Skip to main content

Apply Data Privacy Principles

Learning Objectives

After completing this unit, you’ll be able to:

  • List 10 key privacy principles.
  • Explain how the principles can be implemented in your organization.

Privacy Principles

Now that you have a good understanding of data privacy basics, let’s dive into some principles and how they apply to your organization. Although legal requirements vary globally, there are some common principles that provide the foundation for many privacy laws. Let’s delve into these principles which we introduced in the previous unit.

Fairness and Transparency

Organizations should process personal data lawfully, fairly, and in a transparent way.

Your organization may implement this principle by processing personal data in accordance with applicable laws and the privacy commitments or service level agreements (SLAs) made to your customers and end users. As aforementioned, it’s also a good idea to publish a privacy statement on your website detailing what personal data is collected in your capacity as a data controller and why, including information collected through cookies and analytics. In your privacy statement, it’s important to indicate the information types that you will not collect. Ultimately, no matter how you receive privacy data, you should obtain consent before processing it. 

Purpose Limitation

Organizations should process personal data only for specified, explicit, and legitimate purposes. 

At your organization, this means that anytime you collect personal data, you clearly communicate and are specific about how the data will be used. In most cases, if you want to use the data for something other than what was communicated, you must present a valid legal reason and seek permission before processing it.

Data Minimization

Organizations should only collect the minimum amount of data necessary for the processing purpose in question. 

Your organization shouldn’t collect personal data unless it’s necessary to perform your offered services. Under the General Data Protection Regulation (GDPR), personal data shall be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed,” while the Healthcare Insurance Portability and Accountability Act (HIPAA) calls this the “minimum necessary” rule.

So, how does data minimization work? Let’s say you’re building an internal mobile app for your organization’s complimentary shuttle bus offered to employees. The data the app needs to collect and process includes employee personal data such as their home and office addresses, and other basic information (that is, name and phone number). However, the app doesn’t need an employee’s date of birth, ethnicity, or health or financial information. Since this additional information isn’t required, you shouldn’t collect it.

Accuracy

Personal data should be kept accurate and up to date.

As a service provider to your customers, your organization needs to make sure your systems contain accurate records and reflect customer changes to data when they occur. Any data that’s considered inaccurate must have mechanisms to immediately erase or correct it.

Data Deletion and Retention

Organizations should only store personal data for as long as it’s required and for the originally intended purpose.

Your organization shouldn’t keep data for an indefinite period even if it may be used in the future. Clear time frames should be established for when data is deleted with rationale for why the data is retained for that length of time. For example, you may need to retain security log files for certain periods of time to identify and track malicious adversary behaviors. However, the period still must remain finite, with supporting rationale. You should also be aware of data retention laws for specific types of data, such as legal documents, within the country where your organization provides that service.

Security

Organizations should use appropriate technical and organizational security measures to protect personal data against unauthorized processing, accidental disclosure, loss, destruction, and alteration. 

Your organization needs to ensure that security systems adequately protect data. You can also help protect and secure the data you store through privacy enhancing techniques. Let’s discuss a few.

  • Data segregation is the division of data into various data categories for the purposes of dividing or restricting access to different classes of data. Using this technique allows your organization to create separate access rules for datasets or different groups of users, ensuring that only authorized individuals have access.
  • Encryption is a security method where information is scrambled into an unreadable format that can be accessed or decrypted only by a user with the correct key. Encryption protects the confidentiality of the data.
  • Pseudonymization replaces the information that can identify a subject with pseudonyms or identifiers. It reduces the chance that personal data records and identifiers can identify an individual.
  • Anonymization is the process of protecting private or sensitive information by erasing, obfuscating (masking), or encrypting it. It removes all identifiers associated with a person.

Other security measures may exist at your organization to support data protection. It’s recommended that all employees with access to computing systems receive privacy training regardless of position, and read and acknowledge employee acceptable use policies.

Accountability

Your organization should create policies and implement processes that demonstrate you’re in compliance with privacy laws, regulations, and principles for data privacy.

You should take measures to advance privacy through design and privacy by default.

  • Privacy by design: Privacy by design occurs when an organization begins planning for a new or improved process, or activity, or when developing a new product, service, or feature.

When your organization builds a new product, they should consider privacy policies and principles during the plan and design phase. It’s important to include all relevant stakeholders in this planning and design process, and legal teams, to make sure privacy is a priority and that your organization is abiding by the law.

  • Privacy by default: Organizations should choose the most privacy-friendly default settings when collecting, processing, or storing personal data. For instance, if you were to sign up for an online social network account and plan to use one of its services, they may say they’re compliant with the privacy by default principle, requiring just your name and email address to function. However, if the social networking account immediately starts sharing your location or any other data outside of name and email address, they’re not adhering to the privacy by default principle.

Individual Rights

Privacy laws also detail a data subject’s rights to their personal data. These rights include:

  • Data subject access request: Data subjects have the right to access a copy of any personal data a controller holds about them and receive confirmation that a controller is processing their personal data. They’re also entitled to details about the purposes of the processing, the categories being processed, how long the data is stored, and with whom the personal data has been shared.
  • Right to object: Data subjects can, in certain cases, object to how their personal data is used.
  • Data correction: Data subjects can request that their personal data is corrected or completed if it’s inaccurate or incomplete.
  • Restriction: Data subjects can request that a company stop processing their personal data in limited circumstances.
  • Right to deletion: Also known as “the right to be forgotten,” or under GDPR, the right to erasure, this empowers data subjects to request that a controller delete their personal data under certain conditions. Because the US is sectoral-based regarding privacy, most US privacy laws don’t have this right. One exception is the Children’s Online Privacy Protection Act (COPPA).
  • Data portability: Where applicable to the type of processing, data subjects have the right to ask a controller to provide their personal data in an exportable format so they can transmit their data to another controller.

Your organization’s obligation as a service provider is to assist your customers to manage these requests. As a controller, you’re responsible for complying with data subject requests, and the systems you use to manage personal data should accommodate such requests, including access, correction, deletion, and portability.

International Transfers

Certain countries and regions, such as the European Union (EU), restrict the transfer of personal data outside the country or region of origin unless the destination has implemented sufficient safeguards to guarantee the data is protected. If your organization operates internationally, you should implement measures that ensure you can legally transfer personal data across these boundaries.

Globe with arrows going from one country to another, which symbolizes international data transfers

Data Protection Impact Assessment 

When your organization collects, stores, or uses personal data, the individuals whose data you’re processing are exposed to risks. These risks range from theft with the intent to impersonate an individual, to accidental disclosure. Within GDPR, your organization is required to conduct a Data Protection Impact Assessment (DPIA). According to the Commission Nationale de l'Informatique et des Libertés (CNIL), a DPIA is designed to assess data likely to result in a high risk to the rights and freedoms of people, and to identify and minimize these risks as early as possible. Your organization may want to consider conducting a DPIA before launching data collection or processing activities that pose higher risks to data subjects.  

Sum It Up

You now have a better understanding of privacy principles and how to apply them to your organization. In the next unit, you learn about customer data and the role that data custodians play to protect it.

Resources

Condividi il tuo feedback su Trailhead dalla Guida di Salesforce.

Conoscere la tua esperienza su Trailhead è importante per noi. Ora puoi accedere al modulo per l'invio di feedback in qualsiasi momento dal sito della Guida di Salesforce.

Scopri di più Continua a condividere il tuo feedback