Law and Technology

Digital Data Privacy and Protection: What, Why, and How

Bhumesh Verma

Adoption and execution of a robust data management and risk mitigation policy is the best way to accord greatest fortification to data from the threats posed to data security


In the pre-computer era, individuals and companies used to manually document all their records and maintain large volumes of data in their store rooms, scared of the elements or theft. All that changed with the digital revolution where numerous data storage techniques obviated the need for manual documentation, making the process quick and free of hassle.

The obvious impediment was the protection of paperless data, in an age where ‘information is wealth’, and a digital mode of data storage is just as susceptible to unauthorized usage, leakage, corruption and, cyber threats. As digital storage garners wider prominence, there is an urgent need to re-look at methods of data protection and privacy.

The volume of data created and stored influences the latitude and magnitude of data protection processed employed. Of primary importance to most companies and individuals is deciding how information stored in the databases can be accessed by authorized personnel, and shared with third parties.

The key aspects of the data protection process is to build robust security mechanism to thwart any corruption or loss of data coupled with a data backup plan to restore the data in no time. Data protection is nothing but a combination of data accessibility and data management. The prospect of data accessibility will guarantee that the data users have the requisite access to the data all the time, especially during the course of business continuity and data disaster recovery. On the other hand, data management is a package of data storage (online and offline), data processing, data accessing, data security, data confidentiality and data cataloging.

Data Security Measures

The first step is to establish a robust data protection contrivance to delineate the process of handling and usage of the data, eligibility parameters to access the data, rights and responsibilities of the data users and consequences of any data breach incident. An effective data privacy policy is a combination of data management and risk mitigation along with a comprehensive reflection of the legal, business and compliance prospects.

This would include inception and execution of data privacy controls like encryption, data centres, and audit logs. A dedicated team of data security professionals would monitor the access and usage of the data.

Proper documentation of the data privacy policy and procuring an express acknowledgement from data users to obligate them to sternly comply with such policy is crucial from a legal and compliance perspective. Failure of data protection process is often attributed to the cause of lack of ownership control over the process.  Right allocation of the ownership control of the data privacy and protection policy is decisive to guarantee the act of implementation of and compliance with the policy is closely monitored.

However, a mere articulation of data privacy policy itself won’t suffice the purpose. Educating the data users about the significance of complying with the data privacy policies and consequences of breach of their data protection obligations will be decisive in the success of a data protection process. The data users have to appreciate the confidentiality value of the data and observe their respective data protection obligations. This will assist the data users to elude any potential risk of any data protection breach.

Conducting periodic risk assessments of the data protection infrastructure will assist companies in evaluating the internal and external potential threats and risks posed to the security and confidentiality of their data. Based on such evaluation, if needed, the companies must tighten up the security measures to firmly handle such risks.

Third party data transfer, which is a matter of much concern, can be addressed by controlling the access to the data to limited people and conferring protection to data from the external threats on equal footing with the internal threats.

In certain circumstances, data will inevitably get compromised, lost or corrupted. A backup plan will be vital to restore the corrupted data and to guarantee there is no loss of data. To prevent any failure of business continuity plan/data recovery plan causing loss of data, adoption of high end automated data backup techniques is the best option to guarantee there is always a backup copy of data stored and processed in the database.


Protection of data is always an exigent task for the companies and persons as it is intricate to assess the prospect of threat to data which is posed from the internal/external variants. Adoption and execution of a robust data protection policy (data management and risk mitigation) is the best way to accord greatest fortification to the data from these threats posed to the data security.

Bhumesh Verma is the Managing Partner of Corp Comm Legal.

Image Source: IT Pro


Categories: Law and Technology