Protecting sensitive data is the end goal of almost all IT security measures. Two strong arguments for protecting sensitive data are to avoid identity theft and to protect privacy.
The more valuable the information in your database, the more likely it is to be targeted. If your records include sensitive or financial information that could facilitate fraud, your database will be more appealing to hackers who can use or sell this information for financial gain.
Any information which can identify a living person and can be accessed or processed is personal data. Examples of personal data includes names, phone numbers, addresses, identity card numbers, photos, medical records, employment records and credit reports. Persons who control the collection, holding, processing or use of the data, known as data users should follow these six data protection principles to protect the rights of any individuals, known as data subjects.
The six data protection principles cover the life cycle of a piece of personal data from collection, retention, use to destruction.
If the data user contravenes these six data protection principles the Privacy Commisioner may serve an Enforcement Notice on it directing it to remedy the contravention.
None-compliance with the Enforcement Notice is an offence. An individual who suffers damage by reason of a contravention of the Ordinance may seek compensation from the data user concerned through civil proceedings.
Personal information is like money. Value it. Protect it.
Subscribe to our Telegram channel to instantly receieve the latest cybersecurity news, resources and analysis.