“Would you be comfortable sharing the hotel you stayed in last night? Would you be comfortable sharing the names of people you messaged this week?”. These were the questions fired by Senator Richard Durbin towards Mark Zuckerberg, the founder, and CEO of Facebook. The Facebook founder was being grilled by Congress for allegedly violating his users’ privacy.
What’s privacy? Simply put, privacy describes the right to be left alone. As Wikipedia puts it, “Privacy is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively”. It simply means users in an organization or users of a product do not want information about them flying around here and there. Also, if for any reason you need to have access to user data or information, express right and permission must be exclusively given by the user in question.
Security deals with protecting data while privacy deals with keeping what’s secret. Privacy is a fundamental human right. The owner of any information deemed private (what’s private is also deemed sensitive) must control access to that data. Penalties usually apply when the custodian of private data fails to keep the data secret.
One of the frameworks that describe a holistic privacy structure is the European Union that created the General Data Protection Regulation (GDPR). It’s a law that controls how firms, companies, and organizations must use personal/private data in integrity, and privacy-compliant manner.
In summary, the core requirements of the GDPR law are enumerated below:
· The law is consistent throughout Europe
· Personal data must be used in line with integrity friendly principles
· Personal data use must be legal
· Personal data use must be respectful to the individual’s rights
· Personal data breaches must be reported within 72 hours
· Businesses are responsible for their suppliers
· The size of the sanctions are significant
Here in Nigeria, we have a similar law called the Nigerian Data Protection Regulation (NDPR) that enforces privacy measures for businesses, organizations, and government parastatals. They also come with huge fines for breaches.
To get started in the privacy field or to get certified with a reputable body, it’s pertinent to take a couple of certifications like:
· Certified Data Privacy Security Engineer by ISACA (CDPSE)
· Certified Information Privacy Manager by IAPP (CIPM)
· Certified Information Privacy Professional also by IAPP (CIPP)
These are industry standard certifications that would give any professional an edge in the privacy field.
To conclude, the scope of cybersecurity can be expanded to include privacy. Not just dealing with protecting information but ensuring it remains secret throughout its lifecycle until deletion by the original owner.
Charles Chibueze CISSP, CISM, CEH.
Victor Funmipe O