A field closely related to data governance is data privacy. In this post, we will look at what data privacy is as well as principles that need to be kept in mind when trying to keep people’s data private.
Privacy is a term that is difficult to define. For our purposes, data privacy is the amount of control a person has over personal information in terms of how this information is collected, managed, and stored. This definition gives the impression that people have little data privacy because we are so often compelled to share our information online.
Websites often require some surrendering of personally identifiable information (PII) such as name, address, phone number, etc while in the medical field, there is demand for personal health information (PHI). Sharing information about yourself can be frustrating for many but is the cost of doing business online. Naturally, once these various online companies have your data they must be sure to protect it.
Data security is not about collecting or managing data. Rather, data security is focused on the protection of data from unauthorized access. Securing data is critical to protect individuals and organizations from harm because of security breaches. For example, there can be serious financial repercussions if someone’s credit card number is stolen online.
Fair Information Practice Principles
With all the concerns regarding data privacy, it was natural that frameworks would be developed to help organizations with data privacy. One such framework is the Fair Information Practice Principles (FIPPs) developed by the Organization of Economic Development back in the early 1980s. Below are the eight principles in this framework.
- Limits on data collections-Every organization need to determine the smallest amount of data they can connect while still maintaining success
- Data quality-Data that is collected needs to be accurate and pertinent to the purposes of the organization.
- Purpose determination-There must be a clear compelling reason to collect data.
- Limits of use-Personal data must only be used for its intended purpose.
- Security-Data must be protected
- Transparency-People should know that their data is being collected
- Individual participation-People whose data has been collected have the right to access their data, have it corrected, and or erased
- Accountability-Whoever collects this data is responsible for adhering to the principles listed above
The principles shared above have been adopted by many organizations to provide a foundation on which they can develop their own data privacy policies and philosophy.
Data privacy is a major concern in the world today. Organizations whether online or offline continue to demand more information about their customers. As such, this implies that there must be safeguards in place to ensure the protection of this information.