Businesses collect multiple personal identifiable information to provide goods or services to individuals, groups as well as private/public enterprises. Many customers (about 65% according to API) do not know how organizations process, transmit, store or discard the data at the end of project lifecycles. Personal Identifiable Information (PII) as names, addresses, driving licenses, social security numbers, employment history, credit history, credit/debit card details and rental history are some of the commonly collected data.
Any exposure of PII data to unscrupulous cyber actors may result in identity compromise for individuals as well as legal and reputational damage for enterprises. Thus, the first reason to ensure companies have the appropriate preventive measures in place to protect the data they hold. At times, local and federal governments can impose hefty fines on mass data collection and usage for unauthorized purposes. Facebook (Meta), Google (Alphabet) and Twitter have been fined millions of dollars by the European Union for either indiscriminate mass data collection or unauthorized usage. Below is a list of current data protection laws which organizations should endeavor to comply with.
GDPR - General Data Protection Regulation (EU) (Web Link: https://gdpr-info.eu/)
HIPPA - Health Insurance Portability and Accountability Act (See resources below)
PCI DSS - Payment Card Industry Data Security Standards (See resources below)
CCPA - California Consumer Privacy Act (Web Link: https://oag.ca.gov/privacy/ccpa)
VCDPA - Virginia Data Privacy Act (US, Web link: See resources below)
COPPA - Children Online Privacy Protection Rule (US, Web Link: See Resources below)
LGPD - Brazilian General Data Protection Law (Web Link: https://gdpr.eu/gdpr-vs-lgpd/)
POPI - South Africa Protection of Personal Information Act (Web Link: https://popia.co.za/
Author - Elisha Ngwana, DSc Cybersecurity student
Online Resources:
HIPPA link - https://www.hhs.gov/hipaa/index.html
PCI DSS link - https://www.pcisecuritystandards.org/
