Policy Engagement on Data Protection

When organizations or agencies employ data protection strategies, they must collect and use customer personal information in accordance with data protection laws. Every organization that gathers consumer or citizen data is obliged to abide by regional and international data security frameworks when processing personal data. And in this regard, personal data must be processed lawfully and in a fair manner.

Every individual who submits their data must be clearly informed and aware of how their data will be processed and by whom.  If the intention of the agency or the organization is to disseminate customer information to the third party but is not transparent of this fact without clearly informing the data subject, the data could be used unfairly. For instance, a financial company contacted one of its customers to tell them about the new credit card they were offering. However, the customer was unclear if the financial company was providing the new card, but in reality, the data was transferred to another bank to process the new credit card. This information was not made clear to the individual in the correspondence from the financial company. Hence it was judged that the data had been unfairly processed.

And while it is not enough to show clarity on what is being done with people’s data, it must also be included that the entity should be lawfully justified in using that data by satisfying a legal ground. With the rise of new technologies, big data, last generation and collection of data that accompanies it, data security and data protection are ever more critical.  Every organization must clearly define and explain to the data subject on the purpose of gathering, processing, and using their data. If a consumer’s information is to be used for an objective other than its original purpose, the data subject must be sufficiently informed about this with the identification of a legal condition in processing the data. Big data and various other data analysis processes must ensure that sensitive consumer information is not processed for intentions other than it was initially specified.

Every and all personal information must be safeguarded, without being disclosed and only made available for the purpose for which it was gathered and specified.  Personal data at rest and in transit, as well as its systems and infrastructure, in which it is relying upon for processing, must be safeguarded by robust data security methods against the dangers of hacking, unlawful or unauthorized access. This data must be safeguarded against loss, destruction or damage in its physical and digital form. If relevant security measures are not taken to protect data and ensure that the infrastructure in which the data relies upon is not secure, the data could be left vulnerable to a variety of risks and threats. The numerous examples of unlawful access and data breaches across the world are a result of poor data security.

The key to protecting personal data successfully must be accountability and the enforcement of sound data protection security measures such as digital rights management. While DRM can adequately safeguard documents and PDF files, the law must hold parties accountable for refusing to comply with the obligations and duties of compliance and data rights protections of individuals.  There must be a clear definition of how data controllers and processes must comply with the law and take all necessary measures to illustrate how they are compliant with the regulation.

Appropriate technical and organizational measures to safeguard data through digital rights management can not only protect the data itself but could also be expanded to include the devices and the infrastructure used at every stage of processing the data, i.e., data at rest and data in transit. Digital rights management enables data controllers and content creators to control not only who can access the content but also what they can do with it. These persistent controls include stopping the editing and saving of the content in unprotected form, preventing the sharing and printing of the document, preventing screenshots and forwarding the material, locking the documents or the PDF files to specific devices, IP addresses, and country locations across the world. Through DRM, documents and PDF files can be watermarked with unique user information to establish an identity.  DRM controls can also be used to revoke access to documents or to place an expiry date on the data file to automatically revoke access after a period of time or use.  In addition, DRM can also track how the data is used, on which device, by whom and when.

As the next logical step in data security, DRM can protect and safeguard intellectual property, customer data and more thus ensuring that data is protected no matter where it goes. For DRM products click here.