What is the definition of data?

In computing, data is information that has been translated into a form that is
efficient for movement or processing. Relative to today's computers and
transmission media, data is information converted into binary digital form. It is
acceptable for data to be used as a singular subject or a plural subject.

Example
Data can come in the form of text, observations, figures, images, numbers,
graphs, or symbols. For example, data might include individual prices, weights,
addresses, ages, names, temperatures, dates, or distances. Data is a raw form of
knowledge and, on its own, doesn't carry any significance or purpose
Meta-Data
Metadata means "data about data". Metadata is defined as the data providing
information about one or more aspects of the data; it is used to summarize basic
information about data that can make tracking and working with specific data
easier.[15] Some examples include:

• Means of creation of the data

• Purpose of the data
• Time and date of creation
• Creator or author of the data
• Location on a computer network where the data was created
• Standards used
• File size
• Data quality
• Source of the data
• Process used to create the data
For example, a digital image may include metadata that describes the size of the
image, its color depth, resolution, when it was created, the shutter speed, and
other data. A text document's metadata may contain information about how long
the document is, who the author is, when the document was written, and a short
summary of the document. Metadata within web pages can also contain
descriptions of page content, as well as key words linked to the content.These
links are often called "Metatags", which were used as the primary factor in
determining order for a web search until the late 1990s.
What is Big Data?
Big Data is a collection of data that is huge in volume, yet growing
exponentially with time. It is a data with so large size and complexity that none
of traditional data management tools can store it or process it efficiently. Big
data is also a data but with huge size.

Big data is exactly what the name suggests, a “big” amount of data. Big Data
means a data set that is large in terms of volume and is more complex. Because
of the large volume and higher complexity of Big Data, traditional data
processing software cannot handle it. Big Data simply means datasets containing
a large amount of diverse data, both structured as well as unstructured.

Big Data allows companies to address issues they are facing in their business, and
solve these problems effectively using Big Data Analytics. Companies try to
identify patterns and draw insights from this sea of data so that it can be acted
upon to solve the problem(s) at hand.

Although companies have been collecting a huge amount of data for decades, the
concept of Big Data only gained popularity in the early-mid 2000s. Corporations
realized the amount of data that was being collected on a daily basis, and the
importance of using this data effectively.

5Vs of Big Data

1. Volume refers to the amount of data that is being collected. The data could
be structured or unstructured.
2. Velocity refers to the rate at which data is coming in.
3. Variety refers to the different kinds of data (data types, formats, etc.) that
is coming in for analysis. Over the last few years, 2 additional Vs of data
have also emerged – value and veracity.
 4. Value refers to the usefulness of the collected data.
5. Veracity refers to the quality of data that is coming in from different
sources.

How Does Big Data Work?

Big data involves collecting, processing, and analyzing vast amounts of data from
multiple sources to uncover patterns, relationships, and insights that can inform
decision-making. The process involves several steps:

1. Data Collection
 Big data is collected from various sources such as social media, sensors,
transactional systems, customer reviews, and other sources.

2. Data Storage

The collected data then needs to be stored in a way that it can be easily
accessed and analyzed later. This often requires specialized storage
technologies capable of handling large volumes of data.

3. Data Processing

Once the data is stored, it needs to be processed before it can be analyzed.

This involves cleaning and organizing the data to remove any errors or
inconsistencies, and transform it into a format suitable for analysis.

4. Data Analysis

After the data has been processed, it is time to analyze it using tools like
statistical models and machine learning algorithms to identify patterns,
relationships, and trends.

5. Data Visualization

The insights derived from data analysis are then presented in visual formats
such as graphs, charts, and dashboards, making it easier for decision-
makers to understand and act upon them.

Use Cases

Big Data helps corporations in making better and faster decisions, because they
have more information available to solve problems, and have more data to test
their hypothesis on.
What is non-personal data?
In its most basic form, non-personal data is any set of data which does not
contain personally identifiable information. This in essence means that no
individual or living person can be identified by looking at such data.
For example, while order details collected by a food delivery service will have
the name, age, gender, and other contact information of an individual, it will
become non-personal data if the identifiers such as name and contact
information are taken out.

What Is Data Protection?

Once you have ensured appropriate data privacy and security, the next step is
providing proper data protection.

There are two definitions for “Data protection,” narrow and broad:

• The narrow or more traditional definition of data

protection: Maintaining data availability by way of backups so you can
easily restore data
• The broader or more modern definition of data protection: It covers
data availability, immutability, preservation, deletion/destruction, and
“data privacy” and “data security.”

The more data you collect and store, the more important it becomes to create
backups for your critical data. For many companies, the timeliness of
implementing a backup is also essential.

Ideally, if you have lost critical data, you would want to replace it as soon as
possible to avoid losing out on business during your downtime.

There are several ways to implement a data protection strategy, from using
different storage devices to creating cloud backups and archiving.

What is Data Privacy?

Data privacy, sometimes also referred to as information privacy, is an area
of data protection that concerns the proper handling of sensitive data including,
notably, personal data[1] but also other confidential data, such as certain
financial data and intellectual property data, to meet regulatory requirements as
well as protecting the confidentiality and immutability of the data.
How Data Security Affects Data Privacy

Most online businesses and websites collect personal data, from email addresses
to phone numbers, credit cards, and log-in details. Ideally, these entities
shouldn’t keep more information than is necessary, nor should they keep it
longer than necessary.

However, you cannot operationalize data privacy without ensuring the security
of data.

For example, if you fail to protect people’s credit card details against hackers
and they get access to this data, they can sell it on the dark web. Therefore, data
security is a prerequisite to data privacy.

What Is Data Security?

Like data privacy, the phrase “data security” is somewhat vague and not
necessarily intuitive. This confusion is particularly true when comparing data
privacy, data security, and data protection concepts.

Data security is the concept of protecting digital data from theft,

corruption, or unauthorized access throughout its entire lifecycle of:

• Creation
• Storage
• Use
• Sharing
• Archiving
• Destruction

Data security involves everything from the physical security of the storage
devices and hardware to administrative access controls and the security of
software applications.

It also includes organizational policies and procedures.

 Correctly implementing data security can protect your data from cybercriminal
activities, insider threats, and human error.

Various tools and technologies help protect your data, including:

• Redaction of sensitive files

• Data masking
• Encryption
• Automated reporting

These tools can help keep your data secure while supporting you in other areas,
like streamlining your audits and complying with regulatory requirements.

Personal Data Protection Bill and its compliance

Key Features
• Applicability: The Bill will apply to the processing of digital personal data
within India where such data is: (i) collected online, or (ii) collected offline and
is digitised. ...
• Consent: Personal data may be processed only for a lawful purpose for which an
individual has given consent.
Why was the data protection bill introduced?
A key objective of the DPDP Bill 2023 is to reinforce the 'Right to Privacy'
of Indian citizens, placing a premium on individual consent for data
collection, storage, and processing. The bill seeks to make entities, including
internet companies, mobile apps, and businesses, more accountable for their
data practices.

Principles of Data Protection

Article 5 of the General Data Protection Regulation (GDPR) sets out key
principles which lie at the heart of the general data protection regime. These key
principles are set out right at the beginning of the GDPR and they both directly
and indirectly influence the other rules and obligations found throughout the
legislation. Therefore, compliance with these fundamental principles of data
protection is the first step for controllers in ensuring that they fulfil their
obligations under the GDPR. The following is a brief overview of the Principles
of Data Protection found in article 5 GDPR:
Lawfulness, fairness, and transparency: Any processing of personal data
should be lawful and fair. It should be transparent to individuals that personal
data concerning them are collected, used, consulted, or otherwise processed and
to what extent the personal data are or will be processed. The principle of
transparency requires that any information and communication relating to the
processing of those personal data be easily accessible and easy to understand,
and that clear and plain language be used.

Purpose Limitation: Personal data should only be collected for specified,

explicit, and legitimate purposes and not further processed in a manner that is
incompatible with those purposes. In particular, the specific purposes for which
personal data are processed should be explicit and legitimate and determined at
the time of the collection of the personal data. However, further processing for
archiving purposes in the public interest, scientific, or historical research
purposes or statistical purposes (in accordance with Article 89(1) GDPR) is not
considered to be incompatible with the initial purposes.

Data Minimisation: Processing of personal data must be adequate, relevant,

and limited to what is necessary in relation to the purposes for which they are
processed. Personal data should be processed only if the purpose of the
processing could not reasonably be fulfilled by other means. This requires, in
particular, ensuring that the period for which the personal data are stored is
limited to a strict minimum (see also the principle of ‘Storage Limitation’
below).

Accuracy: Controllers must ensure that personal data are accurate and, where
necessary, kept up to date; taking every reasonable step to ensure that personal
data that are inaccurate, having regard to the purposes for which they are
processed, are erased or rectified without delay. In particular, controllers should
accurately record information they collect or receive and the source of that
information.

Storage Limitation: Personal data should only be kept in a form which permits
identification of data subjects for as long as is necessary for the purposes for
which the personal data are processed. In order to ensure that the personal data
are not kept longer than necessary, time limits should be established by the
controller for erasure or for a periodic review.
Integrity and Confidentiality: Personal data should be processed in a manner
that ensures appropriate security and confidentiality of the personal data,
including protection against unauthorised or unlawful access to or use of
personal data and the equipment used for the processing and against accidental
loss, destruction or damage, using appropriate technical or organisational
measures.

Accountability: Finally, the controller is responsible for, and must be able to

demonstrate, their compliance with all of the above-named Principles of Data
Protection. Controllers must take responsibility for their processing of personal
data and how they comply with the GDPR, and be able to demonstrate (through
appropriate records and measures) their compliance, in particular to the DPC.

Big Data Security Issues and Challenges

Big data security is the process of monitoring and protecting a company’s

important business data with the goal of ensuing safe and compliant ongoing
operation.

Big data security is a constant concern because Big Data deployments are
valuable targets to would-be intruders. A single ransomware attack might leave
a company’s big data deployment subject to ransom demands. Even worse, an
unauthorized user may gain access to a company’s big data to siphon off and
sell valuable information. The losses can be severe. A company’s IP may be
spread everywhere to unauthorized buyers, and it may suffer fines and
judgments from regulators.

Securing big data platforms takes a mix of traditional security tools, newly
developed toolsets, and intelligent processes for monitoring security throughout
the life of the platform.

How Big Data Security Works

Big data security’s mission is clear enough: keep out on unauthorized users and
intrusions with firewalls, strong user authentication, end-user training, and
intrusion protection systems (IPS) and intrusion detection systems (IDS). In
case someone does gain access, encrypt your data in transit and at rest.
This sounds like any network security strategy. However, big data environments
add another level of security because security tools must operate during three
data stages that are not all present in the network. These are: data ingress, which
is what’s coming in; stored data; and data output going out to applications and
reports.

Stage 1: Data Sources. Big data sources come from a variety of sources and
data types. User-generated data alone can include CRM or ERM data,
transactional and database data, and vast amounts of unstructured data such as
email messages or social media posts. In addition to this, you have the whole
world of machine-generated data including logs and sensors. You need to secure
this data in transit, from sources to the platform.

Stage 2: Stored Data. Protecting stored data takes mature security toolsets
including encryption at rest, strong user authentication, and intrusion protection
and planning. A company needs to run its security toolsets across a distributed
cluster platform with many servers and nodes. In addition, its security tools
must protect log files and analytics tools as they operate inside the platform.

Stage 3: Output Data. The entire reason for the complexity and expense of the
big data platform is so it can run meaningful analytics across massive data
volumes and different types of data. These analytics output results to
applications, reports, and dashboards. This extremely valuable intelligence
makes for a rich target for intrusion, and it is critical to encrypt output as well as
ingress. Also, secure compliance at this stage: make certain that results going
out to end-users do not contain regulated data.
Big Data security is routed through a circuitous path, and in theory could be
vulnerable at more than one point.

Navigating Big Data Security & Trends

Two of the biggest trends in the world of big data stand somewhat in opposition
to each other: the proliferation of big data that informs smart technology, and
also the growing movement for consumers to own and decide how their
personal data is being used.

Technologies like IoT, artificial intelligence, machine learning, and even

customer relationship management (CRM) databases collect terabytes of data
that contain highly sensitive personal information. This personal form of big
data is valuable for enterprises that want to better cater their products and
services to their audience, but it also means that all companies and third-party
vendors are held responsible for the ethical use and management of personal
data.

As big data and its enterprise use cases continue to grow, most organizations
work hard to comply with consumer data laws and regulations, but their security
holes leave data vulnerable to breach. Take a look at some of the top trends
happening in the big data world, the important security points that many
companies are missing, and some tips for getting big data security right:

Update Your Cloud And Distributed Security Infrastructure

Big data growth has caused many companies to move toward cloud and data
fabric infrastructures that allow for more data storage scalability. The problem?
Cloud security is often established based on legacy security principles, and as a
result, cloud security features are misconfigured and open to attack.

For a company to navigate this requires speaking with cloud and storage
vendors about their products, whether a security solution is embedded, and if
they or a third-party partner recommend any additional security resources.

Set Mobile Device Management Policies And Procedures

IoT and other mobile devices are some of the greatest sources and receivers of
big data, but they also offer several security vulnerabilities since so many of
these technologies are owned and used for personal life. Set strict policies for
how employees can engage with corporate data on personal devices, and be sure
to set additional layers of security in order to manage which devices can access
sensitive data.

Provide Data Security Training And Best Practices

Most often, big data is compromised as the result of a successful phishing attack
or other personalized attack targeted at an unknowing employee. Train your
employees on typical socially engineered attacks and what they look like, and
again, set up several layers of authentication security to limit who can access
sensitive data storage.

Benefits Of Big Data Security

With the benefits of customer retention, risk identification, business innovation,

cost, and efficiency, a big data security system can be of value to companies
everywhere.

Here are key benefits of big data security:

 • Customer Retention: With big data security, a company can observe
many data patterns, which allows them to better fit their products and
services with their clients needs.
• Risk Identification: Because of big data security, a company can use
big data tools to identify risks in their infrastructure, helping
companies create a risk management solution.
• Business Innovation: Big data security can help companies update
their tools and help transfer products into new secure systems. This
innovation can improve business processes, marketing techniques,
customer service, and company productivity.
• Cost Optimization: Big data security technologies can reduce
customer costs by efficiently storing, processing, and analyzing large
volumes of data. Big data security tools also will calculate how the
product will benefit the company, so companies can pick a company
that is better for their infrastructure.

Challenges Of Big Data Security

There are several challenges to securing big data that can compromise its
security. Keep in mind that these challenges are by no means limited to on-
premise big data platforms. They also pertain to the cloud. When you host your
big data platform in the cloud, take nothing for granted. Work closely with your
provider to overcome these same challenges with strong security service level
agreements.

Here are the key challenges to big data security:

• Newer technologies can be vulnerable: Advanced analytic tools for

unstructured big data and nonrelational databases (NoSQL) are
examples of newer big data technologies in active development. It can
be difficult for security software and processes to protect these new
toolsets.
• Variable impact: Mature security tools effectively protect data
ingress and storage. However, they may not have the same impact on
data output from multiple analytics tools to multiple locations.
 • Access without permission: Big data administrators may decide to
mine data without permission or notification. Whether the motivation
is curiosity or criminal profit, your security tools need to monitor and
alert on suspicious access no matter where it comes from.
• Beyond routine audits: The sheer size of a big data installation,
terabytes to petabytes large, is too big for routine security audits. And
because most big data platforms are cluster-based, this introduces
multiple vulnerabilities across multiple nodes and servers.
• Requires constant updates: If the big data owner does not regularly
update security for the environment, they are at risk of data loss and
exposure.

Big Data Security Technologies

None of these big data security tools are new, from encryption to user access
control. What is new is their scalability and the ability to secure multiple types
of data in different stages.

• Encryption: Your encryption tools need to secure data in transit and at

rest, and they need to do it across massive data volumes. Encryption
also needs to operate on many different types of data, both user- and
machine-generated. Encryption tools also need to work with different
analytics toolsets and their output data, and on common big data
storage formats including relational database management systems
(RDBMS), non-relational databases like NoSQL, and specialized
filesystems such as Hadoop Distributed File System (HDFS).
• Centralized Key Management: Centralized key management has
been a security best practice for many years. It applies just as strongly
in big data environments, especially those with wide geographical
distribution. Best practices include policy-driven automation, logging,
on-demand key delivery, and abstracting key management from key
usage.
• User Access Control: User access control may be the most basic
network security tool, but many companies practice minimal control
because the management overhead can be so high. This is dangerous
enough at the network level and can be disastrous for the big data
 platform. Strong user access control requires a policy-based approach
that automates access based on user and role-based settings. Policy-
driven automation manages complex user control levels, such as
multiple administrator settings that protect the big data platform
against inside attacks.
• Intrusion Detection and Prevention: Intrusion detection and
prevention systems are security workhorses. This does not make them
any less valuable to the big data platform. Big data’s value and
distributed architecture lend themselves to intrusion attempts. IPS
enables security admins to protect the big data platform from intrusion,
and should an intrusion succeed, IDS quarantines the intrusion before
it does significant damage.
• Physical Security: Don’t ignore physical security. Build it in when
you deploy your big data platform in your own data center or carefully
do due diligence around your cloud provider’s data center security.
Physical security systems can deny data center access to strangers or to
staff members who have no business being in sensitive areas. Video
surveillance and security logs will do the same.

Implementing Big Data Security

Whether you’re just getting started with big data management and are looking
for initial big data security solutions, or you are a longtime big data user and
need updated security, here are a few tips for big data security implementation:

• Manage and train internal users well: As alluded to before,

accidental security mistakes by employees offer one of the most
frequently used security vulnerabilities to malicious actors. Train your
employees on security and credential management best practices,
establish and have all users sign mobile and company device policies,
and offer only minimum-necessary data source access to each user
based on their role.
• Plan regular security monitoring and audits: Especially in larger
companies where big data and software grows on a near-daily basis,
it’s important to regularly assess how the network and data landscape
changes over time. Several network monitoring tools and third-party
 services are offered on the market, giving your security staff real-time
visibility into unusual activity and users. Regular security audits also
give your team the opportunity to assess bigger-picture issues before
they become true security problems.
• Talk to a trusted big data company: Big data storage, analytics, and
managed services providers usually offer some form of security or
partner with a third-party organization that does. The platform that you
use might not have all of the specific features that your industry or
particular use cases require, so talk to your providers about your
security concerns, regulatory requirements, and big data use cases so
they can customize their services to what you need.

Who Is Responsible For Big Data Security?

A big data deployment crosses multiple business units. IT, database

administrators, programmers, quality testers, InfoSec, compliance officers, and
business units are all responsible in some way for the big data deployment. Who
is responsible for securing big data?

The answer is everyone. IT and InfoSec are responsible for policies, procedures,
and security software that effectively protect the big data deployment against
malware and unauthorized user access. Compliance officers must work closely
with this team to protect compliance, such as automatically stripping credit card
numbers from results sent to a quality control team. DBAs should work closely
with IT and InfoSec to safeguard their databases.

Finally, end-users are just as responsible for protecting company data.

Ironically, even though many companies use their big data platform to detect
intrusion anomalies, that big data platform is just as vulnerable to malware and
intrusion as any stored data. One of the simplest ways for attackers to infiltrate
networks, including big data platforms, is a simple email. Although most users
will know to delete the usual awkward attempts from Nigerian princes and fake
FedEx shipments, some phishing attacks are extremely sophisticated. When an
admin is administering security for the company big data platform, never ignore
the power of a lowly email.
 Secure your big data platform from high threats and low, and it will serve your
business well for many years.

Data protection regulations of other countries

General Data Protection Regulation (GDPR)

What is the GDPR?

There are now two General Data Protection Regulations: in the European
Economic Area (the EEA GDPR) and in the United Kingdom (as tailored by the
Data Protection Act, the UK GDPR). Both the EEA GDPR and the UK GDPR
regulate the collection, use, transfer, storing, and other processing of personal
data of persons in their respective jurisdictions.
To which persons do the EEA GDPR and UK GDPR apply?

The EEA GDPR and the UK GDPR apply to all persons. There is no
requirement that a person be a citizen or resident of a country that is a member
of the EEA or of the UK.
To what countries does the EEA GDPR apply? What are the EU and the
EEA?

The EEA GDPR applies to all 27 member countries of the European Union
(EU). It also applies to all countries in the European Economic Area (the EEA).
The EEA is an area larger than the EU and includes Iceland, Norway, and
Liechtenstein. As of January 1, 2021, the UK is no longer a member of the EU
and is no longer subject to the EEA GDPR. Switzerland has also adopted a
privacy law analogous to the GDPR.

When do the EEA GDPR and the UK GDPR apply?

There are three types of situations that are subject to the EEA GDPR and UK
GDPR:
1. If a person is present in the EEA or the UK, any personal data collected from
them in connection with the offering of a good or service is protected by that
area’s GDPR, even if the organization offering the good or service is not
 established in that area. Protection for the personal data continues after the
person leaves the EEA or the UK.
2. Establishments in the EEA or UK. If personal data is collected or otherwise
processed in the context of the activities of any establishment in the EEA or
UK, then the personal data is protected by that area’s GDPR, even if the
processing occurs outside the EEA or the UK.
3. If a person is present in the EEA or UK, any personal data collected from them
in connection with the monitoring of their behavior where the behavior takes
place within the EEA or the UK.
To what data do the EEA GDPR and the UK GDPR apply?

The EEA GDPR and the UK GDPR apply to all "personal data,” which includes
any information relating to a living, identified or identifiable person. Examples
include name, SSN, other identification numbers, location data, IP addresses,
online cookies, images, email addresses, and content generated by the data
subject.
The EEA GDPR and the UK GDPR include more stringent protections for
special categories of personal data. These are:
• Racial or ethnic origin
• Physical or mental health data
• Political opinions
• Sex life and sexual orientation
• Religious or philosophical beliefs
• Genetic and biometric data
• Trade union membership
The EEA GDPR and the UK GDPR also impose limitations on the processing
of personal data relating to criminal convictions and offenses.

Any data may be sensitive, from a company’s earnings information to sales

figures or product roadmaps. Among the most sensitive data is information
about people — personal data about any identified or identifiable individual.
Personally identifiable information (PII) can be almost anything. PII isn't
always as obvious as a name or Social Security number. Sometimes, it's another
identifier such as an IP address or cookie information. If it’s possible to identify
an individual based on a data field or record, that data is personal data.

The importance of data privacy in today's business world cannot be overstated.

In most of the world, personal data — such as credit card information or
personal health information — is subject to data privacy laws.

GDPR and other data regulations

Data privacy laws specify how data should be collected, stored, and shared with
third parties. The most widely discussed data privacy laws include:

GDPR: The European Union’s General Data Protection Regulation (GDPR) is

the most comprehensive data privacy law in effect. It applies to European Union
citizens and all companies that do business with them, including countries not
based in Europe. GDPR gives individuals the right to determine what data
organizations store, request that organizations delete their data, and receive
notifications of data breaches. Noncompliance may result in hefty fines and
legal action.

CCPA: The California Consumer Privacy Act (CCPA) is a state-level regulation

in the United States. It enables California residents to ask organizations what
personal data exists about them, delete it on request, and find out what data has
been given to third parties. These measures apply to consumer data gathered
within the state.

Data sovereignty as part of data privacy laws

Data sovereignty is the concept that data is subject to the laws of the location in
which it's collected. For example, in July 2020, the Schrems II ruling decided
that, according to GDPR, consumer data for customers in the EU must be
hosted on servers within the borders of the EU.

Think of data sovereignty as a way to make sure that user data stays close to
home for its own protection. By dictating where data can be stored and
processed, governments aim to keep their citizens' data from falling into the
wrong hands.
Data sovereignty becomes critical when looking at cloud service providers.
GDPR compliance, or future regulations, may require you to store certain data
on servers in certain jurisdictions.

Personal Information Protection and Electronic Document Act (PIPEDA)

"Personal Information", as specified in PIPEDA, is as follows: information
about an identifiable individual, but does not include the name, title or business
address, or telephone number of an employee of an organization.
The Act gives individuals the right to

• know why an organization collects, uses, or discloses their personal

information;
• expect an organization to collect, use or disclose their personal information
reasonably and appropriately, and not use the information for any purpose
other than that to which they have consented;
• know who in the organization is responsible for protecting their personal
information;
• expect an organization to protect their personal information by taking
appropriate security measures;
• expect the personal information an organization holds about them to be
accurate, complete, and up-to-date;
• obtain access to their personal information and ask for corrections if
necessary; and
• complain about how an organization handles their personal information if
they feel their privacy rights have not been respected.
The Act requires organizations to

• obtain consent when they collect, use, or disclose their personal information;
• supply an individual with a product or a service even if they refuse consent
for the collection, use, or disclosure of your personal information unless that
information is essential to the transaction;
• collect information by fair and lawful means; and
• have personal information policies that are clear, understandable, and readily
available.
Implementation
The implementation of PIPEDA occurred in three stages. Starting in 2001, the
law applied to federally regulated industries (such
as airlines, banking and broadcasting). In 2002, the law was expanded to
include the health sector. Finally in 2004, any organization that collects
personal information in the course of commercial activity was covered by
PIPEDA, except in provinces that have "substantially similar" privacy laws. As
of October 2018, seven provinces have privacy laws that have been declared by
the federal Governor in Council to be substantially similar to PIPEDA:

• An Act Respecting the Protection of Personal Information in the Private

Sector (Quebec)[
• The Personal Information Protection Act (British Columbia)
• The Personal Information Protection Act (Alberta)
• The Personal Health Information Protection Act (Ontario), "with respect to
health information custodians"
• The Personal Health Information Privacy and Access Act (New
Brunswick), "with respect to personal health information custodians"
• The Personal Health Information Act (Newfoundland and Labrador), "with
respect to health information custodians"
• The Personal Health Information Act (Nova Scotia), "with respect to health
information custodians"
• Memorandum of Understanding[
Personal Information Protection Act (British Columbia)

• Consent must be garnered for the collection of personal information

• Collection of personal information limited to reasonable purposes
• Limits use and disclosure of personal information
• Limits access to personal information
• Stored personal information must be accurate and complete
• Designates the role of the Privacy Officer
• Policies and procedures for breaches of privacy
• Measures for resolution of complaints
• Special rules for employment relationships

Social Media Data Privacy and Security Issues

Common social media privacy issues
With the large amount of data on user social media accounts, scammers can find
enough information to spy on users, steal identities and attempt scams. Data
protection issues and loopholes in privacy controls can put user information at
risk when using social media. Other social media privacy issues include the
following.

1. Data mining for identity theft

Scammers do not need a great deal of information to steal someone's identity.
They can start with publicly available information on social media to help target
victims. For example, scammers can gather usernames, addresses, email
addresses and phone numbers to target users with phishing scams.

Even with an email address or phone number, a scammer can find more
information, such as leaked passwords, Social Security numbers and credit card
numbers.

2. Privacy setting loopholes

Social media accounts may not be as private as users think. For example, if a
user shared something with a friend and they reposted it, the friend's friends can
also see the information. The original user's reposted information is now in front
of a completely different audience.

Even closed groups may not be completely private because postings can be
searchable, including any comments.

3. Location settings
Location app settings may still track user whereabouts. Even if someone turns
off their location settings, there are other ways to target a device's location. The
use of public Wi-Fi, cellphone towers and websites can also track user
locations. Always check that the GPS location services are turned off, and
browse through a VPN to avoid being tracked.

User location paired with personal information can provide accurate

information to a user profile. Bad actors can also use this data to physically find
users or digitally learn more about their habits.
4. Harassment and cyberbullying
Social media can be used for cyberbullying. Bad actors don't need to get into
someone's account to send threatening messages or cause emotional distress.
For example, children with social media accounts face backlash from
classmates with inappropriate comments.

Doxxing -- a form of cyberbullying -- involves bad actors purposely sharing

personal information about a person to cause harm, such as a person's address or
phone number. They encourage others to harass this person.

5. False information
People can spread disinformation on social media quickly. Trolls also look to
provoke other users into heated debates by manipulating emotions.

Most social media platforms have content moderation guidelines, but it may
take time for posts to be flagged. Double-check information before sending or
believing something on social media.

6. Malware and viruses

Social media platforms can be used to deliver malware, which can slow down a
computer, attack users with ads and steal sensitive data. Cybercriminals take
over the social media account and distribute malware to both the affected
account and all the user's friends and contacts.

How to protect your information

Think twice when opening a new social media account because each platform
adds an additional risk. Make sure the platform is safe and reliable before
joining. When leaving a platform, make sure to delete the account.

Other ways to keep information safe include the following:

• Use strong passwords. Don't reuse passwords across multiple programs or

websites. For help remembering sign-on credentials, use a password
manager to store information securely.
• Avoid public devices. When using a shared device, be sure to log out when
finished.
• Don't overshare. Avoid providing more details than necessary. Users
shouldn't have to share addresses or date of birth on all platforms.
• Disable geolocation data. Disable sharing location information on apps in
the privacy and security settings on the phone.
• Don't click on suspicious links. Even if the link appears to be from a friend,
avoid clicking on links unless it's from a trusted source.
• Use two-factor authentication. Implementing two-factor authentication,
such as a passcode and biometric recognition, adds another layer of security
to the app.