What is Data Privacy | Explained in 30 minutes | Exploring Cybersecurity: Data Protection & Privacy

Share

Summary

This video, presented by a cybersecurity expert with 15 years of experience, delves into the critical concepts of data privacy and data protection. It highlights experiences from working with companies like Symantec and leading cybersecurity teams, which informed the development of a postgraduate program in cybersecurity. The discussion emphasizes various data types, regulations like GDPR and HIPAA, and strategies for protecting sensitive information in an increasingly digital world.

Highlights

Introduction to Cybersecurity and Data Privacy
00:00:00

The speaker, a cybersecurity expert with 15 years of experience, introduces their background, including work at Symantec and leading cyber security teams. This experience was crucial in developing a postgraduate program in cybersecurity. The discussion sets the stage for understanding data security in light of regulations like GDPR, which enforces data privacy and the right to be forgotten.

Private vs. Secret Information
00:02:22

The video differentiates between 'private' and 'secret' information. Private information is known to exist but its specific content is not known (e.g., a password for a mailbox). Secret information is information that people don't even know exists (e.g., a hidden FTP server). The speaker illustrates this with personal examples like John Matthew's details, emphasizing how private information, even if its presence is known, remains protected because its specific value is unknown to others.

Data Privacy vs. Data Protection
00:04:52

Data privacy is defined as identifying who has access to data, while data protection involves the tools and policies used to restrict that access. Privacy sets the goals, and protection achieves them. The discussion highlights data breaches and the impact on personal data, leading to the consumer's right to control their data, exemplified by GDPR's 'right to be forgotten'.

Types of Sensitive Data: PII, PHI, and PCI
00:09:12

The speaker explains various types of sensitive data. Personally Identifiable Information (PII) is data that can pinpoint an individual (e.g., name + social security number). Protected Healthcare Information (PHI) includes medical and insurance details, regulated by laws like HIPAA. Payment Card Industry (PCI) data involves credit card information, requiring compliance with PCI DSS for businesses handling such payments.

Toxic Information and Data Inventory
00:18:19

Beyond regulated data, 'toxic information' includes proprietary information like trade secrets (e.g., Coca-Cola's formula), competitive intelligence (e.g., Walmart's discounting strategies), or unqualified values that might be highly valuable to competitors. The video also covers the process of creating a data inventory, categorizing data by sensitivity (e.g., PII, credit card info, secret algorithms) to determine protection strategies.

Data Protection Strategies and Global Privacy Laws
00:24:06

Data protection involves techniques like encryption, data encoding, hiding, or masking sensitive information (e.g., showing only the last four digits of a credit card). The speaker provides an example of data masking. The video then touches upon various global privacy laws such as GDPR, e-privacy, Indian Personal Data Protection Bill, and laws in African countries, emphasizing the economic impact and fines for non-compliance, citing Facebook's $887 million fine for cookie consent issues.

Recently Summarized Articles

Loading...