Scribd
Upload
1K views

Privacy and Its Relation To Cloud Based Information Systems

Information privacy and data privacy concern the collection and sharing of personal data while protecting personally identifiable information. Concerns include third parties accessing emails or web browsing histories without consent. Personally identifiable information refers to data that can uniquely identify an individual. When using cloud services, companies should have valid reasons for collecting personal data, notify users of intended data use, obtain consent, only use data as stated, implement security measures, allow user access and updating of data, retain data only as long as necessary, and securely dispose of data.

Uploaded by

Creative Designer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
1K views

Privacy and Its Relation To Cloud Based Information Systems

Information privacy and data privacy concern the collection and sharing of personal data while protecting personally identifiable information. Concerns include third parties accessing emails or web browsing histories without consent. Personally identifiable information refers to data that can uniquely identify an individual. When using cloud services, companies should have valid reasons for collecting personal data, notify users of intended data use, obtain consent, only use data as stated, implement security measures, allow user access and updating of data, retain data only as long as necessary, and securely dispose of data.

Uploaded by

Creative Designer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Privacy and its relation to cloud based

information systems:

Information privacy or data privacy is the relationship between collection and


dissemination of data, technology, the public expectation of privacy, and the legal
issues surrounding them. The challenge in data privacy is to share data while protecting
personally identifiable information. The fields of data security and information security
design and utilize software, hardware, and human resources to address this issue. The
ability to control what information one reveals about oneself over the Internet, and who
can access that information, has become a growing concern. These concerns include
whether email can be stored or read by third parties without consent, or whether third
parties can track the web sites someone has visited. Another concern is whether web
sites which are visited collect, store, and possibly share personally identifiable
information about users. Personally identifiable information (PII), as used in information
security, refers to information that can be used to uniquely identify, contact, or locate a
single person or can be used with other sources to uniquely identify a single individual .

Customer information may be "user data" or "personal data." User data is information collected from a
customer, including:

 Any data that is collected directly from a customer; e.g., entered by the customer via an
application's user interface
 Any data about a customer that is gathered indirectly; e.g., metadata in documents
 Any data about a customer's usage behavior; e.g., logs or history
 Any data relating to a customer's system; e.g., system configuration, IP address

Personal data, sometimes also called PII, is any piece of data that can potentially be used to uniquely
identify, contact, or locate a single person or can be used with other sources to uniquely identify a single
individual. Not all customer/user data collected by a company is personal data. Examples of personal
data include:

 Contact information (name, email address, phone, postal address)


 Forms of identification such as Social Security number, driver's license, passport, and fingerprints
 Demographic information such as age, gender, ethnicity, religious affiliation, sexual orientation, or
criminal record
 Occupational information such as job title, company name, or industry
 Health care information such as plans, providers, history, insurance, or genetic information
 Financial information such as bank and credit/debit card account numbers, purchase history, and
credit records
 Online activity including IP address, cookies, flash cookies, and log-in credentials
Protecting Privacy Information

The Federal Trade Commission is educating consumers and businesses about the importance of
personal information privacy, including the security of personal information. Under the FTC Act, the
Commission guards against unfairness and deception by enforcing companies' privacy promises about
how they collect, use, and secure consumers' personal information.

The FTC publishes a guide that is a great educational tool for consumers and businesses alike, titled
"Protecting Personal Information: A Guide for Business." In general, the basics for protecting data privacy
are as follows, whether in a virtualized environment, the cloud, or on a static machine:

 Collection: You should have a valid business purpose for developing applications and
implementing systems that collect, use or transmit personal data.
 Notice: There should be a clear statement to the data owner of a company's or provider's
intended collection, use, retention, disclosure, transfer, and protection of personal data.
 Choice and consent: The data owner must provide clear and unambiguous consent to the
collection, use, retention, disclosure, and protection of personal data.
 Use: Once it is collected, personal data must only be used, including transfers to third parties, in
accordance with the valid business purpose and as stated in the Notice.
 Security: Appropriate security measures must be in place; e.g., encryption, to ensure the
confidentiality, integrity, and authentication of personal data during transfer, storage, and use.
 Access: Personal data must be available to the owner for review and update. Access to personal
data must be restricted to relevant and authorized personnel.
 Retention: A process must be in place to ensure that personal data is only retained for the period
necessary to accomplish the intended business purpose or that which is required by law.
 Disposal: The personal data must be disposed of in a secure and appropriate manner; i.e., using
encryption disk erasure or paper shredders.

You might also like