Get startedGet started for free

Data protection and privacy

1. Data protection and privacy

You probably wouldn’t share personal details about yourself with just anyone, especially with threat actors. As a cloud security professional, part of your job is to protect personal information from being accessed by unauthorized users. In this video, we’ll discuss data protection and privacy, and how to prevent data from being used in ways that can cause a security incident, like a data breach. It’s important to call out our discussion in this course should not be considered legal advice. Data privacy focuses on an individual’s rights to be in control of how and when their data is accessed and used. It includes the rights to be accurately represented by that information, to be informed about its use, to refuse its use for secondary purposes, and to erase or remove information when they choose. Personal information includes things like one's name, location, contact information, or online or real-world behavior. Just like you may exclude people from a private conversation, a lot of online users want to control or prevent certain types of personal data collection and use. For example, imagine that you are using an app to make an appointment on your smartphone. If you did not disable location services on your smartphone, the app might ask for your location to suggest the closest office to schedule your appointment. You can choose to decline the app’s access to your exact location. This is an example of data privacy. You can also decline to accept cookies when visiting a website, as another example. When you decline or turn off cookies, you are refusing to share personal information about how you interact with websites. There are laws and regulations that have been put into place to protect the privacy rights of users. Examples of these laws include General Data Protection Regulations, or GDPR in Europe, and the California Consumer Privacy Rights Act, also known as CPRA. GDPR and CPRA put laws into place that grant consumers, as data subjects, certain rights regarding the use of their personal information. An organization must take measures to protect the data that they gather to meet data privacy obligations. This is called data protection. Data protection also covers protection of other data, like intellectual property, or IP. IP might include anything from a musical composition to an architectural design that the creator may copyright, trademark, etc. Data protection helps enforce policies and regulations, prevent unauthorized access, focus on keeping information safe from attackers, ensure that data is protected from unauthorized intervention and access, safeguard collected data, and is closely tied to security controls. An organization can protect data by putting controls in place that prevent unauthorized access and keep data and information safe from attackers. To protect data, an organization could ensure that they have good authorization and access control for the data and the systems that house the data, and then, they could use an encryption key to conceal data. They would also want to make sure that good key management policies are in place. In this video, you learned that data protection and privacy are important parts of risk management. You also learned there are laws and regulations that ensure data protection and the right to data privacy. Staying up-to-date with data privacy and protection standards will help you and your organization to mitigate risk, meet compliance standards, and protect users. Remember, when a user’s privacy is safe, they can safely go about their business.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.