Running Head: DATA SECURITY AND PRIVACY

STUDENT NAME

INSTITUTION AFFILIATION

DATA SECURITY AND PRIVACY

INTENDED AUDIENCE

Corporate institutions: to deal with Privacy and confidentiality of data.

Government authorities: To improve laws governing data security and privacy.

Users: To enlighten them on the best practices to ensure privacy and security of their data.

Importance Statement: The world is continuously evolving with huge amounts of data

generated over different applications. There is need to affirm security and privacy of these data

facets even as they interact with system across the internet.

INTRODUCTION

Cyber security is the greatest concern to both individuals and companies amidst

significant security breaches. These security breaches have escalated over the years with the

development of technology. As of 2019, over 2.7 billion people had fallen victims to data

breaches (Kellerman, 2019). The data has been exemplified over the past few years with the

onset of the COVID-19 pandemic culminating into severe breaches (Aldasoro [Link], 2021).

Consequently, the scope of data breaches varied with the difference in systems attacked. Health

systems, financial systems, social media platforms and other information systems are mostly

targeted for their metadata on users. Consequently, the vulnerabilities in such systems expose

significant client data to possible security and privacy concerns.

There is a striking need to curb the elements of vulnerabilities in systems that handle

data. Currently, internet-bound platforms like social media, banking and health institutions,

among other institutions offer viable targets on malicious access to private data. Since they offer
 DATA SECURITY AND PRIVACY

their services via the network, there is need to prioritize the safeguarding of data within their

systems. As such, data security begins with the analysis of the systems and the possible

vulnerabilities and weaknesses. Consequently, research inspires raising awareness among the

public, monitoring companies data handling techniques and enacting laws to ascertain data

privacy and security. Ideally, it is empirical to focus on the parties involved in the aspect of Data

Privacy and security.

Users

First, the major players on the field of data privacy are the user clients. The users benefit

from the data managing systems enacted by the companies. Their data aids these companies to

customize their services to benefit the individual needs of the clients ([Link], 2018). Many

companies store the metadata on clients at designated storage locations including local and cloud

databases. Ideally, clients stand to lose the most in the case of breaches on their data. However,

at times, they play a role in the vulnerabilities of the systems and present a window for hackers

to breach the systems. Hence, they need to be acquainted with extensive knowledge on how to

best protect their data.

Data sharing is considered one of the significant threats to privacy. With the integration

of various systems over the network, clients may knowingly or unknowingly share their critical

data to malicious hackers. Organisations holding such data legally retract from possible

responsibility with the documentation of the third party sharing and privacy policies. The Third

party policies expose the users to overwhelming responsibility over their data. Surprisingly, 87%

of people don’t even read these privacy policies on third party websites and apps which escalate

to show the ignorance levels within users (The Paypers, 2020). As such, it is crucial for users to
 DATA SECURITY AND PRIVACY

learn how to control the use of their data. This ensures their data is secure and private at all

times.

The Internet stands as a major threat to Data Privacy and Security. With the

exemplification of social media as a pivotal tool in social, political and economic development,

there has been rise in social engineering (Reddy, 2014). This is a technique used by hackers to

gain data from the vulnerability of the users. Clients with semi-literate skills over online activity

may fall prey to these victims and thereby exposing other users to the same threat. This is only

preventable by carefully traversing the Internet and controlling the flow of private data outside

the stipulated systems. Therefore in the case where the basis of sharing data isn't clear,

consultations should be sought.

Moreover, the users also need to reaffirm their control over their data’s security.

Primarily, the basis for sharing data should be ascertained before granting any system access to

Private data. In the past, there have been realizations of how users enable social media platforms

like Facebook to share their data without assessing the possible consequences (Rodriguez, 2020).

Also, users should refrain from using similar passwords on multiple sites. Hackers are known to

target multiple systems with similar records; hence, this would escalate the impacts of breaches

on their data (Science Buddies Staff, 2021). Undoubtedly, the greatest responsibility over private

data rests in the users.

Corporate Institutions

Companies and institutions hold indispensable roles in ensuring data security and

privacy. This is because the effects of data breaches are catastrophic to the company's financial,

legal and general image. Big players like Google, Facebook and Twitter hold their users' data
 DATA SECURITY AND PRIVACY

within highly guarded storage locations; both physical and cloud storages. Both the private and

public sector significantly invest in cyber security with the federal 2021 annual budget in the US

standing at 18.78 billion USD (Johnson, 2020). Similarly, every entity handling user data should

work to emulate strong security measures. A combined effort assures maximum security on the

client data.

Systems interaction is inevitable in the current technological set-up. Most companies

have measures in place to effectively control the flow of data within their database systems.

However, there is need to escalate the control to the subsequent interaction with other systems

(Jang-Jaccard & Nepal, 2014). For instance, a health system may interact with a banking system

for payments. Such interactions are beyond the control of a single party and would involve both

companies and the users. Primarily, it is the role of these institutions to ensure the security of

user data during such transactions. The dynamic interaction of systems should be embedded with

security measures subjected to regular reviews. This would ensure the security and privacy of

user data on these transaction nodes.

Data encryption is emulated in the modern cyber space. Encryption distorts the data into

a non-meaningful format during transmission. There are several encryption techniques used on

this regard. The most common are the AES-256 which has a key length of 256 bits and AES-128

of 128 bits (Toa, 2018). Also, corporate institutions use appropriate salting algorithm to enhance

the security of critical data such as passwords before hashing (Sriramya & Karthika, 2015). Also,

the decryption key should be carefully managed to ensure maximum security during

transmission. These techniques are critical since most organisations fall prey to hackers over the

course of their existence.

Organisations sometimes subject users to privacy concerns on their data. Ideally, there is

always a rush by marketing companies to decipher the nature of the market and hence the

resolution to explore existing databases. Facebook has allegedly been touted to instigate such

breaches with their management accused of sharing user data without user consent (Haskell-

Dowland, 2021). These defects in the corporate policies and user conformity should be

eliminated by all possible means. While the commercial essence of businesses is mandatory to its

survival, sacrificing critical user data is not worth the venture.

Corporate institutions are subjected to laws regarding Data security and privacy.

Regional laws like the General Privacy Data Protection Regulation (GDPR) in the European

Union, and the US Privacy Act of 1974 and HIPPA acts are emulated in respect to data

protection (GDPR, n.d.; HHS, 2013; [Link], 2020). As such, companies are required by law

to adhere to these laws while managing critical user data. Also, by law, these institutions are

required to notify the user in case of breach to their data. These laws and practices come a long

way in ensuring Data Privacy and Security.

Additionally, the role of the companies handling data on the education of the users is vital

to ensure data privacy and security. Both internal and external users need to be aptly educated on

the best practices when handling the system. Raising awareness is elemental in promoting data

privacy and security. Through awareness programs and trainings, corporate institutions ascertain

their role in promoting literacy on the general cyber space. Also, the IT consultants need to

maintain active roles in ensuring security of user data.

CONCLUSION

The quest to ascertain data privacy and security is founded on the mobilization of all

parties involved in the systems handling the data. Raising awareness and literacy levels on the

user base is vital for the general data security measures. Also users need to endow in healthy

online practices and acknowledge the jurisdiction they have over the data. Ideally, the corporate

institutions managing the data systems should be adequately assessed to ascertain their

conformity to the data privacy policies and legal laws. The use of critical data without consent

culminates as a serious crime that is punishable by law. Going forward, every entity should

undertake measures within their jurisdiction to ascertain data privacy and security.
 DATA SECURITY AND PRIVACY

REFERENCES

Aldasoro, I., Frost, J., Gambacorta, L., & Whyte, D. (2021). Covid-19 and cyber risk in the

financial sector (No. 37). Bank for International Settlements.

GDPR. (2019, September 2). General Data Protection Regulation. Retrieved from [Link]

[Link]/

Haskell-Dowland, P. (2021, April 6). Facebook data breach: What happened and why it's hard

to know if your data was leaked. Retrieved from [Link]

data-breach-what-happened-and-why-its-hard-to-know-if-your-data-was-leaked-158417

HHS. (2013, July 26). Summary of the HIPAA security rule. Retrieved from

[Link]

[Link]. (2018, June 28). What is data, and why is it important? Retrieved from

[Link]
Johnson, J. (2020, February 10). U.S. federal government IT cyber security spending FY 2021.

Retrieved from [Link]

fy-budget/

Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of

Computer and System Sciences, 80(5), 973-993.

[Link]. (2020, January 15). Privacy Act of 1974. Retrieved from

[Link]

Kellerman, R. (2019). 2019 the biggest data security breaches…so far. Retrieved from

[Link]
 DATA SECURITY AND PRIVACY

The Paypers. (2020, November). Many people accept privacy policies without reading them,

study reveals. Retrieved from [Link]

accept-privacy-policies-without-reading-them-study-reveals--1245901

Rodriguez, S. (2020, January 29). How to see which sites are sharing your information with

Facebook, and make them stop. Retrieved from

[Link]

[Link]#

Reddy, G. N., & Reddy, G. J. (2014). A study of cyber security challenges and its emerging

trends on latest technologies. arXiv preprint arXiv:1402.1842.

Science Buddies Staff. (2021, April 1). Do People Use Different Passwords for Different

Accounts? Retrieved from [Link]

ideas/HumBeh_p057/human-behavior/do-people-use-different-passwords-for-different-

accounts

Sriramya, P., & Karthika, R. A. (2015). Providing password security by salted password hashing

using bcrypt algorithm. ARPN journal of engineering and applied sciences, 10(13),

5551-5556.

Toa. (2018). A Comparative Study on AES 128 BIT AND AES 256 BIT. INTERNATIONAL

JOURNAL OF COMPUTER SCIENCES AND ENGINEERING. volume 6. 30-33.

10.26438/ijsrcse/v6i4.3033.
DATA SECURITY AND PRIVACY