’ and a ‘network service provider’ and can be penalized under this section.
  • 16. BPOs AND THE LEGAL REGIME IN INDIA:  Business Process Outsourcing (“BPO”) has emerged as the most challenging sector that has not only generated employment potential in India, but has also brought huge inflow of foreign exchange into the country. Today, India is home to some of the world’s leading BPO companies.  In this context, it is becoming increasingly important to study and examine the legal regime in India pertaining to BPOs and to undertake an examination of data protection laws in the light of the growing concern that data transferred to India may not be adequately protected.
  • 17.  A BPO takes within its fold various elements such as finance and accounting, customer relationship management, human resources, business process, transcription, and so on. A parent company instead of performing these operations delegates them to a BPO.  It may be an in house operation or a different company may be engaged to perform a particular task. It may be in the same country or in a different country.  The BPO sector in India has an extremely advantageous position because of its low cost structure and large pool of skilled manpower
  • 18. Child’s Privacy Online  As a parent, you have control over the personal information companies collect online from your kids under 13.  The Children’s Online Privacy Protection Act gives you tools to do that.  The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule. If a site or service is covered by COPPA, it has to get your consent before collecting personal information from your child and it has to honor your choices about how that information is used.
  • 19. What is COPPA?  The COPPA Rule was put in place to protect kids’ personal information on websites and online services — including apps — that are directed to children under 13. The Rule also applies to a general audience site that knows it’s collecting personal information from kids that age.  COPPA requires those sites and services to notify parents directly and get their approval before they collect, use, or disclose a child’s personal information. Personal information in the world of COPPA includes a kid’s name, address, phone number or email address; their physical whereabouts; photos, videos and audio recordings of the child, and persistent identifiers, like IP addresses, that can be used to track a child’s activities over time and across different websites and online
  • 20. EVOLVING TRENDS IN DATA PROTECTION AND INFORMATION SECURITY:  The legal systems which deal with them, have been forced to evolve rapidly. Though the changes in law have had to deal with a number of issues in the broad area of cyber laws, the most vibrant of those have been concerned with privacy, information security, information warfare, egovernance, e-commerce and crimes on the Internet.  E-GOVERNANCE  INFORMATION WARFARE  DATA TRANSFER REGIME  PRIVACY