Posts

Showing posts with the label PBD

Information Security: Defining Cookies

A Cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies allow a website to recognize a user’s device. Cookies are categorized in two ways, the extent of data they store and the website that places the cookie on the user's device. A session cookie is one which is erased when the user closes the browser. Session cookies are considered to be less privacy intrusive than persistent cookies because they expire after a browser session so would not be stored longer term. For example, session cookies can be used for security when a user is accessing internet banking or to facilitate use of webmail. Persistent cookies differs from a session cookies. A persistent cookie remains on the user's computer/device for a pre-defined period of time. Persistent cookies are stored on a users’ device in between browser sessions which allows the preferences or actions of the user across a site (or in some cases across di...

Sample Privacy Risk Assesment Example and Explanation

Image
Privacy impact assessments (PIAs) are a tool that can be used to identify and reduce privacy risks. A PIAs can reduce the risks of harm to individuals by preventing the misuse of their personal information. PIAs are an integral part of taking a privacy by design ( PbD ) approach. They are used to design more efficient and effective processes for handling personal data. The use of PIAs is not something new, in fact the process has been used by a number of companies, entities and governments for over forty years now.  The PIA was created by the United States Office of Technology Assessment. The U.S. office of Management and Budget (OMB) publishes guidance on the implementation the privacy provisions by Federal Agencies under E-Government Act of 2002, including when to conduct a PIA. Under GDPR,  PIAs have become a centerpiece and necessary in certain situations. A PIA must be completed if a company is doing one of the following: Data controller or the data pr...