Online privacy: threat & data security

Anusree Telfy C

Abstract

The use of the Internet for “online shopping”, content browsing & reading and also social networking seems to have become a part of normal life over the last century. While “Internet technology” provides several opportunities towards users, some of the quite significant drawbacks is connected to the growing ability for internet monitoring of users’ activities. Even so, electronic monitoring techniques are becoming increasingly aware of the users, resulting in their rising importance for privacy rights. The manner people interpret the extent of privacy protection once they are online affects several factors. This article offers a study of factors influencing “Internet users” understanding of privacy. Prior online data privacy work related to “e-business” centered mainly on the data privacy aspect and it was associated about how an online organization gathers, stores and manages confidential data from customers. The main purpose of this article is to provide an overview of the data perception elements of various Internet users across multiple realms of privacy, and even some of its possible conceptualization. Furthermore, study about the data protection laws and date security techniques.

Keywords: online privacy, data protection laws, data security, data security techniques

Introduction

“Online privacy” is indeed an essential part of this age. While the Internet has expanded and evolved in the last fifteen years, there has been a greater risk of fraud or identity theft. Once you add the threat of bank fraud, viruses, malware, and the proliferation of “social media”, safeguarding your confidential info on the web is more relevant than ever. In general, most users are now using the Internet in a certain way. Probably you can use the “online banking” to establish automatic payments. If we are posting daily on Instagram, or on Facebook keeping up with our school mates. we were probably just browsing the web for the latest news and sporting results. The way you use the Internet; there’s your personal data for all to search online. The latter in itself is a fearsome thing. Although while we have never pressed a mouse, signing up to a newsletter, or created a social media page, there will always be “bits” and pieces that can be found online by others. Moreover, this knowledge possibly would lose value without our permission. Users will probably want to shield their data from corporations to use this for their personal benefit, of course. There are several times, though, where data stored will find things simpler for someone like to search and shop by using the internet. For example, details can be exchanged with multiple parties relevant to your “credit history” or “car insurance”, and the Network enables that to occur easily and effectively. If users take out a “loan”, the creditor will check online, that will evaluate all relevant information on their payment records (from either the number of “credit cards” and unpaid bills, all the reason to liquidation documents). Such data sharing isn’t necessarily in their better interests, still. If we were already utilizing our “laptop”, “tablet” or even “smartphone”, these will monitor and control our online behavior to evaluate our features. Our position, the internet sites, or adverts we click on it will be encrypted, those we disregard, and far more. This knowledge is then essentially sold for profit-and it may eventually end up elsewhere. Sometimes internet users would be consistently rated in today’s society, obviously, it depends mostly on the probability that they will be prospective buyers. So it’s understandable why we want to protect our privacy details for any of these purposes alone.[1]

Online Privacy

“Internet privacy”, also known as “online privacy”, encompasses the privacy rights with reference to reusing, encrypting, providing third – party vendors, and communicating data about ourselves through the use of the internet. This also impacts the amount of protection of private demise accepted for publication via the web and seems to be a wide-ranging concept that relates to a range of activities, considerations but also innovations often used safeguard confidential and sensitive schedule, priorities, as well as communication services. Even though “e-commerce” continues to begin to gain web-based traction, online privacy has now become incredibly essential for businesses and “IT service provider” management. People and businesses proceed for being vulnerable to risks but also infringements with confidentiality, even as danger of data coming further into arms of “cyber criminals” is higher now than before. “Online privacy” is a major concern for online consumers who intend to open social media platforms, create an “online purchase”, even participate engage in “online games”, because they just want to protect their identity. The “identity” of a victim can still be taken away or even used dishonestly by “cybercriminals” that merely negotiate the login details of the victim.[2]

The privacy delinquent

Two major contributing factors to the internet privacy dilemma:

• The intrinsically accessible, undetermined essence of the internet and
• The difficult and complicated, seepage-prone sharing of data from several Web-based payments involving the exchange of complex, private data.[3]

We should compare the Internet to conventional, locked, probabilistic multi-access structures, along with large companies, to understand the very first aspect. Hardly established customers with such a set of predetermined advantages could even connect source data within such frameworks. Mostly on the other hand, the internet is indeed an amazing way wherein information is made available to multiple as well as subjective unauthorized individuals. Instances of the second reason include applications involving interactions between people and the government, customer service-business, “business-business”, and corporate-government. In most of these frameworks, private details submitted to something like a specific group by a service provider may have been exposed to one or more of these parties. Besides the underlying functionality including its process.[4]

The protection of Web privacy does have a major effect on several Online practices and online services. From those, two of the greatest illustrations are “e-business” as well as electronic administration. Throughout the “e-business” sense, breaches of privacy appear to be correlated mainly of sales tactics. Classic problems occur whenever companies collect, store, process, and share expectations of its consumer’s aim of providing personalized products or services. Such clients in several instances don’t openly approve companies in using one’s confidential info. Furthermore, there is indeed a reasonable fear which businesses would be compelled to reveal personal information about customers through the court. For instance, in the “Recording Industry Association of America (RIAA) v. Verizon (summer 2002)” the “music recording industry” pressured ISPs into revealing IP information about the user who reportedly had pirated music. Digital administration seems to be another group of operating systems where online privacy has become a critical problem. Governing agencies gather, store, process, and communicate private information regarding thousands of citizens. Privacy of a person is something like by legislation that should be implemented by government entities as well as any commercial enterprise which communicates to each other. Subscribers try to put so much faith in “government agencies” than “businesses”. Police departments, even so, are also at variance to civil rights groups over gathering private information. Law enforcement authorities get a strong desire to buy and researching knowledge about innocent people.[5]

Data Protection Laws in India

“Data Protection” means a set of data protection laws, rules, and standards aimed at minimizing privacy encroachment associated with personal data collection, storage, and dissemination. Private details originally referred to data information related to the user identifiable from the whole information if it is obtained either by government or corporate institution or agency. India’s Constitution doesn’t provably offer basic privacy rights. Nevertheless, the courts further interpreted the privacy rights into another current fundamental human rights, – i.e., “freedom of speech and expression” under Art 19(1)(a) as well as the “right to life and personal freedom” under Art 21 of the Indian Constitution. That being said, under the Constitution of India, these Fundamental Rights are subject to the conditions laid down in Article 19(2 ) of the Constitution which the State can sometimes implement.[6]

India currently has no explicit laws regulating “data protection or privacy”. The appropriate privacy laws in India are, that being said, the “Information Technology Act, 2000” and the “Indian Contract Act, 1872”, respectively. In India, defined privacy legislation is likely to be established throughout the coming years. The “Information Technology Act, 2000” addresses matters related to the payment of compensation (Civil) and penalty (Criminal) in the event of fraudulent exposure and manipulation of private information and breach of contract agreements regarding private information. Under section 43A of the (Indian) Information Technology Act, 2000, a corporate body that owns, distributes or manages any confidential private information or details or is delinquent in enforcing but sustaining fair cybersecurity standards culminating in unfair harm or benefit to another individual, therefore said industrial entity may be considered liable for paying penalties to a certain person. It is necessary to remember that during these cases there is still no maximum bound defined again for damages which may be sought either by an injured party. [7]

The “Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules,2011” were informed by the Government of India. The “Rules” deal mostly with the safety of “confidential information or an individual’s details” that mostly involves some rather private info consisting of information concerning:-

• Passwords;
• Financial information, such as bank account, credit card , debit card or other details of the payment instrument;
• A condition of physical , physiological, and mental health;
• Orientation to sex;
• A history and medical records;
• Biometric info.[8]

The rules include the appropriate data security including procedures that must be followed by the corporate entity or indeed any individual who gathers, accepts, owns, stores sells, or handles data on behalf of the corporate body. In the event of any violation, the “corporate body” and any other individual working on behalf of the “corporate body”, the “corporate body” can be held responsible for paying compensation to the individual so harmed. Following section 72A of the “Information Technology Act, 2000”, the release of knowledge, intentionally and knowingly, even without individual’s consent involved and in violation of the contractual agreement, was also punishable with imprisonment for a period of up to three years and a fine of up to Rs 5,00,000.[9]

Online Privacy Threats

To be online is part of normal life, with “Wi-Fi hotspots”, cellular networks and wireless networks covering nearly all of “Britain”, the United States and other advanced countries. Though this provides everyone with an inordinate number of data on the web, instead it reveals the vast majority of the internet community to remarkably substantial quantities of everyone’s private details. All kinds of data from your surfing habits through to your birthday, address and marital status can be obtained from your online presence, depending on the websites and services you use.[10]

1. Web Tracking – Access the internet with any span of years and that you can find site-to – site ads which are loaded by items that might just have looked at ago. It’s because they watch you. Historically, browser logs have been utilized for monitor website surfing through a fragment in information embedded through the browser, however certain methods similar like “MAC address” including profile monitoring may be implemented to know whatever you’ve done on the “web”. Although other citizens don’t consider these, others would consider it quite an infringement of online privacy, opting to just have advertisements offered up to them and that become important to certain concerns.[11]
2. Data Collection – Although monitoring might track users throughout real-time, there seem to be several online types of specimens that would gather their browsing information and transfer their “MAC address” among 3rd party marketers and corporations. With any of these user information, users had no real contact with that can develop up an excellent profile of clients internet browsing attitudes. So this applies with “mobile apps”, that will great options to clients mobile number, contact details as well as other broader phone activities to deliver user of there facilities.[12]
3. Lack of Security – “Websites” and “online” systems which do not have the recent and perhaps most efficient data protection, could even retelling hackers at threat the relevant data which they may carry about you and the dimensional analysis among both clients “computer” and a web server. Online sites, for instance, that use the today-outdated “HTTP” web message format, instead of the more reliable HTTPS, fail and essential connection between a device or “smartphone” and indeed the database to something which links. The latter ensures that data moving between some of the 2 places can still be tracked for some more sinister reasons by several other organizations or even snooped on and stolen by the hackers.[13]
4. Connecting together – A lack of safety guidelines across the cloud computing, the unified term given to smart connected systems, implies that certain machines might have not authenticated links to just the databases which control everyone’s advanced features and might be susceptible to easy malware, trying to make others to prime targets besides computer hackers. Or instead, devices and sensors speakers might eventually wind up reacting to us all the while, instead of only reacting to either a trigger word, which would have been a huge violation of privacy, either knowingly or otherwise.[14]
5. Public Wi-Fi – For that stuff that we’re doing through phones and other devices, this can be simple for plow quite easily via cellular data limits, making logging into “public Wi-Fi hotspots” often quite attractive. However the issue is that they also have poor protection or no form of encryption, which means whether hackers could conduct surveillance onto information transmitted through their computer, the “hotspot” and the internet. Most hotspots have such a “web portal” which allows users either divide up through either “email” or “login” through “Facebook or Twitter”, suggesting users want to divide up a few of their personal information, potentially open up email spam or compel you to allow Wi-Fi to connect those posts on social media.[15]
6. Social Networking – An open Facebook profile is probably the dream of a stalker, with all kinds of personal details, from the current city of residence to phone numbers and photos for browsing and shopping. However on “Twitter”, many users frequently post photos tagged with their location, all of which help the public to understand their locations with relative precision, and even let experienced robbers know because you’re not at the house. Privacy settings on various social media platforms are being enhanced to restrict private information to those friends or perhaps to choosing contacts.[16]

Data security

Data protection is a collection of devices and protocols that protect data from damage, alteration or disclosure by deliberate or accidental means. Data protection can be implemented that used a variety of methods and technologies, involving manual handling, physical protection, conceptual checks, company policies, as well as other protection mechanisms that restrict unauthorized access or “malicious users” or procedures. Data protection is primarily aimed at protecting the data an entity gathers, preserves produces, collects, or communicates. Compliance is an important concern, too. Every computer, system, or method is being used to handle, store, or gather data, it must have been secure, regardless. Infringements of the data can lead to legal proceedings as well as heavy fines, never to consider the damage to its reputation of a company. Today more critical than ever is the importance of protecting data from security threats.[17]

Types of data security techniques

There are several tools and resources for data protection which can help the efficiency of every enterprise whereas protecting the information. Forms of security measures on data include:

1. Authentication – Authentication is one of the preferred ways to improve data protection and defend against security breaches, together with the authorization. Authentication technology checks whenever experience and qualifications from a browser match individuals who encrypted in one’s database. Standard authentication mechanisms in today require the use of a variety of order to determine a user’s identity like “passwords”, “PINS”, “security tokens”, a “swipe card”, or “biometrics”.[18]
2. Access control – Authentication and authorization happen via the mechanism called “access control”. Control systems for the connectivity can include: Discretionary  access control (the least restrictive), which enables access to services based on individual or community identity; Role-based access management, granting access based on organizational position and allowing users to access relevant information only, And compulsory access control, enabling an operating system to particular organization access to key data.[19]
3. Backups & Recovery – Recognizing data security often requires proper planning here about how to access data from everyone’s customers and the company in case of any failure, tragedy, malicious activity, or violation. It is an essential practice to do daily data backups to assist with this kind of connectivity. A data backup comes from making as well as collecting copies of the data on either a completely different system or moderate including tape, disk, or cloud. Users would then use the archive to restore missing information.[20]
4. Encryption – Using an algorithm (called a cipher) and an encryption key to turn normal text into encrypted ciphertext, data encryption software effectively enhances data security. The cipher data would be unreadable to an unauthorized user. Then, only a user with an approved key can decrypt that data. Encryption is used to encrypt the data that you hold (called resting data) and data that is shared between databases, mobile devices, and the cloud (called transit data). You need to safely manage several “encryption keys”, such as securing certain vital control systems, maintaining a safe, “off-site encryption” backup and denying access.[21]
5. Data masking: Data masking software covers data through blurring puppet-character “letters” and “numbers”. The data, behind its erasing, will still be there. The program only converts the information back to its initial form when it is obtained by an approved user.[22]
6. Tokenization: Tokenization replaces confidential data with non-algorithmically reversible, random characters. The connection between the data and its credential variables is stored in a secure database lookup table, instead of just being developed by either a “mathematical algorithm” (as in the case of encryption) and decrypted. The symbol describing the true data is often used as a substitute in various networks, whereas the actual data is collected on a distinct, protected database.[23]
7. Deletions: Since electronic data is no longer required and therefore should be completely cleaned out of the network, exclusion may replace the data in such a way that it would be irreversible. Erasure is distinct from deletion, which seems to be a method which merely conceals data in a manner that it would be easy to extract.[24]

Sharing Data While Online Shopping

As a basic rule, just show what is necessary to finish one’s order. Even as “social media” like “Facebook” and “Twitter” had already contributed to either a “sharers” culture, there are just some specifics about ourselves that no online store deserves to realize concerning. Often retailers seek to gather additional information, like “annual household income” or preferred forms of media, however typically through commercial purposes only. It’s often innocuous, and therefore reporting of irrelevant data often can give rise to “spam”, “telemarketing calls” or “worse”. When making online transactions certain types of information should never be shared. Our “Social Security Number” (SSN) will be a prime example. An intercepted SSN could lead to identity theft, with the abundance of other personal data that may already be online, including your birth date and mailing address. Also, don’t disclose either detail if you don’t have a safe link, meaning it’s encrypted (look for “https” or a “padlock picture” in front of the URL).[25]

Conclusion

In Conclusion, one’s “online privacy” is quite necessary because of the many web technologies, programs, threats, and bugs that await every opportunity to capture personal information from anyone. Since all individuals were able to protect themselves by using the right tools, those who would have been much safer, so it would be more difficult to get their private details hacked. Anybody who uses the internet will consider this knowledge into account could well ensure they secure their privacy and retain protection in the future. The need for online privacy seems to have become a worldwide problem all concerned ‘s focus. This would be the reason why “online service providers” will undertake precautions to ensure this certain consumers’ privacy rights are granted. To help reduce their problem, online users also need to be educated and empowered with better privacy handling tools. The government is also doing its best to control online privacy via implementing regulations like the “Federal Trade Commission ( FTC)” that says unequivocally that internet service providers should have a say on their privacy “(Mercatus.org, 2015)”. Information technology is a complex concept that has caught the media, legislatures, researchers, and the manufacturing sector ‘s interest. Whatever it might be, yet it is represented, the interest that alone creates would be beneficial because it motivates evaluation upon this “privacy protection” backward as well as prospective. To those who want clear principles of privacy embodied throughout the systems that infuse the physical experience, it is useful to examine what all the principles are and how much options are needed for embedding the

---

[1] Introduction to online privacy, available at : https://www.premierchoiceinternet.com/online-privacy/chapter-one.html (last visited on May 10, 2020)

[2] Meaning of Online Privacy, available at: https://www.dynamixsolutions.com/what-is-internet-privacy-and-what-does-privacy-mean-to-you/ (last visited on May 11, 2020)

[3] The Privacy Problem, available at: https://www.computer.org/csdl/magazine/sp/2003/06/j6040/13rRUwd9CJP (last visited on May 11, 2020)

[4] Ibid.

[5] Supra note 4

[6] The Data Protection Laws in India, available at: https://www.mondaq.com/india/data-protection/655034/data-protection-laws-in-india–everything-you-must-know (last visited on May 11, 2020)

[7] Id.

[8] Supra note 7

[9] Ibid.

[10] 7 biggest privacy threats online, available at: https://www.pocket-lint.com/apps/news/143404-7-biggest-privacy-threats-online (last visited on May 12, 2020)

[11] Id.

[12] Supra note 11

[13] Ibid.

[14] Ibid.

[15] Ibid.

[16] Id.

[17] Data Security, available at: https://www.forcepoint.com/cyber-edu/data-security (last visited on may 13, 2020)

[18] Types of Data Security Controls, available at: https://looker.com/definitions/data-security (last visited on May 13, 2020)

[19] Ibid.

[20] Ibid.

[21] Id.

[22] Supra note 19

[23] Ibid.

[24] Ibid.

[25] Privacy and Online Privacy, available at: https://consumer.findlaw.com/online-scams/privacy-and-online-shopping.html (last visited on May 13, 2020)