Security And Privacy - Overview

Updated: 2020-10-19

Legal vs Compliance vs Security vs Privacy

• Legal: What can we do
• Compliance: What must we do
• Security: How can we do it
• Privacy: What should we do

Be careful about special types of data

• Accelerometer: detects acceleration by vibration, so it can be a kind of microphone to record user's voice.
• Timestamp: if it is down to milliseconds, it may be used as a join key to link to other datasets.

Wipeout vs Takeout

• Wipeout: all data related to the user will be removed. The right to be forgotten.
• Takeout: all data related to the user can be downloaded. Also serves the purpose of transparency: users know what we know about them.

Regulartions / Standards

• GDPR: General Data Protection Regulation (EU)
• HIPAA: Health Insurance Portability and Accountability Act. (US)
• PCI-DSS: Payment Card Industry Data Security Standard
• CCPA: California Consumer Privacy Act, similar to GDPR.