Week 3: Discussion: Policy Mandates: US vs European Approaches to Privacy Laws

Red Clay Renovation must always use safe business practices and safeguard the privacy of its client’s data. Periodic internal audits may reveal whether or not a corporation adheres to the directives and recommendations of the policy (Taylor, 2023). This succinct policy statement outlines how we adhere to the Payment Card Industry Data Security Standard, which is intended to safeguard the personal information of companies that accept credit card payments from their customers.

Privacy by Design

Privacy by Design is a principle that requires organizations to consider privacy from the outset of the design and development of products and services. This means that privacy should be integrated into the technology itself, rather than handled. The EU requires that organizations implement Privacy by Design when processing personal data, as it is seen as an effective way to reduce privacy risks.

The Payment Card Industry Data Security Standard, or PCI DSS for short, was developed by Visa, MasterCard, Discover, and American Express in 2004. Only a portion of the six broad objectives—collectively creating a basic norm for the treatment of customer data—is the subject of today’s briefing. One of these goals is: The Payment Card Industry Data Security Standard, which is very important to the firm, lays out in detail the security model, the data that must be safeguarded, and the processes that must be followed to ensure compliance.

Right to be Forgotten

The Right to be Forgotten is a right that allows individuals to request that their personal data be deleted. The EU introduced this right in its General Data Protection Regulation (GDPR), which took effect in May 2018. This right applies when an individual’s personal data is no longer necessary for the purpose for which it was collected or processed, or if the individual withdraws their consent.

On the network that oversees and carries out customer transactions by the Payment Card Industry Data Security Standard, dependable firewalls that do not cause issues for cardholders or suppliers must be installed (Martin et al.,2023). Additionally, the vendor’s default PINs and passwords will not be used on the customer-facing website; instead, users will be able to modify this information in a simple and standardized way. Anti-virus, anti-spyware, and other anti-malware software will be put on the PCs to protect them against exploits and bad actors, and they will all be kept updated as part of regular maintenance. This will ensure that vulnerabilities are fixed and stop backdoors from being used, which might lead to the loss or alteration of sensitive client information.

Depending on the circumstances of how a corporation intends to use personally identifiable information for commercial reasons, what information has to be secured may differ significantly. This database contains personal data, including names, phone numbers, email addresses, and dates of birth. Effective data encryption is essential to preventing hackers from accessing certain types of data without authorization and utilizing it for their own financial benefit. Our company model depends heavily on collecting credit card payments. Therefore, we must ensure that all of our client’s personal information is kept secure and that we abide by all relevant laws and rules.

Right to be Informed

The Right to be Informed requires organizations to inform individuals about their data privacy practices. This includes information about the types of data being collected, how the data will be used, and how long the data will be retained. Organizations must also provide individuals with information about their rights, such as the Right to be Forgotten.

Businesses and the private sector in the United States are accountable for abiding by the relevant executive policy guidelines that govern corporate activity (Hendler, 2023). The IT Governance Board is responsible for ensuring that the company’s consumer interactions and data-collecting procedures adhere to the standards that encourage customers to feel comfortable utilizing the services provided.

Red Clay Renovations should consider the following best practices for privacy protection:

Implement Privacy by Design principles in all product and service development processes.

Establish a data retention policy that aligns with the Right to be Forgotten.

Provide clear and concise privacy notices to individuals, in accordance with the Right to be Informed.

Conduct regular privacy impact assessments to identify potential privacy risks and ensure that privacy risks are mitigated.

References

Erforth, B., & Martin-Shields, C. (2023). Where Privacy Meets Politics: EU–Kenya Cooperation in Data Protection. In Africa–Europe Cooperation and Digital Transformation (pp. 142–155). https://www.taylorfrancis.com/chapters/oa-edit/10.4324/9781003274322-10/privacy-meets-politics-benedikt-erforth-charles-martin-shields .

Hendler, J. A. (2023). The future of the Web. In The Internet and Philosophy of Science (pp. 71-83). https://www.taylorfrancis.com/chapters/edit/10.4324/9781003250470-4/future-web-james-hendler

Taylor, L. (2023). Data justice, computational social science, and policy. In Handbook of computational social science for policy (pp. 41–56). Cham: Springer International Publishing. https://link.springer.com/chapter/10.1007/978-3-031-16624-2_3 .