My Data, My Safety!
The necessity for data protection policies.
With Covid-19 came free seminars and mailing lists to learn from- one of the many gifts of the dot.com era. Many of them dwell on the happenings of the world and some dwell on subjects like leadership, life issues and employment. These seminars due to their virtual nature require details such as one’s name, email address and telephone number which would be inputted with all sincerity since it is a requirement to attend the seminar.
However, giving out this information should be no problem till you start receiving unsolicited emails from some of these organizations. I have discovered that some of these seminars are just for publicity in order for them to have your email address and add it to their mailing list and it should be a serious problem when you request to not be added and you are still added. In all honesty, some of these seminars have been termed as a strategy for “growing your mailing list”. It is easy for the average Joe to say that you should unsubscribe, but we are in a world where information is power and enough power is given once the person has access to your details even without making use of it.
In my home country, Nigeria, a man (let’s call him Paul) in the exercise of his freedom of expression published a statement online. When the politician towards which the statement was directed saw it, he got in touch with Paul’s service provider and got his name and home address. He made use of this information to send thugs to his home to “deal with him”. It didn’t end well for him. Besides, I believe the politician should have instituted a defamation lawsuit against Paul rather than take the law into his own hands. This instance is one of the many reasons I believe that there should be ample focus on data protection.
There is a duty of care on every organization big or small to protect any information that is transmitted to them in the course of dealing with a client or an individual. There are principles according to the Global Data Protection Regulation guiding the use of collected data such as;
1. Fairness and Legality: this means that there must be legitimate grounds for collecting your data. The Organization must be fully transparent as to why they are collecting your data and ensure that it is used the way you expect. This was applicable in Paul’s case as network providers need this to confirm the identity of each individual.
2. Specificity for Purpose: Personal Data should be used only for the original purpose for which it is collected. The data must also not be shared without consent. Organizations must be open about their reasons for obtaining personal data and what they use it for. Paul’s Data was shared with the politician without his consent and was not used only for the original purpose for which it was collected. This was wrong.
The first two guidelines were breached in Paul’s situation and the guidelines should be kept hand in hand so technically, they breached all. However, the first two might not apply to you, so I have included the other regulations covered by the Global Data Protection Regulation.
3. It must be adequate and for only what is needed. Organizations must avoid holding more information than necessary.
4. Accurate and up to date.
5. Not kept longer than needed. Data that is out of date or no longer necessary must be properly destroyed.
6. Take into account people’s rights; you have a right to stop your data from being used.
7. Kept safe and secure; There must be adequate security in place depending on what the potential repercussions of a data breach might be.
8. It must not be transferred to another country with lower security standards and without explicit consent.
These are the regulations that must be followed when it comes to protecting one’s data and at all times, it must not be breached. Let me know your thoughts and do send me an email at firstname.lastname@example.org.