Privacy - CompTIA Security+ SY0-701 - 5.4
Privacy Concerns and Data Protection
Overview of Data Collection and Privacy Laws
- Organizations collect vast amounts of data, necessitating adherence to privacy laws that protect this information.
- Local governments gather significant data about individuals, including home, vehicle, and medical licensing information.
- National laws exist to safeguard citizens' privacy; for instance, HIPAA protects health care information across the U.S.
International Privacy Regulations
- The General Data Protection Regulation (GDPR) is a key EU regulation impacting global privacy standards.
- GDPR empowers users by allowing them to control their personal data and request its removal from websites—this is known as the "right to be forgotten."
Definition of Data Subjects
- A "data subject" refers to any identifiable individual whose personal information is collected; essentially, everyone in GDPR-compliant regions qualifies as a data subject.
- The perspective of privacy has shifted towards protecting the rights of individuals rather than placing the burden solely on organizations.
Roles in Data Management
- Organizations designate roles such as data owners (responsible for overall data management), controllers (who manage how data is used), and processors (who handle actual data usage).
- For example, a vice president may own customer relationship data while a treasurer manages financial records.
Data Inventory and Its Implications
- Companies maintain a "data inventory," which catalogs all collected and stored data along with details like ownership and update frequency.