Amirhossein Saberi
November 17, 2021
•
5
min read
What is data protection and security? The recent acceleration of digital transformation for most organisations has been out of necessity, but bigger issues have been quickly arising around data protection and security. A lot of apps and remote office solutions were quickly picked up by organisations, governments, and the public, but dropped just as fast when serious issues came to light.
In the online world, we have personal data that’s stored digitally – and it’s accessible by design. This data can be confidential and private, or it can be public. Think of when you share selfies on social media, like Facebook, Twitter, or Instagram, it’s public data. You’ve allowed everyone to see your picture.
But some data is private, and you only share it for authentication, or for a particular reason to a specific company. Like Facebook’s 2-way authentication – you share your mobile number to Facebook, and you trust they will store it privately. This is the part where companies need to protect your data.
At CINNOX as an example of what is data protection, we store customer data (read our Data Policy) such as your email, name, and messages. All messages are confidential and protected with encryption.
An interview with Amir, CINNOX’s data security expert on how remote office arrangements can cause an increase in data breaches. August, 2020
What is data protection?
What is data protection is one of the most common questions when it comes to online security. In 2016 it was revealed that the data from 200 million Yahoo! accounts was being sold on the darknet market. The data included account names, email addresses, telephone numbers, and dates of birth.
It was a big deal as suddenly every Yahoo! User’s personal data might have been easily accessible and dumped across the internet. Questions started being asked about how these organisations were managing data, which data they stored, consent from customers, who could process it. Following this, the European Parliament forced companies which were collecting EU citizen data to follow GDPR compliance – a huge revolution in data protection.
According to legal requirements for GDPR compliance, the following data needs to be protected:
- Name
- Address
- Telephone numbers
- Emails
- Health information
- Bank and credit card details
As well as any other data that is related to a person. For example, at CINNOX all visitor data across all of our users and their omnichannel communication through CINNOX – such as web call, video call, video conference, live chat, messaging, SMS service etc with their customers and internal team collaboration is protected in full compliance with the GDPR.
Data Security
As the way we live continues to digitise, more and more data is created and stored – think about the remote office trend with physical meetings now being done via video conference, and customer service shifting to live chat, web call or messaging. New technologies like 5G and the Internet of Things (IoT) are starting to create a lot of concern for some people about data privacy and security.
Data security refers to the process of protecting data from unauthorised access and data corruption throughout its lifecycle. This includes data encryption, hashing, tokenization, and key management practices that protect data across all applications and platforms.
Examples of data security technologies include backups, data masking, and data erasure. A key data security technology measure is encryption, where digital data, software/hardware, and hard drives are encrypted and therefore rendered unreadable to unauthorized users and hackers.
One of the most commonly encountered methods of practicing data security is the use of authentication. With authentication, users must provide a password, code, biometric data, or some other form of data to verify their identity before gaining access to a system or data.
Data security is also essential for health care records, so health advocates and medical practitioners in the U.S. and other countries are working toward implementing electronic medical record (EMR) privacy by creating awareness about patient rights related to the release of data to laboratories, physicians, hospitals and other medical facilities.
What is data protection and security at CINNOX
CINNOX embraces security as a serious matter to consider, and protecting your data and your customers data beyond the industry standard is one of our top priorities. Whether the data is collected from live chat, video conference, messaging or web call, data will not be used without explicit consent from our users.
CINNOX uses the high-level standard of encryption approved by NIST. For data encryption at rest, we are using AES-256, and for data encryption in transit, we are using TLSv1.3. For calls, we are using DTLS-SRTP. We also use the SSO (Single-Sign-On) token to allow an agent to log in with a single ID and password to several related services.
For those customers in the health industry, CINNOX complies with HIPAA (Health Insurance Portability and Accountability Act) security rules
In conclusion
We always need to think about balancing convenience and security. If we still want to have 100% security, we shouldn’t store any data at all! Or have the data, but no one can access it.
See more: What is data retention
See more: Data retention regulations for FSI
What is data protection – References:
