What Are General Principles for Privacy Protection in Information Systems?
Designing information systems in ways that protect data privacy is very important. Customers will be loyal to organizations that protect privacy. Organizations must understand how their customers feel about data privacy. Even though people are sharing more information than ever before, some feel that their privacy is under attack. Organizations must keep in mind that people want to control their personal data.
Organizations can use the fair information practice principles discussed earlier in this chapter to help define the best way to approach privacy. Many information system activities impact personal data privacy. Data collection, storage, use, retention, and destruction practices must be reviewed to make sure that privacy is ensured at each stage in the data life cycle. The steps in the data life cycle (shown in FIGURE 2-1) are:
FIGURE 2-1
The data life cycle.
- Data collection
- Data use
- Data storage
- Data retention
- Data destruction
In the data collection phase, organizations must clearly state the types of data that they need to collect. They also must determine how they are going to collect data from their customers. Active data collection practices that are obvious to the customer should be used. Customers are aware of active data collection practices. The use of web-based forms clearly indicates to a customer that data collection activities are taking place. Customers understand what data is being collected because they are providing the information.
Organizations should avoid passive collection methods. Passive data collection happens secretly when an organization uses devices such as cookies and web beacons. Customers may not know that data collection is occurring with these collection methods.
Organizations must make sure that they use the data that they collect in ways that the customer has approved. They should use the data for no purpose other than what was specified when the data was collected. Information systems will need configuration so that the collected data is available only for its approved use. Organizations also must make sure that only authorized individuals have access to the data. Data must not be disclosed to employees who have no business need for the data.
Organizations also must ensure that they know how the collected data is used within the system. Data must not change when processed in the system. Organizations also will want to include system checks that verify that the personal data collected remains accurate.
Systems sometimes allow customers to create “accounts” that hold their personal data. The organization must ensure that it uses appropriate access control measures for those accounts. These measures protect accounts from unauthorized access. Organizations should also verify that records are updated accurately.
Finally, organizations must keep track of where collected personal data is stored in their systems. Appropriate safeguards are needed to protect the stored data. Organizations may choose to encrypt the collected personal data to protect it from disclosures or security breaches. Employers also should use safeguards to make sure that employees do not store the data on removable media. Personal data must be stored securely to protect it from disclosure.
Organizations should retain personal data only as long as it is needed. Laws and organizational policies specify the appropriate retention periods. An organization must dispose of the data when the retention period expires, using a method that destroys old data in both primary and backup storage systems.
Privacy Policies
Organizations that collect personal data from customers should develop a privacy policy. This policy clearly explains all the protections the organization uses at each stage in the data life cycle, informs customers about personal data collection practices, and explains how the organization uses the data that it collects. The policy manages the privacy expectations of customers and the security obligations of the organization.
International Privacy Laws
The United States does not have a comprehensive data privacy law, although many other nations that conduct business with the United States do have such laws. This difference can make business transactions hard at times.
NOTE
The United Nations has a webpage that shows worldwide data protection and privacy legislation: https://unctad.org/en/Pages/DTL/STI_and_ICTs/ICT4D-Legislation/eCom-Data-Protection-Laws.aspx
European nations recognize privacy as a basic human right. The European Union’s (E.U.) General Data Protection Regulation (GDPR) is a revolutionary and comprehensive data privacy law.35 The GDPR, which was approved in 2016 and came into force in May 2018, sets limits on the collection and use of personal data belonging to an E.U. data subject. The law also grants significant rights to E.U. data subjects. One of the most famous rights is the right to be forgotten. Under this provision, data subjects can request that organizations permanently delete the data subject’s personal information.
NOTE
Under the E.U. GDPR, a data subject is any identified or identifiable natural person. The data subject does not have to be an E.U. citizen. They just have to be physically present in the E.U.
The GDPR is revolutionary because it attempts to regulate organizations outside of the E.U. that collect the data of E.U. data subjects. Organizations located in the E.U. must comply with the GDPR. In addition, organizations that offer goods or services to people in the E.U. or that collect data on people located in the E.U. also must follow the law, even if the organization is not located in the E.U. The GDPR has a very broad scope because it applies to organizations both inside and outside the E.U. Organizations that fail to follow the GDPR are subject to very large fines.