Following are some of the ways in which the security of data may be violated.
- Someone may break into the computer room and take away all storage devices housing sensitive data.
- Uauthorized users may take access to personal data of someone and then use it to gain some advantage. For example if someone gets access to your credit card number then he can use it to do online shopping form your account.
- An unauthorized user may use an online mail server, like mail.yahoo.com to view email message of other users hence causing privacy issues.
- Some can send a virus onto a network causing the network to become very slow or even unusable.
- Some users may gain unauthorized access to bank accounts and transfer a large amount of money from other accounts to his personal account.
- A person may make a computer so busy by sending many requests so that the computer becomes unavailable to authorized users. This is called denial of service situation.
Following are the main threats to Data Security:
- Some authorized user of the data may unintentionally delete or change sensitive data. There are two solutions to this problem. Firstly, the users must be assigned proper rights to minimize such events. Only the authorized users with certain rights may be allowed to delete or modify data after following a step-by-step process. Secondly, periodic backup of data should be taken to recover from this sort of situation.
- Another solution to these types of problems is that proper password protection should be used any resource. A log file should also be maintained to keep track of all the activities on the data/files.
- Some strong encryption algorithm should be used, so that if someone gets access to the data, he/she should not be able to make any sense out of it.
- The solution to infected data is that proper virus scanning software should be used to scan all data coming into the organization.
- Computers and all backing storage devices should be placed in locked rooms with only authorized access to these resources.
- Authorized users must be asked to change their passwords periodically. Very short and common passwords should be avoided.
As discussed in the beginning of this chapter, many organizations gathered data about their employees customers. Some of this data is needed for (purely) efficiently processing the business transactions. For example, a hospital having data about the disease history of patients. All he personal data kept by different organizations may by disclosed by the organization for some legal puposes. For example in the hospital case, the medical researches may use the patient personal data, like his medical history, or any other fields to draw some conclusions. But if the hospital management distributes that data somewhere else, then this may make the patient feel embarrassment e.g. in case when the patient has some mental disorder or has a bad history. The data protection rules refer to such a case, it means that any personal data kept by organization under any circumstances.
An individual has a right to see the data kept about him. For this, he has the right to submit an application to view that data any time.
He also has the right to stop the processing of his data by the organization. He also has a right to claim a compensation from the organization for any kind of disclosure of data disallowed by the law.
No worker of the organization is allowed to disclose or use the data kept by its organization and if he fails to abide by , he is committing a crime.
It is clear from this discussion to provide a safeguard against such crime. Also an organization collecting data should collect only the data adequate necessary for its working and should not collect un-necessary data.
The following points should be considered to ensure the individual’s privacy.
- The organization is responsible for keeping the data updated.
- The organization should keep data for the specified period of time only and cannot keep it longer than necessary.
- At no point during the processing of data, the rights of the subject should be violated.
- The organization is responsible for all kinds of security of data.