Data protection refers to the protection of personal data from improper use. It secures the fundamental right of people to informational self-determination and the use of their data. In this article, more about it.
The concept of data protection
Information security is one of the eternal problems. Throughout human history, ways to solve this problem have been determined by the level of technological development. In the modern information society, technology plays the role of activator of this problem – computer crimes have become a hallmark of today.
Data protection means the protection of personal data from misuse, often in connection with the protection of privacy. The purpose and goal of data protection are to secure the fundamental right to informational self-determination of the individual. Everyone should be able to decide for themselves to whom they provide data access and for what purpose.
Personal data is any information that makes it possible to identify natural persons. These include in particular:
- addresses and other contact information;
- data stored in personal documents;
- account and credit card information;
- online data such as IP addresses or location data.
Some types of personal data are classified by the legislature as particularly sensitive. This includes health data, biometric and genetic data, information on sexual orientation and political, ideological, or religious attitudes of persons as well as data relating to criminal offenses and criminal convictions.
Kinds of threats
The basic principles of information security are to ensure the integrity of information, its confidentiality, and at the same time accessibility for all authorized users. From this point of view, the main causes of information security breaches are the following:
- unauthorized access – access to information in violation of the rules of delimitation of access established in the information system;
- information leakage – the result of the violator’s actions, as a result of which the information becomes known (accessible) to entities that do not have the right to access it;
- loss of information – the act by which information in the system ceases to exist for individuals or legal entities that have full or limited ownership of it;
- forgery of information – intentional actions that lead to distortion of information to be processed or stored in the system;
- blocking of information – actions that result in termination of access to information;
- information system malfunction – actions or circumstances that lead to distortion of the information processing process.
Depending on the type of threats, information security can be considered as ensuring the state of protection of the individual, society, state from the impact of poor quality information; information and information resources from the unauthorized influence of third parties; information rights and freedoms of man and citizen. In information law, information security is one of the aspects of considering information relations within the framework of information legislation from the standpoint of protecting vital interests of the individual, society, state and focusing on threats to these interests and mechanisms to eliminate or prevent such threats by legal means.
Data protection measures
Some important measures to protect the information system are considered in the literature. In particular, there are:
- legislative (laws, regulations, standards, etc.); – administrative (actions of a general nature of the organization, made by management);
- procedural (specific security measures dealing with people);
- software and hardware (for identification and authentication of users; access control; logging and auditing; cryptography; shielding, etc.).
Hardware and software protections – tools in which software (firmware) and hardware are completely interconnected and inseparable. Hardware protection means are designed for internal protection of structural elements of means and systems of computer technology: terminals, processors, peripherals, communication lines, and more.