In this day in age, weâ€™re constantly providing information about ourselves to companies such as medical information, our address, phone numbers, social security numbers, or drivers license number. This private information is needed by companies to help identify ourselves or provide their services to us such as the IRS, our Internet Service Provider, or our employers. Red Clay also collects private information from their clients to better serve them. Privacy has become a big concern that I believe we need to evaluate how weâ€™re storing private information. Today Iâ€™ll be going over three of European Union’s (EU) approach to privacy which are privacy by design, right to be forgotten, and right to be informed. Iâ€™ll also be going over some recommendations to better help privacy for Red Clay.
Privacy by Design
Protection of privacy is highly needed now with the mass amount of personal information stored digitally. To help protect this information the EU has implemented Privacy by Design (PbD). This policy is meant to ensure that the when a program is created, that its security is designed prior to its development. According to the PbD philosophy, to mitigate any privacy risk you shouldnâ€™t create them in the first place. (Burns, 2017) If a program is designed with security with every line of code written, itâ€™ll lessen the possibilities of a breach or an exploit found in the program.
Right to be Forgotten
Letâ€™s say you signed up for service that needed your personal information such as your phone number, address, family members name, and household income. A couple of months later you decided you no longer needed their services anymore. What does that company do when they had private information that are no longer required due to their customers no longer needed their services? The EU has the Right to be Forgotten policy which requires personal data be erased immediately when the data is no longer needed for its original purpose. (General Data Protection Regulation, n.d.) This helps citizens stay at ease with their information being collected with different organizations.
Right to be Informed
As we provide our information to different organizations, itâ€™s important to know what that data is being used for. The EU has the Right to be Informed policy which requires the organization to notify the individual providing their information of how their information would be processed, possible interest of using their data in the future, and possible intentions to transfer their personal data to third countries. (General Data Protection Regulation, n.d.) This policy also informs the client how long their information would be stored for and their right to withdraw their information.
There are practices that can be made to help mitigate cyber threats in Red Clay. The first recommendation would be implementing a complex password policy which requires users to use special characters, numbers, and capitalization in their passwords. (SentinelOne, 2018) A second recommendation would be having multi-factor authentication when logging into a system such as having a smart card or a token to log in. A third recommendation would be ensuring server and router credentials arenâ€™t set with their default credentials when they first arrived at the company. My fourth recommendation would be ensuring all data stored and transferred is encrypted as a added layer of security. My final recommendation would be hiring a third-party company to try to penetrate our systems annually or semi-annually to ensure that our systems that hold customers private information is secure. I believe these recommendations would help secure Red Clay from any kind of cyber attack along side using some of EUâ€™s policies.
We provide our privacy information to a number or different organizations to better utilize their services. As Red Clay also collects private information about their customerâ€™s, itâ€™s vital that we evaluate, and if needed, restructure how we use private information. The European Union have been utilizing some amazing policies on handling private information such as Privacy by Design, Right to be Forgotten, and Right to be Informed. I also ran down a list of recommendations that Red Clay can use to better secure their systems to protect privacy information. Going through EUâ€™s policies and my recommendations, I strongly believe that our clientsâ€™ information would be structurally controlled as well as protected.