COMPUTER 10

Presented by: Gab, Alliyah, TJ,

Ferdinand

Group 5
 Data Security and Privacy
Data Security and Privacy – Importance of Securing Data, Basic Encryption, and Privacy Protection.

Objective: to understand the importance of data security, explore basic encryption techniques, and learn
about privacy protection measures to safeguard personal and organizational data.
Knowledge
• Introduction to Data security
and Privacy

• Importance of Securing Data

• Basic concepts in Encryption

• Privacy Protection Measures

• Key Data Privacy Regulations

• Conclusion
0 Introduction to Data Security and
Privacy
1
Definition:
• Data security refers to the practices, techniques, and technologies used to
protect data from unauthorized access, theft, and damage.

• Data privacy involves ensuring that personal or sensitive information is

collected, stored, and shared in a manner that protects individual rights.

In today’s digital world, data is an essential asset. Both individuals and

organizations need to ensure their data is protected against breaches, leaks, and
misuse, as cyber attacks and data breaches can lead to significant financial,
reputational, and legal consequences.
 0
Importance of Securing Data
2
A. Preventing Data Breaches

Definition: A data breach occurs when sensitive information is

accessed by unauthorized individuals. These breaches can lead to
the exposure of personal information, financial loss, and harm of
reputation.

Example: In 2021, the personal information of over 500 million

Facebook users was leaked, Including phone numbers and
emails.
 0
Importance of Securing Data
2
B. Protecting Sensitive Information

• Personal and organizational data can include sensitive

information such as social security numbers, medical records,
bank details, and intellectual property. Protecting this data
prevents identity theft, fraud, and unauthorized access to
confidential information.

• Example : Protecting customer from credit card information to

prevent identity theft in e-commerce platforms.
0
Importance of Securing Data
2
C. Ensuring Business Continuity

● Securing data ensures that businesses can continue their

operations without disruptions from cyberattacks or data
loss. A well-structured data security system can prevent
downtimes and the need for recovery from ransomware
attacks.

● Example: Ensuring that company backups are protected to

minimize downtime incase of a cyberattack.
 0 Maintaining Compliance with
Regulations
2
• Laws and regulations such as General Data Protection Regulation (GDPR) and
the California Consumer Privacy Act (CCPA) require businesses to
implement security and privacy measures to protect personal data. Failing
to comply can result in heavy fines and legal consequences.

• Example: GDPR mandates companies to obtain user consent before

collecting personal data and report any data breaches within 72 hours.
 0
Basic Concepts in Encryption
3
What is Encryption?

• Definition: Encryption is the process of converting plain text into an unreadable format
(ciphertext) to protect data from unauthorized access, Only with those with the correct
decryption key can decode the information.

• Importance: Encryption is a fundamental method of securing data, both during

transmission(e.g., sending emails) and the rest (e.g., stored on hard drives).
 0
Types of Encryption
3
I. Symmetric Encryption

• Definition: Symmetric Encryption, the same key is used for both encryption and decryption.

• Example: The Advance Encryption Standard (AES) is one of the most widely used symmetric
encryption algorithms.

• Advantages: Fast and efficient for large amount of data.

• Disadvantages: The key must be shared securely between sender and receiver, which can be a
security risk if intercepted.
 0
Types of Encryption
3
II. Asymmetric Encryption

• Definition: Asymmetric Encryption uses a pair of keys- a public key for encryption and an private
key for decryption.

• Example: The RSA algorithm is a popular form of asymmetric encryption and decryption used in
secure communication(e.g., HTTPS).

• Advantages: Eliminates the need for sharing private keys since encryption and decryption use
different keys.

• Disadvantages: Slower than symmetric encryption, especially for large datasets.

 0
Types of Encryption
3
III. End-to-End Encryption (E2EE)

• Definition: End-to-end encryption ensures that only the communicating users can read the
messages. No intermediaries, such as service providers, can decrypt the content.

• Example: Messaging apps like WhatsApp and Signal use E2EE to protect user communications.

• Importance: E2EE is essential in ensuring the privacy of messages and other forms of
communication, especially in platforms where sensitive information is shared.
 0
Privacy Protection Measures
4
I. Data Anonymization and Masking

• Definition: Data anonymization involves modifying personal data such in a way that it cannot be
traced back to a specific individual. Masking is the process of hiding specific details of data while
preserving its usability.

• Example: Anonymizing health data by removing identifiable information like names or addresses
while keeping medical data for research.

• Importance: This helps in protecting individuals’ privacy while still allowing the use of data for
analysis or business purposes.
 0
Privacy Protection Measures
4
II. Secure Password Management

• Definition: Secure password management involves using strong, unique passwords for different
accounts and storing them securely.

• Example: Using password managers like LastPass or Dashlane to store complex passwords.

• Importance: Weak or reused passwords are often the first point of entry for hackers attempting to
breach an account.
 0
Privacy Protection Measures
4
III. Two-Factor Authentication(2FA)

• Definition: Two-factor authentication adds extra layer of security by requiring not only a password
but also a second form of verification, such as a code sent to a mobile device.

• Example: Logging into a bank account using a password and a one-time code sent to your phone.

• Importance:2FA significantly reduces the risk of unauthorized access, even if passwords are
compromised.
 0
Privacy Protection Measures
4
IV. Data Minimization

• Definition: Data minimization refers to collecting only the data that us strictly necessary for a
specific purpose, thereby reducing the risk of exposing sensitive information.

• Example: An online service asking only for your email address instead of requiring unnecessary
details like phone numbers or home addresses.

• Importance: Collecting less data means there’s less information for attackers to target.
 0
Privacy Protection Measures
4
V. Privacy by Design

• Definition: Privacy by Design is an principle that ensures privacy is considered at the outset of
system design, rather than as an afterthought. it involves embedding data protection features
throughout the entire lifecycle of product or service.

• Example: A social media platform designed with default privacy settings to protect user
information and limit sharing without explicit consent.

• Importance: Building systems with privacy as a core feature helps prevent data leaks and sensures
compliance with privacy reguations.
 0 Key Data Privacy
5 Regulations
I. General Data Protection Regulation(GDPR)

• Scope: Applies to companies that collect data on EU citizens, regardless of the company’s location.

• Key points: Companies must obtain explicit consent before collecting personal data, allow users to
access and delete their data, and report breaches within 72 hours.
 0 Key Data Privacy
5 Regulations
II. California Consumer Privacy Act (CCPA)

• Scope: Applies to businesses operating in California or dealing with California residents’ data.

• Key points: Give consumers the right to know what personal data is being collected, the right to
delete it, and the right to opt out its sale.
 0 Key Data Privacy
5 Regulations
III. Health Insurance Probability and Accountability Act (HIPAA)

• Scope: U.S.-based regulations that protect sensitive patient information and ensure data privacy.

• Key points: Healthcare providers and organizations must secure patient data and only share it with
authorized individuals.
  Conclusion
Data security and privacy are essential in today’s digital world, where
cyberattacks and breaches are common, Encryption plays a crucial role in
securing data, and privacy protection measures such as secure password
management, two-factor authentication, and privacy by design help ensure that
sensitive information is not misused. Staying compliant with regulations like
GDPR and CCPA also helps protect use data and maintain trust.
 :D Questions!
1. How does encryption protect data during transmission and at rest?

2. What are the potential consequences of a data breach for a business?

3. Why is two-factor authentication important, and how can it strengthen

security?