Security and privacy of personal information are one of the most significant discussions in moral and legal philosophy world. With advancement of information technology, organization and individual are losing their privacy due to too much addiction towards social media. However, information security has become a central issue for organizations in order to protect their credentials as well as assets. Therefore, the assessment will brief about personal data, the impact of information system risks and control and countermeasure which organizations or individuals need to take care of.
Personal data can be defined as the information of the individual through which a person can be identified. Personal information can be characterized into three basic parts; which are contacts, profile, and social data. It contains details of a personal individual which unique for every person. The individual information reveals data about the well-being of the person, for example, name, racial origin, blood collection, sex, DNA, contact subtleties, closest relatives, diseases, treatment and details of the GP i.e. (General Practitioner). In this way, the EHR system enables a business manager to enhance the business opportunities by recording and transferring personal information. The adequacy of privacy and security measures depends to a large extent on the strategies received by the organization of services for people. It can be argued that the research shows that the legislation and the medical association do not have sufficient approaches to avoid major damages that result from information close to the home.
imension of web privacy
The following are various dimensions of web privacy can be implemented as such:
- Information collection: There is a need to protect personal information against data theft and loss protection. However, data from private clients is not collected over the Internet without their visibility and explicit consent (Crabtree & Mortier, 2017). For example, health organization can assure their internet customers that organization will never attempt to investigate their computers in order to reach their personal and private space in the system.
- Information usage: The use of data is characterized by the usage of collected data. For, example, a country where taxpayers use online organizations which guarantees the inclusion of medical services in low-income residents. An approach to administrative protection may have a party that uses data that restricts the use of individual data for purposes directly identified with welfare management.
- Information storage: The ability condition determines whether the personal information should be transferred to collect private information or not. Database and data warehouse can be used to store collected data.
- Monitoring: Systems that collect and share personal data of individual must contain a structured monitoring component which keeps track of all operations that contain or produce with the help of confidential information.
Challenges of protecting personal information
The major challenges of personal information can be categorized into four major parts such as:
- Confidentiality: Confidential can be defined as one of the five pillars of information assurance (IA). Sensitive data or information must be exposed to only authorized users or group of people. For example, a US government or a military specialist must achieve a certain level of independence, along with conditioned prerequisites for position information, such as secrets grouped (Chaeikar, Jafari, Taherdoost & kar, 2012).
- Integrity: Integrity is another big challenge; which individuals or organization might face in order to deal with information security. Integrity includes maintaining the consistency, accuracy, and reliability of the information throughout its life cycle. The information should not be changed during the transmission. Information security should ensure that the information cannot be modified by unauthorized persons in the case of an interruption of privacy. This particular integrity measure includes authorization of document and client in order to obtain control, In addition, several methods must be configured to distinguish any correction of information that may occur for reasons other than those caused by man, for example, during electromagnetic heartbeats (EMP) or server failures. Several pieces of information may contain checksums, including cryptographic checksums, to confirm credibility.
- Authentication: Authentication is verification phase which organization implements in order to verify the user identity. Moreover, authentication is the way to decide if someone or something is the individual whom it possesses to be. Furthermore, authentication technology gives peer to control over the organization framework by verifying if the client is certificate user of the organization or not.
- Availability: The term availability can be defined as best way to guarantee availability of information in order to keep all devices in a profound form. Moreover, repair and maintain the device in order to provide effective framework condition as well as free of programming conflicts. It is also necessary to keep up with all changes to the basic framework so that necessary information is available to the users all the time. However, it has been noticed that capacity and maintaining of the personal information is bottlenecks which need appropriate consideration (Buchanan, Paine, Joinson & Reips, 2006). Excessive, emergency, RAID, even high-availability groups can control and manipulate the actual results when problems occur with the device. Fast and comprehensive recovery from information security disasters is an essential situation of more pessimistic scenarios.
Buchanan, T., Paine, C., Joinson, A., & Reips, U. (2006). Development of measures of online privacy concern and protection for use on the Internet. Journal Of The American Society For Information Science And Technology, 58(2), 157-165. doi: 10.1002/asi.20459
Chaeikar, S., Jafari, M., Taherdoost, H., & kar, N. (2012). Definitions and Criteria of CIA Security Triangle in Electronic Voting System. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.428.9741&rep=rep1&type=pdf
Crabtree, A., & Mortier, R. (2017). Personal Data, Privacy and the Internet of Things: The Shifting Locus of Agency and Control. Retrieved from https://www.researchgate.net/publication/311311186_Personal_Data_Privacy_and_the_Internet_of_Things_The_Shifting_Locus_of_Agency_and_Control