This is one of the 52 terms in The Language of Cybersecurity published by XML Press in 2018 and the contributor for this term is Jay Beta.
What is it?
The concept that individuals own all of their personal information and have sole authority over who should have access to their information and how, when, and where it can be distributed.
Why is it important?
All organizations that deal with private health information in the US must abide by the Health Insurance Portability and Accountability Act (HIPAA). In addition, the European Union’s General Data Protection Regulation (GDPR) legislation affects all organizations that deal with people in the European Union, regardless of where the organization is based. To abide by the law and to respond to customer needs, business professionals must take privacy seriously.
Why does a business professional need to know this?
Privacy is becoming ever more important as organizations collect, analyze, process, and archive large amounts of information about individuals. Personal information is collected by many organizations, including financial institutions, credit agencies, and governments.
Securing private information is one of the greatest challenges of the internet era. As cybersecurity breaches become more frequent, the entities collecting and storing personal information are at risk of unintentionally exposing private data. The Equifax breach of 2017 exposed the private data of 148 million Americans. Once private information is exposed, it can result in a permanent loss of privacy for the affected individuals.
Privacy considerations are global in nature. The European Union has enacted the General Data Protection Regulation (GDPR), which addresses the concerns of people in the EU around loss of privacy. While no equivalent legislation exists in the US, some elements of the US Constitution have been applied to provide protection for some aspects of privacy. In addition, federal statutes, such as the Health Insurance Portability and Accountability Act (HIPAA), have been enacted to protect information in specific areas.
There is evidence to suggest that a generational difference exists on the question of what exactly is privacy and what should (and should not) be private. Many people agree that at least some information should be kept confidential and in the sole possession of the information owner. However, younger people are believed to be more open to sharing personal details on social media platforms. This may help to explain why the US Federal Trade Commission says younger “digital native” consumers are “more vulnerable” to scams and more likely than any other group to have lost money to fraud.
At the same time, older users tend to be skeptical about sharing information they perceive as private. The differences between generations lie in what each generation considers private information. Business professionals need to understand these differences and respect both the privacy concerns of their customers and the regulations under which their organizations operate.