Data protection is vital to all business process management, regardless where data is gathered, analyzed, processed, stored or communicated. Data protection is everyone’s business and concern. Those who collect and process data have a duty under various laws to maintain the confidentiality and security of that data.
What is “Data Protection”?
By definition, the protection of data from hackers and intruders, as well as authorized parties abusing their access privileges, is particularly sensitive for enterprises that collect data from commercial transactions. As a data processor, the outsourcer needs to offer sufficient comfort that such data will be secure and used only for processing transactions in accordance with instructions in the statement of work. As a data owner, the enterprise customer has a duty to its customers, suppliers, employees, regulators, shareholders and management to seek and verify the conditions that might give such comfort.
How Does “Data Protection” Differ from Privacy Rights?
Data protection differs from privacy rights. Privacy rights involve the right to freedom from unwanted intrusion into one’s personal life.
Instead, data protection is a function of security and is intended to protect the data from abuse that could result in identity theft, extortion and other crimes that might occur even though there is no invasion of privacy. In turn, security depends on technology, the authorization levels for individuals and the monitoring of suspicious or abusive access by both authorized and unauthorized persons. Accordingly, data protection is one of the first elements for inspection during due diligence.