Skip to main content

Data Privacy and Security Issues

With a third-party organisation managing the infrastructure in the cloud, the responsibility to maintain privacy of all personal data is enhanced. It is common and acceptable to share personal data with the cloud but the decision must be an informed one. Personal details of employees, customer data and company secrets must be protected against the potential risks of theft and leakage. One of the classic examples would be that of hacking attacks on Sony PlayStation Network in 2011 – which we discussed in earlier chapters. If this can happen to Sony, which has most of its infrastructure internally, imagine the level of caution that needs to be in place while trusting third party cloud service providers. Let us briefly discuss different elements that need to be made available in contracts and agreements while moving to the cloud.

Privacy and Data Protection

According to a research by IDC (International Data Corporation), 71% of enterprises say preventing the exposure of confidential data and related information is one of their top challenges. The research also pinpoints that the company’s financial and customer information, intellectual properties and personal information of employees are the most vulnerable data. Data that can be traced back to a single individual can be categorised as “personal”. Companies must look for cloud service providers that offer sufficient protection to such sensitive information. To start with, when third-party data has to be moved to the cloud, the existence of any contracts or obligations against such action must be checked for. Following this, depending upon the location of the cloud service provider and industry-specific laws of privacy such as Health Insurance Portability and Accountability Act (HIPAA) or the Gramm-Leach-Bliley Act (GLBA) stringent privacy measures must be applied.

Data Controllers and Data Processors

In order to regulate the use of personal data, the Data Protection Act was established. Under this act, the data controller implies to an entity that determines the purpose of holding personal data and the data processor “processes” the data on behalf of the controller. The data controller takes the ultimate responsibility of complying with the Data Protection Act in case of any discrepancies. Though the cloud service provider is often the data processor, there are some cases where it takes the role of a data controller too. The precise role of the cloud service provider must be evaluated in each case and the obligation for data protection must be assigned to the right entity.

 Data Protection Issues in the Cloud

With the role of the data controller and data processor defined and the level of obligation stated, cloud customers must now evaluate the technical aspects of the provider and learn how they promise to deliver services within the established expectations of protection. Failing this, the following data protection issues can be expected in the cloud environment:
  1. Lack of interoperability and data portability
  2.  Lack of integrity that arises from sharing of resources
  3.  Inability to ensure data compliance measures
  4.  Lack of proper data isolation in the multi-tenant environment
Data protection risks are further amplified when the cloud service provider involves multiple tiers of sub-processors/sub-contractors and data transfer happens between different countries.

Data Protection Laws

Prior to 2011, the Indian judiciary system did not provide space for clear - cut laws pertaining to data protection. However with the enhancement of the data protection laws in the European Union, Information Technology Rules 2011 came into place. Under this act, corporate bodies, Indian government and information providers were subjected to sensible security practices. In addition to this, there are other laws within the Indian Penal Code (IPC) that can assist in practising a reasonable level of security while handling data in the cloud.

The Information Technology Act( Section 43 A)

When a corporate body causes a “wrongful loss or wrongful gain” due to its negligence in maintaining a fair level of security of data, then it is liable to the compensation to the person affected.

The Information Technology Act( Section 72 A)

Privacy breach which may result in imprisonment for up to 3 years and penalty that may extend up to five lacs.

Right to Privacy ( Article 19 and 21)

Right to privacy ( applicable to data privacy as well )
Activity

Find out what are the key features of Information Technology Rules 2011 that relate to business organisation dealing with sensitive/personal data Introduction

Comments

Post a Comment

thank you for visiting :)

Popular posts from this blog

Cloud Computing architecture

Cloud computing architecture refers to all components and sub-components that together form the structure of the cloud computing system. This architecture can be divided into three parts for better understanding – front end, back end and middleware. Each part of the cloud architecture has its own set of functionalities and protocols that work together to deliver on-demand services to user-facing hardware as well as software. In general, the architecture is evolved out of large distributed network applications over the last two decades. Hence it supports any system where resources can be pooled and partitioned as required. The general cloud architecture is capable of running multiple software applications running on multiple virtual hardware in multiple locations to efficiently render on-demand services to the users. The users could be using these software applications from their desktop or laptop or mobile or tablets. Usually, whatever the user is looking at – through t...
Post a Comment
Read more

connection oriented

connection-oriented:- connection-oriented  describes a means of transmitting data in which the devices at the end points use a preliminary  protocol  to establish an end-to-end connection before any data is sent. Connection-oriented protocol service is sometimes called a "reliable" network service, because it guarantees that data will arrive in the proper sequence. Transmission Control Protocol ( TCP ) is a connection-oriented protocol. For connection-oriented communications, each end point must be able to transmit so that it can communicate. The alternative to connection-oriented transmission is the  connection-less  approach, in which data is sent from one end point to another without prior arrangement. Connection-less protocols are usually described as  stateless  because the end points have no protocol-defined way to remember where they are in a "conversation" of message exchanges. Because they can keep track of a conversation, connection-or...
Post a Comment
Read more

What is technical analysis?

 Technical Analysis (also abbreviated as TA) is a popular technique that allows you to do just that. It not only helps you develop a point of view on a particular stock or index but also helps you define the trade keeping in mind the entry, exit and risk perspective.  Like all research techniques, Technical Analysis also comes with its own attributes, some of which can be highly complex. However, technology makes it easy to understand. Technical Analysis is a research technique to identify trading opportunities in market based on the actions of market participants. The actions of market participants can be visualized by means of a stock chart. Over time, patterns are formed within these charts and each pattern conveys a certain message. The job of a technical analyst is to identify these patterns and develop a point of view. Like any research technique, technical analysis stands on a bunch of assumptions. As a practitioner of technical analysis, you need to trade the markets k...
Post a Comment
Read more

tag