Week V Policy Mandates US vs European Approaches to Privacy Laws
docx
keyboard_arrow_up
School
Prince George's Community College, Largo *
*We aren’t endorsed by this school
Course
413
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
2
Uploaded by seth7up.sf
CSIA 413 Week 3 Discussion: Policy Mandates: US vs European Approaches to Privacy Laws
Cybersecurity is always a priority for Red Clay Renovations and with Red Clay being an internationally recognized, award winning firm there needs to be certain frameworks to be adopted. These security frameworks can help assist in understanding multiple avenues of approach to security and governance. With customers coming from many different geographical locations the security requirements change based off the country.
The General Protection Data Regulation (GDPR) is a framework created by the European Union (EU), that supplies obligations onto organizations anywhere, as they target or collect data related to people in the EU (GDPR, 2022). Security frameworks have many key issues that these guidelines are put in place to mitigate some of the issues. There are many key issues including:
Privacy by Design
Privacy by design is the concept of privacy controls embedded into the technological design of the IT medium (GDPR, 2021a). This concept can be a great practice to use to harden security parameters for smart devices for Red
Clay to supply secure smart devices for customers.
Right to be Forgotten
The concept of the “Right to be Forgotten”, is also a key issue associated with the GDPR. The “right to be forgotten” is the concept that allows individuals the ability to request the removal of their personal information from a data platform. This concept can also be described as the mandatory deletion of personal data that is no longer needed for their original processing purpose, or the customers have withdrawn their consent, in which there is no legal grounds for processing or storage of customer information (GDPR, 2021b).
Right to be Informed
The “right to be informed” can be described as the customers’ rights to be informed about their respective collection and use of their personal data, therefore leading to a variety of information obligations by the data manager (GDPR, 2020). Customers need to understand what data is at risk for utilizing a service.
Data privacy is key for any enterprise to protect proprietary and sensitive information. This ensures and instills trust between customers and the company. Red Clay can implement some security best practices to mitigate risk and protect customer data and facilitate customer privacy.
1.
Adopting Data Encryption: Adopting a data encryption technology on Red Clay IT enterprise can facilitate an adequate security control to harden the security posture. Data encryption is the act of protecting data as it is stored on computer systems and transmitted using the internet or other computer networks aligning with the CIA triad (De Groot, 2023).
2.
Developing a Data Protection Officer: Hiring/Appointment and developing a data protection officer can help ensure the organizations’ processes the personal data of customers or other entities in compliance with the applicable data protection rules (GDPR, 2023). This position typically is the subject matter expert when it comes to data privacy and protection. This can be hired in house or even hiring a new employee.
3.
Access Controls: Access Controls can be implemented into Red Clay’s enterprise to assist with hardening data privacy policies. Having a strict process on who has access to the customer data is paramount in securing this same data. Access controls authenticate and authorize individuals to access data they are permitted to utilize (Martin, 2019).
4.
Audits: Adding mandatory vacations for Red Clay IT personnel to conduct audits to ensure authorized practices taking place with customer data. Auditing allows Red Clay Renovations IT administrators the ability to provide a checks and balances of IT practices and access the company’s’ overall cybersecurity posture.
5.
Continuous Monitoring: Continuous monitoring can be a practice adopted into Red Clay’s security practices to allowing a constant monitoring system that monitors the network for the entire enterprise for
anomalies and potential data breaches. Keeping this control allows users data privacy to remain at the forefront to priorities for Red Clay Renovations.
References
De Groot, J. (2023, May 6). What is Data Encryption? Digital Guardian. https://www.digitalguardian.com/blog/what-data-encryption
GDPR. (2020, July 14). Right to be Informed
. General Data Protection Regulation (GDPR). https://gdpr-info.eu/issues/right-to-be-informed/
GDPR. (2021a, October 22). Privacy by Design
. General Data Protection Regulation (GDPR). https://gdpr-info.eu/issues/privacy-by-design/
GDPR. (2021b, October 22). Right to be Forgotten
. General Data Protection Regulation (GDPR). https://gdpr-
info.eu/issues/right-to-be-forgotten/
GDPR. (2022, May 26). What is GDPR, the EU’s New Data Protection Law?
GDPR.eu. https://gdpr.eu/what-is-gdpr/
GDPR. (2023, August 23). Data Protection Officer (DPO)
. European Data Protection Supervisor. https://edps.europa.eu/data-protection/data-protection/reference-library/data-protection-officer-
dpo_en
Martin, J. (2019, August 21). What is Access Control? A Key Component of Data Security
. CSO Online. https://www.csoonline.com/article/564407/what-is-access-control-a-key-component-of-data-security.html
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help