Introduction

If orange is the new black, then privacy is the new security — or at least security’s indispensable accessory. We can thank the Facebook/Cambridge Analytica debacle for raising the awareness of just how important digital privacy is. And the fact that 2017 saw a doubling of cybersecurity attacks just brings the whole dystopian data-privacy fiasco into sharp relief.

Data privacy benefits everyone. If an organization takes privacy seriously, it will put measures in place to prevent data exposure – benefitting the entire user base as well as the organization itself. Conversely, the respect shown by doing so should go towards creating better customer relationships and building trust.

So what can organizations do to ensure that they play their part in enhancing data privacy?

1) Minimize What Data You Collect

Data minimization is the first step towards an all-encompassing approach to data privacy. If you don’t need it, don’t collect it. This action reduces the privacy overhead of a system and is sometimes referred to as the “minimal dataset,” or MDS.

The minimal collection of data usually impacts the collection of personal data such as name, address and so on. For example:

  • Don’t collect name prefixes such as Mrs. or Mr. unless required
  • Ask yourself: do you need to know a person’s full address; could a country or state location suffice?
  • Do you really need a full date of birth, or will age range do?

Data minimization also extends to any questions asked in, for example, a survey. Avoid collecting sensitive information in such surveys — if you don’t need to ask for personal data during a survey, don’t.

Reducing the amount of sensitive or personal data you collect is beneficial for both your customers and your business. If you don’t have something, you don’t have to look after it.

2) Minimize the Data You Release

In a similar manner, you can configure your system to minimize the data you release. This is, of course, dependent on the IT tools you are using, but many systems now come with privacy-enhancement settings. One example is an age request for purchase of an age-restricted item. Instead of offering, or requiring the user’s date of birth to complete the transaction, an age-over request could be made: the response would return the answer yes/no to the request “is this person over 21?”

Modern protocols such as OAuth 2.0 can accommodate this type of exchange.

3) Controlling Data Access

The data you do collect needs to be only accessible on a need-to-know basis. Data access is the devil in the detail of data privacy. You can do all of the minimization you like, but if a malicious entity accesses these data and decides to expose them, all privacy enhancements are out the door — literally.

Access control is also one of the more difficult areas in security to establish. And, in a consumer system there are two sides to the coin and both need to have robust authentication measures applied:

  1. Admin Access: Compromised administrator access to databases is one of the top cybersecurity attack points. Only those administrators who need to have access to sensitive data should have permission. Authentication should be two-factor, using as robust an option as possible. For example: the second factor should be out-of-band and, if possible, limited to company internal IP addresses. Access should be audited.
  2. Data Owner (Customer) Access: Customers often have an account manager which allows access to the personal data held in their account. They may also be able to update this information using that account manager. Under regulations like GDPR, data-access rights such as access to data and data rectification can be accommodated using account managers. However, this is also an attack vector in a system which can lead to data exposure. Ideally, use two-factor authentication to control access to customer accounts and to also ensure that account recovery is secure.

4) Data Encryption is Your Friend

Every day, 4.8 million data records are exposed. Of those, only 4% are encrypted; the rest are open to full exploitation. Encryption is Security 101 and should always be used where sensitive or personal data is collected, stored and shared.

Encryption at rest and during transit needs to be configured to ensure that the data remains private and that any breach impact is minimized.

There is no one-size-fits-all encryption product, so you have to be aware of certain things. These include, is the encryption tool based on a standard algorithm, for example, AES 256. Does it meet expected standards such as the NIST FIPS 140-2 requirements?

Data should be encrypted:

  • At rest,e. when stored in a database on a server or mobile device.  If you hold personal or sensitive data on a hard drive you will need to use hard-disk encryption.
  • During transmission, e.g. browser-based HTTPS using the standard protocols SSL/TLS. Implementation of HTTPS is vital and can be easily misconfigured. It is important to make sure all aspects of your site have encryption enabled. If you use email to transfer sensitive or personal data, you should also look at security measures such as email encryption and/or data-leak prevention software.

5) Respect of Personal Data

Having respect for the privacy of an individual’s data will go a long way towards a general enhancement of privacy across a system. Adopting a culture of privacy in your organization begins by understanding that personal data should be given the same respect as you would give a person.

Security Awareness

The expression of this respect starts with permission. Taking permission from a user when collecting and using their personal information has three key aspects:

  • Consent: To use the data. Set out what purpose you require the data for in plain language
  • Granular: Take consent in a granular fashion. If you need to use the collected data for more than one purpose, take consent for each purpose to allow users to pick and choose what they wish to allow
  • Revocable: Make sure the consent can easily be revoked

Creating a system that is built with privacy-by-design (PbD) is a key design remit and it is becoming as important a requirement as hardening against cybersecurity attacks. In fact, the two are intrinsically linked. These five key requisites of a privacy-enhanced service, shown above, give you a basic blueprint for data privacy that hopefully will help to ensure that you have a system which takes privacy seriously.

 

Sources

Online Trust Alliance Reports Doubling of Cyber Incidents in 2017, Online Trust Alliance

Breach Level Index, Gemalto

Cryptographic Module Validation Program, NIST

10 HTTPS Implementation Mistakes – SEMrush Study, SEMrush