A few days ago, a controversy broke out over “the new politics of privacy and terms and conditions of use” of WhatsApp. We aren’t looking to defend the social media network or harm it, but here at Xira the security of companies and their clients is a priority. With this situation the best is to explain what happened with the data and where they may be affected.
How to manage personal data in businesses and how to protect them?
Personal data could be considered as the minimum relationship of two pieces of information that identify a person. You, as a user, have the right to pick which data to give, which data could be circulated, and to whom to give it to. Data privacy refers to how as a business, you have the obligation to say what will happen with the data and how you will protect it from third parties.
Usually the data is used by businesses to optimize or make more efficient areas like marketing, sales, payments, customer service and security. With data they are able to understand and segment customers, and have a panoramic view to make decisions and improve customer experience.
Unfortunately in Mexico there exists a lot of fraud risk due to bad data usage. Imagine that the agent of a telephone company communicates with you to tell you that he has completed a request for portability to another company, which is false, and then asks you for your data to cancel the request. After some time, the portability change has been completed without being authorized by you. What happened? You gave away your data to someone and they used your data in an inappropriate way. The agent lied to you about his role and where he worked.
The greatest risk that organizations have is the employees themselves, who by capturing the information could manipulate it and use it in a detrimental way. As a business you can use machines to optimize the processing of information and at the same time provide better security. The human component could interpret, analyze and understand what the consumer wants, but seeing it through a generalization and without intervening in the personal data.
In addition, if as a business you count on encrypted systems and secure algorithms, the data stays in more secure infrastructure (and not in one place) and you just ask for the necessary information, then the data will be better protected for you and your consumers.
How to know how secure the use of my personal data is?
The first place you should pay attention to is your telephone, since it is there where your data is the most vulnerable, but you can protect the data if you know the configuration of the device. Everyone has the privacy section and usually by factory default some permissions are turned on, especially those of location, in the case of the iPhone you can search in: Settings > Privacy > Location Services > System Services.
Furthermore, there are regulations where businesses have (or would have) the obligation to say how they treat data, and that’s why you find a privacy notice everywhere. If you spend time reading these sections, you will see that some businesses are more secure than others.
Another recommendation is to find out if the company to which the data will be provided has a current data protection certification. The most simple way to do this is ask the business directly (if it doesn’t have the certifications on its website), otherwise, you can check in the data bases of the certificacion businesses to see if the company is in it (although this isn’t always available for the general public). Some relevant certificates are those provided by ISO, PCI DSS Compliant, and HITACHI Inspire the Next, among others.
If the provided data aren’t used in the correct way, in Mexico they are protected by ARCO rights (Access, Rectification, Cancelation, and Opposition) and you can file a complaint with the INAI (National Institute of Transparency, Access to Information, and Personal Data Protection), and the business will have to pay a fine according the the seriousness of the crime. You can file the complaint in the website: https://www.datospersonales.org.mx/
Maybe in the near future thanks to these controversies, businesses and governments decide to think more about the terms and conditions of use of personal data, with more severe punishments for those who violate data protection. In the meantime, we must be more cautious about which businesses we give our information, making sure that they fulfil their ethical and professional policies. “Data are the most valuable assets for a company.”