Cloud Computing: Personal Data Privacy Strategy and Security Analysis

Verified

Added on 2020/03/28

AI Summary

This report examines the critical aspects of personal data privacy within cloud computing environments. It emphasizes the importance of systematic data handling to prevent misuse and protect sensitive information. The report explores various privacy controls and mitigation plans, addressing risks such as malicious activities, data loss, unauthorized access, and modification. It also outlines personal data protection strategies, including security measures, data lifecycle management, and archiving techniques. Furthermore, the report details recommended strategies for addressing data breaches, including containment, risk assessment, notification, and prevention of future incidents. The analysis includes practical implementation steps, referencing relevant guidelines from the Australian Communications and Media Authority (ACMA) and the Office of the Australian Information Commissioner (OAIC). The report highlights the significance of data security, breach response plans, and the protection of personal information to maintain trust and prevent financial, reputational, and emotional harm.

Cloud Computing
Student’s Name
University’s Name

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Personal Data Privacy Strategy
1. Security of personal information
a. Data analytics has changed drastically and it is quite challenging to use data
in a systematic and right manner so that the data is not misused. Along with
enormous social and economic benefits, it accumulates threats and
challenges. The data which is given by a person or an individual which
might be any opinion that has been provided should not be disclosed
because of its sensitivity and also trust that has been put on the organization
(OAIC, 2016).
b. To get or access personal information of an individual who has an identity,
they first need the permission to retain the information of the particular
individual. And also, after retaining the sensible data, organization should
take enough steps to protect the sensible data to not fall in the hands of
misuse or allow any authorized access to the data which can be exposed.
c. Guidance should be properly given under any circumstance such as:
i. Misuse – This is done for the usage of direct marketing and also used
in government related identifiers (OAIC, 2015).
ii. Interference – Expose of personal information but the data cannot be
overwritten.
iii. Loss – loss of personal information is addressed in this section.
Failure of keeping adequate backups will result in system failure.
iv. Unauthorized access – Access of personal information who should
not be available for accessing.

v. Unauthorized modification - Occurs when the entity is not allowed
by someone who is not authorized to access or retain the
information.
vi. Destroying personal information – when the organization founds that
the related data stored is not up-to-date, personal data present in the
database should also be deleted. This will also help in freeing the
memory and increasing the speed of processing (OAIC, 2015).
2. Access to personal information
a. Suppose say that the organization you work in has a process of receiving
and responding to the privacy enquires, requests and also complaints that are
raised by the individuals for accessing to their personal information. Now,
does the organization has a procedure of capturing these service? If yes then
the data should be very carefully handled as the data is more sensible
(OAIC, 2017).
b. With the type of request and information that has been provided by the
consumer, the complaints will first get register and will be assigned or will
be directed to the appropriate staff for completion of the request (OAIC,
2014).
c. Along with the request or complaint, to access the information for the
organization, the organization needs minimum requirements to access the
personal data which comes with a security constraint that is, the data will be
available for only certain time period of time and also this comes with
certain benefits to the personal because one has the right to explain why the
refusal for not providing whole information and written notice will act as
invoice which is also a right way to be known that the organization has

utilized the individual personal data at certain time to certain complaints to
be resolved.
Privacy Controls Recommendations
S. No. “Privacy Controls
Risks
(Personal data)”
“Mitigation Plans” “Implementation
“
Student 1 Student ID
1. Malicious activity
risk of personal data
(ACMA, 2013)
1. Communication
strategy – the scope of
contexts is huge here.
This requires knowledge
on digital literacy with
which they can handle
privacy issues.
1. Consumers
must be having
knowledge about
the service that the
organization
provides to secure
their information
and along with
that, organization
should educate
their consumer to
its 100 percent
usage.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2. Loss – it occurs with
the following
reasons:
1. Unauthorized
access which
results in
modification of
data or the data
can be erased
completely.
2. It can also be a
possible case
when natural
disaster occurs
and the data
gets affected.
3. And it doesn’t
apply if the data
has been
removed with
intention in
which case it is
done under the
surveillance of
the organization
and the
4. Store the personal
information which
is necessary on a
physical device and
also on a cloud-
based system so
that the data can be
recoverable.
1. Always
backup data
should be
tested
whether it
can be
recoverable
or not.
2. Backup data
has to be
updated
timely so that
the data
remains sync
with the
original data.
3. Needs to be
tracked about
the place
where the
data has been
stored and is
it a place
which can be
considered as
safe to store

Personal Data Protection Strategies
Firstly, what is personal information security is one should know. It is a information
about an opinion or it can be about identifying the individual which one can get recognized.
This might include some personal information which might be a person’s name and address.
It can be medical records of the person or it can be bank details, photos, videos about the
person and also work place, likes, opinions etc (OAIC, 2015).
Now the one significant domain in the personal data is the sensitive information.
Sensitive information here can be health information for example. Now we have basic
understanding about the personal data and dwelling in the core topics which are:
1. Security of personal data – As in the introduction of personal data, IT (Information
Security) will provide all the measures to prevent any sort of attacks to be covered
with the data that is available either on cloud or any database. It is more about
ensuring the data and if the data is mishandled, it can cause severe issues both
economically and physically to the customer. And in return, this is loss of trust to
the organization and also will lose the reputation in the social space. In securing the
personal data, it is handled by a lifecycle method which involves the following
steps (OAIC, 2015; OAIC, 2014):
a. First figuring out the data which data should be kept personal so that the
actions can be carried out on it (OAIC, 2015).
b. A plan is necessary to hold the personal information which is accompanied
with privacy protections at design and development phase.
c. List out the issues that will be associated with the design and also with the
data that is been shared. List down the best practices to be followed in case
of damage.

d. Take appropriate steps and formulate best strategies to mitigate and protect
personal information that is being held.
e. Destroy or de-identify the information of the personal when the personal
information is no longer required (OAIC, 2015).
2. Archiving of personal data – Before the data is been lost, it is important to make
copies of the files which are important and then store the files on any physical
device or store the files on any cloud-based platform so that it serves as a backup
storage solution in the future. With recovery, there are certain key points that has to
be taken care of. Such as:
a. How often the backups are been run?
b. In backup, does it contain the files which is important to be backed up?
c. How fast can the data be recoverable?
d. In the backup data, is a review process will be held on:
i. Destroying or de-identified data
ii. If required by law, will the data be ready available which will serve
as blue print?
e. Are backups tested to check if the data is recoverable or not?
f. If the data is stored on any physical device, is that device is kept at a safe
place?
g. Are the backup files are stored remotely so that they can be protected from
the natural disasters? (OAIC, 2015)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Recommended Personal Data Protection Strategy
S. No. Privacy Controls
Risks
(Personal data)
Mitigation Plans Implementation

1. Data breaches –
typical cases:
1. Loss of personal
laptops, storage
disks etc.
2. Database being
hacked.
3. Employees
disclosing the
personal
information
4. Stolen records
(OAIC, 2014)
This is a serious
issue because with
data breach one can
gain advantage on
the following points:
1. Theft to the
identity.
2. Financial issues
3. It is a threat to
the physical
safety
4. A threat to the
1. First contain the
breach and a
preliminary
assessment should be
done.
2. Evaluate the risks
that are associated
with the data breach.
3. Notify when the data
get breaches.
4. Prevention of future
breaches in data.
In step 1, first
preliminary
questions should
be noted and
sorted down such
as:
1. What
personal
information
is affected
with the data
breach?
2. What is the
cause of the
breach?
3. What is its
extent?
4. What are the
harms done
so far to the
data?
5. How will the
data is
restored?
At step -2, one has
to access the

References
ACMA. (2013). Privacy and digital data protection Occasional paper 4. Australian
Communications and Media Authority.
OAIC. (2014). Chapter 10: APP 10 — Quality of personal information. Office of the
Australian Information Commissioner.
OAIC. (2014). Chapter 12: APP 12 — Access to personal information. Office of the
Australian Information Commissioner — .
OAIC. (2014). Data breach notification — A guide to handling personal information security
breaches. Office of the Australian Information Commissioner.
OAIC. (2015). Chapter 11: APP 11 — Security of personal information. Office of the
Australian Information Commissioner .
OAIC. (2015). Chapter 7: Privacy assessments. Office of the Australian Information
Commissioner.
OAIC. (2015). Guide to securing personal information. Office of the Australian Information
Commissioner.
OAIC. (2015). Privacy regulatory action policy. Office of the Australian Information
Commissioner.
OAIC. (2016). Consultation draft: Guide to big data and the Australian Privacy Principles.
Office of the Australian Information Commissioner.
OAIC. (2016). Guide to developing a data breach response plan. Office of the Australian
Information Commissioner.
OAIC. (2017). Self-assessment checklist: Privacy obligations under the Data Retention
Scheme. Office of the Australian Information Commissioner.