What is Data Privacy | Explained in 30 minutes | Exploring Cybersecurity: Data Protection & Privacy
Summary
Highlights
The speaker, a cybersecurity expert with 15 years of experience, introduces their background, including work at Symantec and leading cyber security teams. This experience was crucial in developing a postgraduate program in cybersecurity. The discussion sets the stage for understanding data security in light of regulations like GDPR, which enforces data privacy and the right to be forgotten.
The video differentiates between 'private' and 'secret' information. Private information is known to exist but its specific content is not known (e.g., a password for a mailbox). Secret information is information that people don't even know exists (e.g., a hidden FTP server). The speaker illustrates this with personal examples like John Matthew's details, emphasizing how private information, even if its presence is known, remains protected because its specific value is unknown to others.
Data privacy is defined as identifying who has access to data, while data protection involves the tools and policies used to restrict that access. Privacy sets the goals, and protection achieves them. The discussion highlights data breaches and the impact on personal data, leading to the consumer's right to control their data, exemplified by GDPR's 'right to be forgotten'.
The speaker explains various types of sensitive data. Personally Identifiable Information (PII) is data that can pinpoint an individual (e.g., name + social security number). Protected Healthcare Information (PHI) includes medical and insurance details, regulated by laws like HIPAA. Payment Card Industry (PCI) data involves credit card information, requiring compliance with PCI DSS for businesses handling such payments.
Beyond regulated data, 'toxic information' includes proprietary information like trade secrets (e.g., Coca-Cola's formula), competitive intelligence (e.g., Walmart's discounting strategies), or unqualified values that might be highly valuable to competitors. The video also covers the process of creating a data inventory, categorizing data by sensitivity (e.g., PII, credit card info, secret algorithms) to determine protection strategies.
Data protection involves techniques like encryption, data encoding, hiding, or masking sensitive information (e.g., showing only the last four digits of a credit card). The speaker provides an example of data masking. The video then touches upon various global privacy laws such as GDPR, e-privacy, Indian Personal Data Protection Bill, and laws in African countries, emphasizing the economic impact and fines for non-compliance, citing Facebook's $887 million fine for cookie consent issues.