General security

5 Methods for Data Privacy Enhancement

Susan Morrow
July 28, 2018 by
Susan Morrow

Introduction

If orange is the new black, then privacy is the new security — or at least security’s indispensable accessory. We can thank the Facebook/Cambridge Analytica debacle for raising the awareness of just how important digital privacy is. And the fact that 2017 saw a doubling of cybersecurity attacks just brings the whole dystopian data-privacy fiasco into sharp relief.

Data privacy benefits everyone. If an organization takes privacy seriously, it will put measures in place to prevent data exposure – benefitting the entire user base as well as the organization itself. Conversely, the respect shown by doing so should go towards creating better customer relationships and building trust.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

So what can organizations do to ensure that they play their part in enhancing data privacy?

1) Minimize What Data You Collect

Data minimization is the first step towards an all-encompassing approach to data privacy. If you don’t need it, don’t collect it. This action reduces the privacy overhead of a system and is sometimes referred to as the “minimal dataset,” or MDS.

The minimal collection of data usually impacts the collection of personal data such as name, address and so on. For example:

  • Don’t collect name prefixes such as Mrs. or Mr. unless required
  • Ask yourself: do you need to know a person’s full address; could a country or state location suffice?
  • Do you really need a full date of birth, or will age range do?

Data minimization also extends to any questions asked in, for example, a survey. Avoid collecting sensitive information in such surveys — if you don’t need to ask for personal data during a survey, don’t.

Reducing the amount of sensitive or personal data you collect is beneficial for both your customers and your business. If you don’t have something, you don’t have to look after it.

2) Minimize the Data You Release

In a similar manner, you can configure your system to minimize the data you release. This is, of course, dependent on the IT tools you are using, but many systems now come with privacy-enhancement settings. One example is an age request for purchase of an age-restricted item. Instead of offering, or requiring the user’s date of birth to complete the transaction, an age-over request could be made: the response would return the answer yes/no to the request “is this person over 21?”

Modern protocols such as OAuth 2.0 can accommodate this type of exchange.

3) Controlling Data Access

The data you do collect needs to be only accessible on a need-to-know basis. Data access is the devil in the detail of data privacy. You can do all of the minimization you like, but if a malicious entity accesses these data and decides to expose them, all privacy enhancements are out the door — literally.

Access control is also one of the more difficult areas in security to establish. And, in a consumer system there are two sides to the coin and both need to have robust authentication measures applied:

  1. Admin Access: Compromised administrator access to databases is one of the top cybersecurity attack points. Only those administrators who need to have access to sensitive data should have permission. Authentication should be two-factor, using as robust an option as possible. For example: the second factor should be out-of-band and, if possible, limited to company internal IP addresses. Access should be audited.
  2. Data Owner (Customer) Access: Customers often have an account manager which allows access to the personal data held in their account. They may also be able to update this information using that account manager. Under regulations like GDPR, data-access rights such as access to data and data rectification can be accommodated using account managers. However, this is also an attack vector in a system which can lead to data exposure. Ideally, use two-factor authentication to control access to customer accounts and to also ensure that account recovery is secure.

4) Data Encryption is Your Friend

Every day, 4.8 million data records are exposed. Of those, only 4% are encrypted; the rest are open to full exploitation. Encryption is Security 101 and should always be used where sensitive or personal data is collected, stored and shared.

Encryption at rest and during transit needs to be configured to ensure that the data remains private and that any breach impact is minimized.

There is no one-size-fits-all encryption product, so you have to be aware of certain things. These include, is the encryption tool based on a standard algorithm, for example, AES 256. Does it meet expected standards such as the NIST FIPS 140-2 requirements?

Data should be encrypted:

  • At rest,e. when stored in a database on a server or mobile device.  If you hold personal or sensitive data on a hard drive you will need to use hard-disk encryption.
  • During transmission, e.g. browser-based HTTPS using the standard protocols SSL/TLS. Implementation of HTTPS is vital and can be easily misconfigured. It is important to make sure all aspects of your site have encryption enabled. If you use email to transfer sensitive or personal data, you should also look at security measures such as email encryption and/or data-leak prevention software.

5) Respect of Personal Data

Having respect for the privacy of an individual's data will go a long way towards a general enhancement of privacy across a system. Adopting a culture of privacy in your organization begins by understanding that personal data should be given the same respect as you would give a person.

The expression of this respect starts with permission. Taking permission from a user when collecting and using their personal information has three key aspects:

  • Consent: To use the data. Set out what purpose you require the data for in plain language
  • Granular: Take consent in a granular fashion. If you need to use the collected data for more than one purpose, take consent for each purpose to allow users to pick and choose what they wish to allow
  • Revocable: Make sure the consent can easily be revoked

Creating a system that is built with privacy-by-design (PbD) is a key design remit and it is becoming as important a requirement as hardening against cybersecurity attacks. In fact, the two are intrinsically linked. These five key requisites of a privacy-enhanced service, shown above, give you a basic blueprint for data privacy that hopefully will help to ensure that you have a system which takes privacy seriously.

 

Sources

Online Trust Alliance Reports Doubling of Cyber Incidents in 2017, Online Trust Alliance

Breach Level Index, Gemalto

Cryptographic Module Validation Program, NIST

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

10 HTTPS Implementation Mistakes - SEMrush Study, SEMrush

Susan Morrow
Susan Morrow

Susan Morrow is a cybersecurity and digital identity expert with over 20 years of experience. Before moving into the tech sector, she was an analytical chemist working in environmental and pharmaceutical analysis. Currently, Susan is Head of R&D at UK-based Avoco Secure.

Susan’s expertise includes usability, accessibility and data privacy within a consumer digital transaction context. She was named a 2020 Most Influential Women in UK Tech by Computer Weekly and shortlisted by WeAreTechWomen as a Top 100 Women in Tech. Susan is on the advisory board of Surfshark and Think Digital Partners, and regularly writes on identity and security for CSO Online and Infosec Resources. Her mantra is to ensure human beings control technology, not the other way around.