Privacy is no longer as it used to be in the past. Traditionally, Privacy to a larger extent has been an individual responsibility however with the advancement and increased use of technology in recent times, a new phenomenon of data privacy has arisen and this has less to do with individual responsibility but more to do with responsibilities of organisations handling individual’s personal data and the individual’s rights as far as that data is concerned. Personal data is defined as information about an individual or group which means that any information relating to an individual that can be used on its own, or in combination with other information to identify an individual.
What is considered private and personal data may differ according to the society and the individual however there is now some global convergence in defining what is deemed private and the various pieces of legislation in various jurisdiction is showing this. It has become key for organisations in various sectors to also be proactive in putting measures to protect private data especially in an era where cybercrimes are on the rise. The points below give an overview of what data privacy is, its impact and how organisations can ensure a healthy privacy operational environment.
What is Privacy and Personal Data?
Privacy is the ability of an individual or group to seclude themselves, or information about themselves (personal data), and thereby express themselves selectively.
Personal Data includes:
There are other items which may not immediately look like personal data but when combined with other data or the above, become personal data for example when one signs up for competitions or customer loyalty cards information below may be collected and become personal data when combined with the above:
Because personal data relates to an individual, or allows identiﬁcation of an individual, it needs to be carefully protected. However there is a subset of personal data known as sensitive personal data. Sensitive Personal Data includes Personal Data revealing an individual’s:
This category requires extra care when handling or storing.
Data privacy in this case entails the preservation and protecting any personal information, collected by any organization, from being accessed by a third party. Personal data can be maliciously used and it is imperative for organisations to prevent this from happening as it may have long term consequences. Some of the principles of data privacy below provide guidance to ensure privacy and fair processing of personal data:
At operational areas, it is imperative to map the ﬂow of personal information in all formats, from creation or collection, until final disposition including compliance to regulatory requirements where applicable, for example, needssecure destruction or transfer to appropriate archives. From the information flow assessments, business units will have to implement controls that will reduce probabilities of information leakage.
Other solutions of ensuring data privacy include: