What is Data Privacy?
Data privacy is a division of data protection that ensures the proper handling of personal information, including how, when, and to what degree the data is shared with others. The standards for data privacy, also known as information privacy, are upheld by regulatory requirements and legal obligations.
Data drives the world. Personal information is collected from our everyday actions, like purchasing products or services, visiting a doctor, or even our online activity. Powerful pieces of information lie in the hands of nearly every organization, but individuals do have a say when it comes to their privacy.
Data privacy policies center around three main matters:
- If and how data is shared with third parties.
- How and where information is collected and stored.
- Compliance with governing regulations.
Sensitive information can include any personal, confidential, financial, or intellectual property data. Information protection and privacy laws are often applied to personal health information (PHI), personally identifiable information (PII), and payment card industry (PCI) data. By keeping this information secure and in the right hands, organizations can mitigate insider threats and avoid security breaches.
Countries all over the world enforce data privacy laws to regulate the consent, notice, and use of personal information. Infringements and violations of a person’s confidentiality can result in fines, lawsuits, and have a lasting impact on an organization’s reputation.
In the United States, data privacy laws are regulated at both the federal and state levels. At the federal level, there isn’t one comprehensive rule for data privacy. Instead, the federal laws and regulations are sector or industry-specific. For example:
- The Health Insurance Portability and Accountability Act (HIPAA), protects patient health information.
- The Family Educational Rights and Privacy Act (FERPA), protects student education records.
- The Gramm-Leach Bliley Act (GLBA), protects nonpublic financial information.
- The Children’s Online Privacy Protection Act (COPPA), protects the data of children under 13.
- Sarbanes-Oxley Act (SOX), governs internal fraudulent activity.
Individual states hold the power to impose additional information privacy laws, while still adhering to federal law. California was the first to release its own subset of regulations, which went into effect in 2020. Since then, other states including New York, Colorado, and Illinois have taken steps to issue state-specific data privacy laws.
- California Consumer Privacy Act (CCPA), governs how organizations collect and use data.
- New York Stop Hacks and Improve Electronic Data Security Act (SHIELDS), amends the existing data breach notification law and governs stricter security measures for companies.
- Colorado Privacy Act (PCA), protects the personal data privacy of residents.
- Illinois Biometric Information Privacy Act (BIPA), protects the biometric data of residents.
In the European Union, the structure for data privacy regulations is far different than the U.S. framework. The EU operates under one single legislation known as the General Data Protection Regulation (GDPR). It is one of the most prominent privacy protection laws in place today, due to its extraterritorial reach and extensive protection of personal information. The law applies to all residents within any of the 28 European Union countries.
The GDPR provides individuals with the following 8 rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision-making and profiling.
Why is Data Privacy Important?
One of the main reasons organizations comply with data privacy laws is due to governing regulations. If a business fails to meet its legal responsibilities, they are at risk for hefty fines and lawsuits. However, the importance of data privacy isn’t just a legal matter.
Organizations also have an ethical responsibility to protect their customer’s confidentiality. Data is one of the most valuable assets of a business. For many companies, customer information serves as their core resource. In order to build consumer trust, businesses should openly state and abide by their privacy policies. They should also be transparent in how they request consent, use, and manage personal information.
How Sentinel Helps With Data Privacy in PeopleSoft
ERP systems, like PeopleSoft, are used in many hospitals, schools, and financial institutions. These applications contain an unparalleled amount of PII/PCI data, making them an ideal target for hackers. Protecting consumer information and meeting compliance regulations is crucial for organizations running these applications.
Sentinel provides visibility into enterprise data access, helping understand who has it, how it’s provided, and where it’s stored. The application easily identifies the pages and tables in PeopleSoft with PII/PCI data fields. It also includes functionalities to scrub live data from support databases and mask sensitive data for unauthorized users.
Sentinel’s approach to data protection includes:
- Simplified administration and managing user access to PII/PCI data.
- Transaction monitoring and tracking changes on database tables.
- PII/PCI data mapping.
- Delivered best practice PeopleSoft audit reports and controls.
- Access monitoring for privileged access or restricted pages and data.