Data Privacy vs Data Security
With the spike in individuals working from home, data privacy has increasingly become a larger issue within businesses. Phillips (2020) speaks about how Data Privacy and Data security are different. The key lies in the type of information being protected, how it is protected and who is responsible for said protection.
Data Security refers to the safety of sensitive data from unauthorised external breaches of security. This is generally protected through firewalls, encryptions and other security technology available.
Data privacy also looks to protect sensitive data. The difference lies in who we are protecting this data from, as well as how we go about protecting this data. When protecting privacy, we are not protecting from malevolent threats, but rather ensuring that the data is collected in a responsible, transparent manner that protects the individual and respects their wishes, thus ensuring no information falls into the wrong hands.
Whenever discussing data privacy and security, we as South African’s take The Protection of Personal Information (POPI) Act into consideration. Condition 7 of the POPI Act stipulates the various security safeguards a company needs to put in place, namely an employee given access to personal data must ensure that the appropriate safeguards are put in place to prevent loss of, damage to, or unauthorised destruction of an individual’s personal information. It is also up to the individual in charge of the client’s information to prevent unlawful access to or processing of personal information.
Examples of Data Privacy
Around 2019, Facebook was harshly come down on for their alleged violations of client privacy. A few videos went viral on various platforms about how Facebook keeps logs of the various calls you make, as well as the various SMS’s you send.
According to The Guardian, (2019), the Facebook app does request access to this information, specifically to find friends on the social network as well as personalise the page to your preferences and likings.
The breach in privacy appeared when a second-hand personality quiz app accessed this data from not only the individual taking the personality quiz, but also their Facebook friends and sold this information to another party in the UK. This party, Cambridge Analytica, was known to assist political parties and lobbyists create publicity. Whilst the company did end up paying a hefty fine for this violation, there seems to be very little in terms of buffing up their privacy measures. An assortment of other stories has since emerged on a variety of social media platforms regarding their privacy laws and the measures they will take to ensure them.
Potential threats to Client Privacy
With many companies shifting to telecommute/work from home positions, a variety of threats and benefits have emerged. Working from home tends to be more convenient, employees tend to be more relaxed and happier, and are available to spend more time with family and of course are better protected as from the threat of Covid-19. On the negative end, however, we may not have set boundaries for employees regarding client privacy, home networks are potentially not as secure as business networks and, which puts client’s privacy is at risk.
Family is a big part of any household. The lockdown and its subsequent regulations have made it far easier to spend time and bond with our family members. Unfortunately, with the increased time together as well as the increase in individuals in the household at any given time, we now find ourselves at risk of unintentionally violating POPI laws. When meetings are held virtually, we have little control over who could be nearby listening in on conversations. With everyone from bankers to government officials now holding meetings in this manner, the amount of information that could accidentally be shared is concerning.
With the lockdown restrictions in place, many schools have adopted a new form of teaching. This could be any combination of virtual schooling, physical schooling and self-studying. This situation has led to an influx of students at home, which in turn increases the threat to client and individual privacy. Children are not always aware of the risks or implications of Privacy or Security. As such, children who walk in or overhear certain information may unintentionally hand this information to unauthorised individuals. Aside from this, there is a risk to the child’s privacy as well. Many meetings now include film as well as the recording of meetings. A child who walks in may be filmed or recorded without consent which is a risk.
Now more than ever we find that our data and information is stored digitally, with very little information being stored as a physical copy. This brings with it the increased risk of losing your data, and along with it the unlawful, if unintentional, destruction of client data. Data loss can be a big issue within companies.
Measures to protect Data Privacy
With lockdown restrictions increasing the threat to client privacy this dramatically, we need to consider how to further protect our clients.
In the interest of keeping our client’s privacy ensured, we need to keep our software up to date. We need to ensure all sensitive files are password protected, encrypted, and secured in separate folders in the event that a third party potentially gains access to your personal belongings.
Your hardware should always be protected by a digital back up. If your primary storage of client information fails, is damaged or is stolen you risk the potential destruction of a client’s personal information. To avoid this, keep a variety of copies of this information securely, be it on a hard drive, a cloud system or any other system that may be effective.
Also, ensure any hardware you have is kept safe. Ensure it is not left unprotected in a car, at home or out in the sun where it could be damaged and stolen. Keep it secure at night and put away if any family or friends come over for a visit.
It is extremely difficult to maintain a healthy work/home balance when working remotely. Try and create boundaries and differentiate between your work and office spaces or hours. Enforce rules around when your office hours are and try sticking to them, if meetings and work activities are limited to certain hours, and these behaviours are maintained, it is more likely that your family will learn the pattern and the risk of client privacy exposure is minimalised.
Working at home has changed many things, but it should not change the standard of privacy and security measures a company implements. A company and its employees should aim to achieve the same level of protection regardless of where they are working from. If a company has rules and regulations around the management, collection and handling of client’s data, this should still be enforced.
The Future of Client Privacy
Change is inevitable. As the world is changing, it is only natural to assume that the way we handle client privacy is going to alter as well.
To protect against the threat remote working may present to the invasion of a client’s privacy, perhaps temporary nondisclosure agreements would need to be drawn up for family members to sign.
A training course could potentially be developed around privacy and how to secure client data, as well as new work from home client privacy regulations could be developed and implemented
It is true that our work life has changed in various ways that could pose a higher risk to client privacy and security. This makes understanding Data Privacy and Security even more important in our day-to-day business lives. It is necessary for us to differentiate between the Data Privacy and Data Security. This allows us to understand why Data Privacy is at risk, the threats that have emerged regarding it and as such how you, as companies, can protect against it. This also allows for insight into how the future of Data Privacy could potentially change.