Categories
Security Tech

Protecting your personal data in times of uncertainty

Written by – Kiran Kari on Digilah (Tech Thought Leadership)

It has been couple of years since COVID-19 brought the world to a standstill. While countries are opening their borders for business and tourism, it wasn’t long ago that the world shut itself up in a cocoon. The pandemic brought a lot of good when the going was bad. The good was brewing in the human mind – innovation! Businesses and large enterprises have found new ways to engage, employees have found ways to be efficient and productive, and consumers have found creative ways to purchase and consume. 

In the pandemic, the consumer was wary about touching soiled currency notes, the interactive screen at the ATM, or share their credit/debit cards to make that necessary purchase. These are all high touch points in a daily life. The only way to overcome these challenges was through usage of mobile apps. Mobile apps provided us with the convenience of booking a taxi, ordering food or make payments without making physical contact with a third person. 

Like it is in any business, with every advantage comes the corresponding disadvantage. The use of banking and financial mobile apps was always certain to grow but, in the pandemic, it grew much faster than anticipated. No one expected the number of users accessing digital services would grow so fast, so soon and so exponentially high. With such high usage in digital payments also came the threat in the form of malicious actors or more commonly known as, hackers

Banks, wallet payments firms or any enterprise with a consumer facing mobile app need to protect their apps from the threat vectors emanating from their consumers devices. Similarly, the consumer must be equally responsible for their own data and privacy. The hackers are looking for ways and means to steal credentials, data, create fraud, take over accounts, change the behaviors of the apps, etc., all of which amount to huge losses to the business and the consumer alike. Hackers have access to very sophisticated tools to ‘mix and match’ their attacks. A lot of compromises to the consumer devices happen through sophisticated malware, screen overlay attacks, advanced jail break or rooting techniques, root enablers and reverse engineering.

There have been many instances of hacks and compromises across the world in the recent past and it will continue to make headlines. Most recently, the OCBC bank SMS scam in Singapore lead to huge losses to account holders and the bank was penalized heavily by the regulators. So, what can we do as consumers to keep ourselves safe?

It is a healthy practice to not only keep your mobile devices clean and safe but also be cautious about your surroundings. Some of the basic hygiene that you can follow is as below:   

Some of the basic hygiene that you can follow is as below:

  • To begin, don’t click on the links that come as text messages (or email) on any of your messaging platforms, especially when it is from an unknown source. This is the biggest reason for phishing attacks. Phishing scams look so real that you end up thinking its genuine.
  • Similarly, be wary of vishing attacks, wherein someone calls you, pretends to be from your bank or a government agency and have you share your critical data, OTP, et al. 
  • When in doubt, call your bank or the agency to verify the information. When you know it’s not true, register your complaint on the fake call you received. Be a good Samaritan. 
  • Never share your personal information with any unauthorized person. No legal entity will ask you to part with your personal data. 
  • There are many frauds happening on social media platforms including your messaging apps. Don’t fall prey for anything that looks too good to be true.
  • Always download apps from the authorized app or play store.
  • Do not jail break or root your mobile devices. 
  • Ensure that you have a well-known anti-virus installed on your phone that also checks for phishing attacks.
  • Never store critical info like passwords, bank account information, etc. on your mobile devices.
  • Spend some time educating yourself on cybercrimes.

In the current climate of uncertainty, it is impossible to predict what is going to happen next. But we know that the malicious actors are going to be a lot more active than ever before.

It is time for consumers to be data proactive and strengthen the security on their mobile devices. 

Most searched queries

Data protection methods

Data protection examples

Data security

Most searched question

What is data protection and why is it important?

What are 5 ways to secure data?

What measures should you take to keep data secure?

How are privacy and data protection related to each other?

 

For more such amazing content follow Digilah

Categories
Security Tech Med/Health Tech

Security & Privacy by Design – Health Data Management Policy

Written by : Sujeet Katiyar on Digilah (Tech Thought Leadership)

Every byte of data has a story to share. Important question is whether the story is being narrated accurately and securely. Usually, our focus is sharply on the trends around data with a goal of revenue acceleration, but we commonly forget about the vulnerabilities caused due to bad data management. Data possesses immense power, but immense power comes with increased responsibility. Just collecting, analysing and building prediction models is simply not enough in today’s world. Always keep in mind that we are in a generation where the requirements for data security have perhaps surpassed the need for data correctness. Hence today the need for Privacy by Design is greater than ever.

“Privacy by Design” and “Privacy by Default” have been frequently discussed topics related to data protection. The first thoughts of “Privacy by Design” were expressed in the 1970s and were incorporated in the 1990s into the RL 95/46/EC data protection directive. Privacy by design is an approach to systems engineering that seeks to ensure protection for the privacy of individuals by integrating considerations of privacy issues from the very beginning of the development of products, services, business practices, and physical infrastructures. The adoption of security and privacy principles is a crucial step in building a secure, audit-ready program.
Privacy by Design is based on 7 principles:

Privacy by Design is based on following 7 principles:

  1. Proactive not Reactive; Preventative not Remedial – Privacy by Design comes before-the-fact, not after.
  2. Privacy as the Default Setting – it is built into the system, by default.
  3. Privacy by Design is embedded into the design and architecture of IT systems and business practices
  4. Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner not Zero-Sum
  5. End-to-End Security — Full Life-cycle Protection
  6. Visibility and Transparency — Privacy by Design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives
  7. Respect for User Privacy — Keep it User-Centric.

Privacy by Design in Health Data Management Policy by ABDM

Consider data protection requirements as part of the design and implementation of systems, services, products, and business practices. The federated design of the National Digital Health Ecosystem ensures that no personal data other than what is required at a minimum to create and maintain Health IDs, Facility IDs or Health Professional IDs shall be stored centrally. Electronic medical records shall be stored at the health facility where such records are created, or at such other entities as may be specified by Policy. Electronic health records shall be maintained by entities specified by Policy, as a collection of links to the related medical records. ABDM shall issue appropriate technological and operational guidelines providing for the establishment and maintenance of the federated architecture, for ensuring the security and privacy of the personal data of data principals, and for maintenance of electronic medical records and electronic health records.

 Health Data Management Policy by ABDM

Prepare a privacy policy containing the following information:

  1. Clear and easily accessible statements of its practices and policies.
  2. Type of personal or sensitive personal data collected.
  3. The purpose of collection and usage of such personal or sensitive personal data.
  4. Whether personal or sensitive personal data is being shared with other data fiduciaries or data processors.
  5. Reasonable security practices and procedures used by the data fiduciary to safeguard the personal or sensitive personal data that is being processed.

The privacy policy referred shall be published on the website of the data fiduciary. In addition, the data fiduciary shall also make available a privacy by design policy on its website containing the following information:

  1. The managerial, organisational, business practices and technical systems designed to anticipate, identify and avoid harm to the data principal.
  2. The obligations of data fiduciaries.
  3. The technology used in the processing of personal data, in accordance with commercially accepted or certified standards.
  4. The protection of privacy throughout processing from the point of collection to deletion of personal data.
  5. The processing of personal data in a transparent manner and
  6. The fact that the interest of the data principal is accounted for at every stage of processing of personal data.

The privacy policy issued and the principles of privacy by design followed by the data fiduciaries should be in consonance with this Policy and applicable law.

Article by Sujeet Katiyar

Digital Health । Rural Healthcare । Regulatory Compliance । ABDM, HIPAA, GDPR, Data Security & Privacy Professional as Consultant, Start-up Founder, Director with 23 years in Web & Mobile Technology with AI, ML, Blockchain

 

Most searched questions

What Is Data Privacy and why Is it Important?

What are the types of data privacy?

What are the advantages of data privacy?

Most searched queries

Data security and privacy policy

Data privacy security and in cloud computing

Privacy and security in technology

 
For more such amazing content follow: Digilah