Balancing the risks of Data Portability

Data portability refers to the right granted to individuals to access and transfer their personal data between services, as enshrined in modern data protection laws such as the GDPR. Advocates argue that data portability enhances consumer choice and fosters competition by making it easier to switch providers, thus reducing service provider lock-in. Just as number portability empowered consumers to switch mobile providers without losing their phone number, data portability allows users to move their digital history, preferences, and identity between digital services. However these benefits come with significant risks. Poorly implemented systems and weak controls could allow fraudsters to impersonate users and extract sensitive data. Cybercriminals may spoof new extraction requests or intercept poorly secured transfers, turning a consumer-friendly right into a new attack vector. ...

2 min

Data Loss Prevention (DLP)

Data loss prevention (DLP) helps organisations protect sensitive information from loss, misuse, or unauthorised access. DLP is a strategy and set of tools designed to prevent sensitive information from leaving an organisation’s control or being accessed by unauthorised users. It works by identifying, monitoring, and protecting data in three states: when it’s being used, when it’s being transferred (such as over a network or email), and when it’s stored on devices or servers. DLP tools use content inspection and security analysis to achieve this. ...

1 min

Data Privacy

What is data privacy? Data privacy refers to the proper handling, processing, storage, and use of personal information to protect the confidentiality and integrity of individual’s data. It ensures that personal information is not only secured, but also remains accurate, and is only used for its intended use. Data privacy encompasses the policies, procedures and practices that organisations adopt to ensure personal data is collected, used, and shared in a lawful and transparent manner. These practices must comply with legal obligations such as GDPR and other application data protection laws, and must extend beyond the organisation itself to include third-party vendors such as data processors who may also be handling the data. ...

2 min

Data Subject

A data subject is an individual (natural person) whose personal data is collected, held, or processed by an organisation. Under GDPR and other related laws, data subjects have specific rights regarding their personal data, including the right to access, correct, and request the deletion of their data. Further reading Data Subject Definition in the GDPR act Related pages GDPR

1 min

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy. Further reading General Data Protection Regulation (GDPR) - GDPR Summary EU General Data Protection Regulation (GDPR) - PCPD Hong Kong

1 min