Cloud Computing Report: Privacy and Data Strategy for DAS - Analysis
VerifiedAdded on 2022/10/17
|24
|7085
|19
Report
AI Summary
This report addresses the privacy and data strategy for the Department of Administrative Services (DAS), an Australian state government department transitioning to a shared services model using cloud computing. The report outlines the need for a privacy strategy to manage personal information securely within a centralized database, considering the use of a SaaS application for HR and personnel management. It proposes strategies for managing personal information, including data collection, use, and disclosure, along with secure digital identity management and data access controls. The report also identifies and recommends controls for mitigating privacy risks associated with cloud usage, such as loss of data control and the use of unsecure devices. Furthermore, it develops a strategy for personal data protection, focusing on authorized access, data security, and the implementation of recommended controls to ensure data confidentiality and integrity. The report emphasizes the importance of authentication, encryption, and adherence to privacy policies to safeguard personal data within the shared services environment.
Running head: CLOUD COMPUTING
Cloud Computing
Name of Student
Name of University
Author Note
Cloud Computing
Name of Student
Name of University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
CLOUD COMPUTING
Table of Contents
Introduction..........................................................................................................................2
1. Privacy Strategy for Personal Data..................................................................................3
2. Recommended Privacy Controls.....................................................................................6
2.1. Control for Mitigation of Privacy Risks...................................................................6
2.2. Implementation of Privacy Strategy.........................................................................8
3. Personal Data Protection Strategy...................................................................................8
3.1. Protection of Personal Information...........................................................................9
3.2. Authorised access and Disclosure of Personal Information...................................11
3.3. Use of Personal Digital Identities...........................................................................13
4. Recommended Personal Data Protection Controls........................................................14
4.1. Mitigation of Data Security Risks..........................................................................14
4.2. Implementation of Personal Data Protection Strategy............................................16
Conclusion.........................................................................................................................17
References..........................................................................................................................19
CLOUD COMPUTING
Table of Contents
Introduction..........................................................................................................................2
1. Privacy Strategy for Personal Data..................................................................................3
2. Recommended Privacy Controls.....................................................................................6
2.1. Control for Mitigation of Privacy Risks...................................................................6
2.2. Implementation of Privacy Strategy.........................................................................8
3. Personal Data Protection Strategy...................................................................................8
3.1. Protection of Personal Information...........................................................................9
3.2. Authorised access and Disclosure of Personal Information...................................11
3.3. Use of Personal Digital Identities...........................................................................13
4. Recommended Personal Data Protection Controls........................................................14
4.1. Mitigation of Data Security Risks..........................................................................14
4.2. Implementation of Personal Data Protection Strategy............................................16
Conclusion.........................................................................................................................17
References..........................................................................................................................19
2
CLOUD COMPUTING
Introduction
DAS (The Department of Administrative Services), is known for delivering services in
several departments under the state government of Australia. The services offered by DAS
encompasses payroll services, contact tendering, management of the contractors and
management of the procurement. DAS have been providing all these services through their own
data centres. However, in relation to modification in existing policy, DAS needs to move to a
“Shared service” method by centralizing all the services offered by DAS. This indicates that each
department under DAS needs to transfer their data to DAS servers. This is needed so that the
data can be tracked and managed centrally. The migration to a centralized database is further
linked with a policy defined by government that mandates a “cloud first” method of data
processing and procuring the software services. For that, a HR and an application for personnel
management is obtained from a company in US. The configuration, processing and updates will
be handled by the processing centre situated in Bangalore India. The centralised database will
provide a complete access to the information related to HR management and Performance
management to the employees through a link that is placed on DAS intranet. The information
and data access will be authenticated by the use of the digital ID of DAS.
The report aims in preparation of a strategy correlated to personal information and
strategy for privacy data security for DAS. The report will be presenting the proposal of privacy
strategy for the use of DAS. The strategy will encompass effective administration of personal
information that encompasses the collection and also managing of the solicited personal and
confidential information. The policy will address the secure use of the personal information of
the staffs and will look after the security of that information while it is being disclosed. The use
of SaaS cloud is associated with a certain amount of privacy risk that is needed to be addressed
CLOUD COMPUTING
Introduction
DAS (The Department of Administrative Services), is known for delivering services in
several departments under the state government of Australia. The services offered by DAS
encompasses payroll services, contact tendering, management of the contractors and
management of the procurement. DAS have been providing all these services through their own
data centres. However, in relation to modification in existing policy, DAS needs to move to a
“Shared service” method by centralizing all the services offered by DAS. This indicates that each
department under DAS needs to transfer their data to DAS servers. This is needed so that the
data can be tracked and managed centrally. The migration to a centralized database is further
linked with a policy defined by government that mandates a “cloud first” method of data
processing and procuring the software services. For that, a HR and an application for personnel
management is obtained from a company in US. The configuration, processing and updates will
be handled by the processing centre situated in Bangalore India. The centralised database will
provide a complete access to the information related to HR management and Performance
management to the employees through a link that is placed on DAS intranet. The information
and data access will be authenticated by the use of the digital ID of DAS.
The report aims in preparation of a strategy correlated to personal information and
strategy for privacy data security for DAS. The report will be presenting the proposal of privacy
strategy for the use of DAS. The strategy will encompass effective administration of personal
information that encompasses the collection and also managing of the solicited personal and
confidential information. The policy will address the secure use of the personal information of
the staffs and will look after the security of that information while it is being disclosed. The use
of SaaS cloud is associated with a certain amount of privacy risk that is needed to be addressed
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
CLOUD COMPUTING
(Ahmed & Hossain, 2014). The report will recommend certain controls for addressing of the
privacy risks of using SaaS cloud. In this context, a privacy strategy will be proposed that can be
implemented to safeguard of confidentiality of the data. The report further aims in developing a
strategy for DAS related to personal data protection that will enable in enforcing authorised
usage and exposure of the private data. It will further help in security of the personal data. The
use of cloud is linked with certain amount of data security risks. The report aims in
implementation of a proper strategy for securing personal data. In the following paragraphs the
privacy strategy linked with the personal data usage, recommendation for privacy control,
strategy for protection of private data and recommendations for personal data controls are
discussed.
1. Privacy Strategy for Personal Data
This section of the report aims in developing a proposal for privacy process in DAS. It is
necessary to develop a privacy strategy for DAS as this department provides several services to
different departments in Australian state government and privacy of the data of the customers is
the foremost consideration of this department. The movement of DAS to a shared services
approach increases the privacy risks linked with storage and access of the data from a centralized
database (Rao & Selvamani, 2015). The privacy strategy that is being proposed for DAS will
help in effective administration of the personal data that is kept in the centralized database. The
strategy aims in enforcing security in storage and access of personal information. This privacy
proposal is needed as data privacy is one significant challenge faced by the organization making
use of a cloud model. While making use of a shared service, it is quite obligatory to manage and
safeguard the personal data associated with the staffs and employees of an organization (Shaikh
& Sasikumar, 2015). The privaate information access should strictly be constrained to the
CLOUD COMPUTING
(Ahmed & Hossain, 2014). The report will recommend certain controls for addressing of the
privacy risks of using SaaS cloud. In this context, a privacy strategy will be proposed that can be
implemented to safeguard of confidentiality of the data. The report further aims in developing a
strategy for DAS related to personal data protection that will enable in enforcing authorised
usage and exposure of the private data. It will further help in security of the personal data. The
use of cloud is linked with certain amount of data security risks. The report aims in
implementation of a proper strategy for securing personal data. In the following paragraphs the
privacy strategy linked with the personal data usage, recommendation for privacy control,
strategy for protection of private data and recommendations for personal data controls are
discussed.
1. Privacy Strategy for Personal Data
This section of the report aims in developing a proposal for privacy process in DAS. It is
necessary to develop a privacy strategy for DAS as this department provides several services to
different departments in Australian state government and privacy of the data of the customers is
the foremost consideration of this department. The movement of DAS to a shared services
approach increases the privacy risks linked with storage and access of the data from a centralized
database (Rao & Selvamani, 2015). The privacy strategy that is being proposed for DAS will
help in effective administration of the personal data that is kept in the centralized database. The
strategy aims in enforcing security in storage and access of personal information. This privacy
proposal is needed as data privacy is one significant challenge faced by the organization making
use of a cloud model. While making use of a shared service, it is quite obligatory to manage and
safeguard the personal data associated with the staffs and employees of an organization (Shaikh
& Sasikumar, 2015). The privaate information access should strictly be constrained to the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
CLOUD COMPUTING
intended individual to address the privacy issues. Proper authentication prior to data access
should be enforced to ascertain that the data is being addressed by the intended audience only.
The privacy strategy proposal for DAS are documented as follows-
a) Management of Personal Information: This is one of the most integral considerations
of the strategy for privacy (Latif et al., 2014). The administration of the personal data involves
restriction of the data use and access to the intended individual. Since the entire data processing
will be managed by the cloud vendors’ processing centre, the confidentiality of the personal
information might be at risk. The strategy is to enforce identity and access management
controls to ascertain that only the intended users are accessing the data that too from the
approved devices only (Jouini & Rabai, 2019). The identity management control will eliminate
the chances of any illegal data access thus managing the private data that is kept in DAS.
b) Collecting and Managing solicited Personal Information: collection of the personal
data is one of the business needs of DAS. However, the gathering of the solicited private data
should be subjected to the individual’s consent. The strategy is to let the person know about the
real need of collection of personal data, its intended use and the process in which the privacy of
the collected data will be maintained (Cuzzocrea, 2014). Furthermore, the collected private data
should be kept in an encrypted manner and should be subjected to proper access control so that it
can be accessed only by the intended audience.
c) Use and Disclosure of Personal Information: Disclosing any private data to any
unintended person should be completely restricted (Kalaiprasath, Elankavi & Udayakumar,
2017). The private information usage should be constrained only for the use of individual and for
authenticating the identity of the individual. The storage of the personal information over the
CLOUD COMPUTING
intended individual to address the privacy issues. Proper authentication prior to data access
should be enforced to ascertain that the data is being addressed by the intended audience only.
The privacy strategy proposal for DAS are documented as follows-
a) Management of Personal Information: This is one of the most integral considerations
of the strategy for privacy (Latif et al., 2014). The administration of the personal data involves
restriction of the data use and access to the intended individual. Since the entire data processing
will be managed by the cloud vendors’ processing centre, the confidentiality of the personal
information might be at risk. The strategy is to enforce identity and access management
controls to ascertain that only the intended users are accessing the data that too from the
approved devices only (Jouini & Rabai, 2019). The identity management control will eliminate
the chances of any illegal data access thus managing the private data that is kept in DAS.
b) Collecting and Managing solicited Personal Information: collection of the personal
data is one of the business needs of DAS. However, the gathering of the solicited private data
should be subjected to the individual’s consent. The strategy is to let the person know about the
real need of collection of personal data, its intended use and the process in which the privacy of
the collected data will be maintained (Cuzzocrea, 2014). Furthermore, the collected private data
should be kept in an encrypted manner and should be subjected to proper access control so that it
can be accessed only by the intended audience.
c) Use and Disclosure of Personal Information: Disclosing any private data to any
unintended person should be completely restricted (Kalaiprasath, Elankavi & Udayakumar,
2017). The private information usage should be constrained only for the use of individual and for
authenticating the identity of the individual. The storage of the personal information over the
5
CLOUD COMPUTING
centralized database should be subjected to proper authentication so that illegal access to the
same can be restricted (Kumar, Lakshmi & Balamurugan, 2015). Apart from that a privacy
policy should be enforced that will document the process in which the users of the shared
database will comply with the privacy policy linked with the managing and disclosure of the
private data and data of the users.
d) Use and security of Digital Identity: The secure usage of digital identity is an
important consideration of DAS. The strategy is to provide unique digital ID to each employee
which should be kept confidential by the employee. An employee by no means is allowed to
share his/her digital ID. A unique digital ID is created by the DAS active Directory instance
which can be effectively used for proper authorization and authentication. Another strategy for
securing the digital identity is to make use of updated antivirus software in the devices through
which the data is accessed (Sun et al., 2014). It is recommended to check all the security settings
regularly to eliminate any risk on the use and safety of digital identity.
e) Security of Personal Information: Personal data security is a key consideration of
privacy strategy of DAS mainly because it is making use of shared services (Narula & Jain,
2015). The use and access of the personal data is subjected to abiding the data and the privacy
policy of DAS. The strategy is to govern the process in which a particular data is collected,
shared and used.
f) Access to Personal Information: Personal data access is needed to be restricted so as
to prevent any kind of misuse of that information (Choo, 2014). The privacy strategy that DAS
should follow involves proper authentication so that the misuse of personal information can be
restricted. DAS should possess a proper privacy policy that all the staffs of the organization
CLOUD COMPUTING
centralized database should be subjected to proper authentication so that illegal access to the
same can be restricted (Kumar, Lakshmi & Balamurugan, 2015). Apart from that a privacy
policy should be enforced that will document the process in which the users of the shared
database will comply with the privacy policy linked with the managing and disclosure of the
private data and data of the users.
d) Use and security of Digital Identity: The secure usage of digital identity is an
important consideration of DAS. The strategy is to provide unique digital ID to each employee
which should be kept confidential by the employee. An employee by no means is allowed to
share his/her digital ID. A unique digital ID is created by the DAS active Directory instance
which can be effectively used for proper authorization and authentication. Another strategy for
securing the digital identity is to make use of updated antivirus software in the devices through
which the data is accessed (Sun et al., 2014). It is recommended to check all the security settings
regularly to eliminate any risk on the use and safety of digital identity.
e) Security of Personal Information: Personal data security is a key consideration of
privacy strategy of DAS mainly because it is making use of shared services (Narula & Jain,
2015). The use and access of the personal data is subjected to abiding the data and the privacy
policy of DAS. The strategy is to govern the process in which a particular data is collected,
shared and used.
f) Access to Personal Information: Personal data access is needed to be restricted so as
to prevent any kind of misuse of that information (Choo, 2014). The privacy strategy that DAS
should follow involves proper authentication so that the misuse of personal information can be
restricted. DAS should possess a proper privacy policy that all the staffs of the organization
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
CLOUD COMPUTING
should follow. Privacy policy is needed by DAS as a part of privacy strategy so that the access to
the same can be restricted only to the intended individual (Krishna et al., 2016). Along with that,
the personal data storage should be subjected to encryption. The information can be decrypted
only by the intended personnel thus protecting the confidentiality of the data.
g) Quality and correction of Personal Information: The personal data correction can
only be done by the intended individual (Rasheed, 2014). The strategy of correction involves
validation of the need of modifying the personal information. Followed by that, proper validation
of the identity of the individual is needed to done so that the correction is done in authenticated
manner.
The above point indicates the proposed privacy strategy for DAS. In consideration to the
administration of the privacy and confidentiality of the private data, preparing a proposal for
privacy strategy was necessary since DAS is moving to a shared service (Kalaiprasath, Elankavi
& Udayakumar, 2017). In shared service access of the information is not restricted to a particular
individual thus increasing the data and privacy risk (Duncan & Whittington, 2016). The privacy
strategy indicates that data and information confidentiality can be ascertained by encryption and
proper authentication check. However, the access of the information from shared database is
authenticated by DAS digital ID. Along with that the DAS active directory instance is used for
required authentication and authorization.
2. Recommended Privacy Controls
This part of the report will provide an idea of the privacy risks that can be faced while
making use of the shared services (Rittinghouse & Ransome, 2017). The section aims in
implementation of effective controls for addressing the identified privacy risks.
CLOUD COMPUTING
should follow. Privacy policy is needed by DAS as a part of privacy strategy so that the access to
the same can be restricted only to the intended individual (Krishna et al., 2016). Along with that,
the personal data storage should be subjected to encryption. The information can be decrypted
only by the intended personnel thus protecting the confidentiality of the data.
g) Quality and correction of Personal Information: The personal data correction can
only be done by the intended individual (Rasheed, 2014). The strategy of correction involves
validation of the need of modifying the personal information. Followed by that, proper validation
of the identity of the individual is needed to done so that the correction is done in authenticated
manner.
The above point indicates the proposed privacy strategy for DAS. In consideration to the
administration of the privacy and confidentiality of the private data, preparing a proposal for
privacy strategy was necessary since DAS is moving to a shared service (Kalaiprasath, Elankavi
& Udayakumar, 2017). In shared service access of the information is not restricted to a particular
individual thus increasing the data and privacy risk (Duncan & Whittington, 2016). The privacy
strategy indicates that data and information confidentiality can be ascertained by encryption and
proper authentication check. However, the access of the information from shared database is
authenticated by DAS digital ID. Along with that the DAS active directory instance is used for
required authentication and authorization.
2. Recommended Privacy Controls
This part of the report will provide an idea of the privacy risks that can be faced while
making use of the shared services (Rittinghouse & Ransome, 2017). The section aims in
implementation of effective controls for addressing the identified privacy risks.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
CLOUD COMPUTING
2.1. Control for Mitigation of Privacy Risks
Management of the information security risks in cloud becomes a necessity to sustain the
privacy of the stored data in the system. There are certain privacy risks and implications linked
with the cloud usage and usage of SaaS (Cayirci et al., 2014). Ineffective management of the
privacy risks linked with cloud computing can result in data security risks persisting in the
system. The identified privacy implications linked with the usage of cloud technology include,
Loss of control over the stored data, cloud vendor having the control of the data stored, use of
any device on accessing the data and data mining (Hendre & Joshi, 2015). Addressing these
major privacy risks becomes a necessity so that the risks in making use of the new services as
proposed by DAS can be mitigated. The strategy for addressing the identified privacy risks are
indicated as follows-
Loss of control over the Data: This is one most prominent privacy risk linked with the
use of SaaS. The controls that can be enforced for mitigation of the privacy risk include
maintaining transparency with the cloud vendor regarding the storage of the personal and critical
information in the cloud database (Vacca, 2016). The access to those information should be
allowed only to the personnel who is authorised for the same.
Risk of Cloud Vendor having data control: In SaaS, cloud vendor generally has an
access and control over the data stored (Sadiku, Musa & Momoh, 2014). This gives rise to a
major privacy risk as well. As a mitigation to this problem, a trusted cloud vendor is needed to be
chosen and a legal agreement should be made with the cloud vendor regarding maintaining the
data confidentiality and the confidentiality of the information stored over cloud database.
CLOUD COMPUTING
2.1. Control for Mitigation of Privacy Risks
Management of the information security risks in cloud becomes a necessity to sustain the
privacy of the stored data in the system. There are certain privacy risks and implications linked
with the cloud usage and usage of SaaS (Cayirci et al., 2014). Ineffective management of the
privacy risks linked with cloud computing can result in data security risks persisting in the
system. The identified privacy implications linked with the usage of cloud technology include,
Loss of control over the stored data, cloud vendor having the control of the data stored, use of
any device on accessing the data and data mining (Hendre & Joshi, 2015). Addressing these
major privacy risks becomes a necessity so that the risks in making use of the new services as
proposed by DAS can be mitigated. The strategy for addressing the identified privacy risks are
indicated as follows-
Loss of control over the Data: This is one most prominent privacy risk linked with the
use of SaaS. The controls that can be enforced for mitigation of the privacy risk include
maintaining transparency with the cloud vendor regarding the storage of the personal and critical
information in the cloud database (Vacca, 2016). The access to those information should be
allowed only to the personnel who is authorised for the same.
Risk of Cloud Vendor having data control: In SaaS, cloud vendor generally has an
access and control over the data stored (Sadiku, Musa & Momoh, 2014). This gives rise to a
major privacy risk as well. As a mitigation to this problem, a trusted cloud vendor is needed to be
chosen and a legal agreement should be made with the cloud vendor regarding maintaining the
data confidentiality and the confidentiality of the information stored over cloud database.
8
CLOUD COMPUTING
Use of unsecure Device: The use of SaaS provides an advantage of accessing the data
from any device. Use of any unsecure device can result in data theft and therefore, it is one
prominent privacy risk linked with cloud (Tari, 2014). As a mitigation approach of the same, the
use of unsecure devices should be completely restricted and the employees should be trained
about the need of making use of up to date antivirus in their devices to protect the confidential
information of the organization.
Data Mining: Data mining is another privacy risk that is linked with the cloud usage. It is
quite difficult to mitigate this risk (Hussain et al., 2017). The only way is to enforce encrypted
storage so that this risk can be addressed.
The above paragraphs indicate the major privacy risk that is linked with the current
system and discusses the mitigation strategies that can be applied to address those risks.
2.2. Implementation of Privacy Strategy
The above discussed privacy strategy is required to be executed in DAS to safeguard the
data privacy kept in the system (Gai et al., 2016). The employees and the staffs of the
organization needs to understand the risks linked with making use of the SaaS service and needs
to know about the mitigation strategies that can be enforced to addresses those risks (Gai, Qiu &
Zhao, 2017). Therefore, it is recommended to enforce a training program to educate the
individuals about the various processes in which the privacy risks can be mitigated. Apart from
that DAS should release and circulate a documented form of the controls and measures that have
been proposed so that each and every individual associated with the organization have an idea of
the major data control strategies linked with the organization (Kalaiprasath, Elankavi &
CLOUD COMPUTING
Use of unsecure Device: The use of SaaS provides an advantage of accessing the data
from any device. Use of any unsecure device can result in data theft and therefore, it is one
prominent privacy risk linked with cloud (Tari, 2014). As a mitigation approach of the same, the
use of unsecure devices should be completely restricted and the employees should be trained
about the need of making use of up to date antivirus in their devices to protect the confidential
information of the organization.
Data Mining: Data mining is another privacy risk that is linked with the cloud usage. It is
quite difficult to mitigate this risk (Hussain et al., 2017). The only way is to enforce encrypted
storage so that this risk can be addressed.
The above paragraphs indicate the major privacy risk that is linked with the current
system and discusses the mitigation strategies that can be applied to address those risks.
2.2. Implementation of Privacy Strategy
The above discussed privacy strategy is required to be executed in DAS to safeguard the
data privacy kept in the system (Gai et al., 2016). The employees and the staffs of the
organization needs to understand the risks linked with making use of the SaaS service and needs
to know about the mitigation strategies that can be enforced to addresses those risks (Gai, Qiu &
Zhao, 2017). Therefore, it is recommended to enforce a training program to educate the
individuals about the various processes in which the privacy risks can be mitigated. Apart from
that DAS should release and circulate a documented form of the controls and measures that have
been proposed so that each and every individual associated with the organization have an idea of
the major data control strategies linked with the organization (Kalaiprasath, Elankavi &
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
CLOUD COMPUTING
Udayakumar, 2017). Therefore, each individual needs to have an idea of the privacy risks and
their controls so that the effect of the same can be minimized.
3. Personal Data Protection Strategy
The strategy for data protection in an organization help the same in management of the
data security risks and helps in safeguarding of personal data. Data of a company is considered to
be one of the most valuable assets of an organization (Mollah, Azad & Vasilakos, 2017). A
breach of the data in the organization can led to costly, legal and financial consequences.
Therefore, it is needed for DAS to prepare proper strategy for personal data protection that can
ascertain security of the private data by ensuring proper and authorised usage of the personal
data and effective disclosure of the same. Designing and implementation of privacy and data
protection plan is necessary for protection of the data associated with the organization (Esposito
et al. 2016). In this particular part of the report a strategy for safeguarding the personal data will
be developed along with outlining the process in which access and usage to personal information
can be carried out in an authorised manner. A strategy will be developed for protecting the
personal digital identity usage.
3.1. Protection of Personal Information
Security measures are needed to be taken for protecting the personal data that is kept over
centralised database. The strategy of safeguarding the private information will help the
information in protection of the accidental damage, targeted destruction along with protection
against the unauthorised access (Gupta & Chourey, 2014). The strategy for safeguarding the
personal data are indicated as follows-
CLOUD COMPUTING
Udayakumar, 2017). Therefore, each individual needs to have an idea of the privacy risks and
their controls so that the effect of the same can be minimized.
3. Personal Data Protection Strategy
The strategy for data protection in an organization help the same in management of the
data security risks and helps in safeguarding of personal data. Data of a company is considered to
be one of the most valuable assets of an organization (Mollah, Azad & Vasilakos, 2017). A
breach of the data in the organization can led to costly, legal and financial consequences.
Therefore, it is needed for DAS to prepare proper strategy for personal data protection that can
ascertain security of the private data by ensuring proper and authorised usage of the personal
data and effective disclosure of the same. Designing and implementation of privacy and data
protection plan is necessary for protection of the data associated with the organization (Esposito
et al. 2016). In this particular part of the report a strategy for safeguarding the personal data will
be developed along with outlining the process in which access and usage to personal information
can be carried out in an authorised manner. A strategy will be developed for protecting the
personal digital identity usage.
3.1. Protection of Personal Information
Security measures are needed to be taken for protecting the personal data that is kept over
centralised database. The strategy of safeguarding the private information will help the
information in protection of the accidental damage, targeted destruction along with protection
against the unauthorised access (Gupta & Chourey, 2014). The strategy for safeguarding the
personal data are indicated as follows-
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
CLOUD COMPUTING
Identification and management of the internal and external data security threats is an
important consideration for management of the data security threats. DAS needs to draft
an advice on implementation of proper compliant contracting strategies that will help in
effective protection of the data rights along with supporting the use of data sharing
(Chou, 2015).
It is needed for the organization to conduct effective privacy and impact examination of
the major security risks so that the private data can be protected.
It is recommended to conduct privacy and impact assessment of the major security and
privacy issues so that protection of the personal data can be ascertained.
One of the most effective strategies for personal information protection is that DAS could
make use of, includes appointing a data protection officer who will be in charge of
monitoring and mapping the requirements linked to protection of personal data and
information (Kalaiprasath, Elankavi & Udayakumar, 2017).
The most effective step that can be considered to protect the privacy and confidentiality
of personal data include effective analysis of the data privacy risks persisting in the
organization (Daniel, 2014). DAS should be aware of the privacy requirements of the
organization to design effective privacy policy and security controls.
It is recommended for DAS to design and create a data privacy policy as an effective
strategy for protecting the private data. The policy can be a documented set of guidelines
for formulation of the internal and external factors linked with the objectives of the
company (Dinadayalan, Jegadeeswari & Gnanambigai, 2014). The data privacy policy
must include a proper statement related to the organizational context including the basic
data privacy rules that will help in protection of the data privacy. Clear definition of the
CLOUD COMPUTING
Identification and management of the internal and external data security threats is an
important consideration for management of the data security threats. DAS needs to draft
an advice on implementation of proper compliant contracting strategies that will help in
effective protection of the data rights along with supporting the use of data sharing
(Chou, 2015).
It is needed for the organization to conduct effective privacy and impact examination of
the major security risks so that the private data can be protected.
It is recommended to conduct privacy and impact assessment of the major security and
privacy issues so that protection of the personal data can be ascertained.
One of the most effective strategies for personal information protection is that DAS could
make use of, includes appointing a data protection officer who will be in charge of
monitoring and mapping the requirements linked to protection of personal data and
information (Kalaiprasath, Elankavi & Udayakumar, 2017).
The most effective step that can be considered to protect the privacy and confidentiality
of personal data include effective analysis of the data privacy risks persisting in the
organization (Daniel, 2014). DAS should be aware of the privacy requirements of the
organization to design effective privacy policy and security controls.
It is recommended for DAS to design and create a data privacy policy as an effective
strategy for protecting the private data. The policy can be a documented set of guidelines
for formulation of the internal and external factors linked with the objectives of the
company (Dinadayalan, Jegadeeswari & Gnanambigai, 2014). The data privacy policy
must include a proper statement related to the organizational context including the basic
data privacy rules that will help in protection of the data privacy. Clear definition of the
11
CLOUD COMPUTING
roles and responsibilities of data protection is one of the necessary steps for protection of
data privacy within an organization.
As a strategy of protection of personal information DAS will be creating a data privacy
procedure that will focus on the strategic aspects of privacy protection (Rao &
Selvamani, 2015). It will include common procedures such as taking an individual’s
consent before accessing or sharing private data of the users.
It is recommended to implement the necessary data privacy controls for mitigation,
avoiding and transferring the risk linked with use and access of the private data and
information (Hoepman, 2014). The data privacy control will include both technical and
non-technical requirements as an essential step of limiting the access to private and
personal data kept in the centralised database.
It is needed to initiate a data privacy training and awareness to the staffs so that they can
understand the most basic requirements of working with private data (Szádeczky, 2015).
The training will be imparted to all the IT staffs along with the security team.
Monitoring is an essential step for protection of personal information (Kalaiprasath,
Elankavi & Udayakumar, 2017). The continuous monitoring process can help in
identification of the major risks and issues linked with the process adopted for personal
data protection.
The above points indicate the strategy that DAS should implement for safeguarding the
private data. Monitoring of the risk that is linked with the personal information is crucial to
ascertain that the information of the users are not being used by any unauthorized individual. In
the following section, the strategy for protection of data for authorised use and exposer of the
private data are discussed.
CLOUD COMPUTING
roles and responsibilities of data protection is one of the necessary steps for protection of
data privacy within an organization.
As a strategy of protection of personal information DAS will be creating a data privacy
procedure that will focus on the strategic aspects of privacy protection (Rao &
Selvamani, 2015). It will include common procedures such as taking an individual’s
consent before accessing or sharing private data of the users.
It is recommended to implement the necessary data privacy controls for mitigation,
avoiding and transferring the risk linked with use and access of the private data and
information (Hoepman, 2014). The data privacy control will include both technical and
non-technical requirements as an essential step of limiting the access to private and
personal data kept in the centralised database.
It is needed to initiate a data privacy training and awareness to the staffs so that they can
understand the most basic requirements of working with private data (Szádeczky, 2015).
The training will be imparted to all the IT staffs along with the security team.
Monitoring is an essential step for protection of personal information (Kalaiprasath,
Elankavi & Udayakumar, 2017). The continuous monitoring process can help in
identification of the major risks and issues linked with the process adopted for personal
data protection.
The above points indicate the strategy that DAS should implement for safeguarding the
private data. Monitoring of the risk that is linked with the personal information is crucial to
ascertain that the information of the users are not being used by any unauthorized individual. In
the following section, the strategy for protection of data for authorised use and exposer of the
private data are discussed.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 24
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.