Data Security (The very way you can grade the personal information!!)

Data Security & Privacy: Lock the Door and Shout It Out!

This is 3rd ingredient out of 5

1     Why Is This Important?

2     Privacy: A Different Flavor of Protection

3     The Treasure We Must Protect: What Kind of Data Are We Handling?

To maintain strong security and privacy, we first need to understand what data we are dealing with.

Think of it like organizing a safe—before you lock it, you need to know what valuable items are inside. If you don’t know what you’re protecting, how can you keep it safe?

I once knew a company that thought, “We only store names and phone numbers.” But when they actually reviewed their data, they were shocked to discover they also had credit card numbers stored in their system. They had no idea they were handling such sensitive financial data!

So, let’s break down the different types of personal data that organizations typically handle.

4     Common Types of Personal Data

1. General & Contact Information

• What it includes: Name, date of birth, phone number, email, address, membership number, workplace details.
• Why it’s important: This is the basic data used to identify and contact customers. (“Who is this person? How do we reach them?”)

2. Service Usage Information

• What it includes: Service usage history, customer ID, passwords, IP addresses, login records.
• Why it’s important: Helps track user behavior and manage account security. (“When did this person log into our system?”)

3. Transaction & Payment Information

• What it includes: Credit card numbers, bank account details, payment history.
• Why it’s important: Used for purchases and financial tracking. (“What did this customer buy?”)

4. Online Product & Service Data

• What it includes: Shipping details, service usage records.
• Why it’s important: Helps with order fulfillment and service management. (“Where should this product be shipped?”)

5. Identity Verification & Authentication Data

• What it includes: ID numbers (passport, driver’s license, national ID), verification codes.
• Why it’s important: Ensures user identity and prevents fraud. (“Is this person really who they claim to be?”)

6. Customer Support & Inquiry Data

• What it includes: Customer service interactions, inquiries, complaints.
• Why it’s important: Helps track and resolve customer issues. (“What problems has this customer reported?”)

7. Linked Service & Social Media Information

• What it includes: Linked social media accounts, third-party logins (Facebook, Google).
• Why it’s important: Manages single sign-on (SSO) access and integrations. (“This user logged in via Facebook.”)

8. Special Case Data

• What it includes: Guardian details for minors, family relationship data.
• Why it’s important: Used in special cases where legal or guardian approval is required. (“This user is underage—do they have a guardian’s consent?”)

My friend Jake once thought, “As long as I protect names and phone numbers, that’s enough.” But when I asked him,
“What about payment details? Shipping information?”
He suddenly realized:
“Wait… this is all sensitive data too! We need to secure everything.”

5     Why This Matters

Before we even start implementing security and privacy measures, we must first organize and classify our data. Once we know what we’re dealing with, we can create the right protection strategies.

6     Classifying Your Treasures: What’s Level 1 vs. Level 2 Data?

Now that we know what kinds of data we’re handling, the next step is to classify them by sensitivity.

Think of it like organizing your valuables:

Some belong in a safe (highly sensitive data).
Others can go in a drawer (less sensitive, but still important).

Personal data should be categorized into two levels to make management easier.

6.1    Level 1 Personal Data: “Lock It in the Vault!”

Level 1 data is highly sensitive—if exposed, it can cause serious harm. This information must be locked away, just like you would secure gold or diamonds in a safe.

6.1.1     What qualifies as Level 1 data?

o Authentication Information

• Passwords, biometric data (fingerprints, iris scans).
• “If this gets stolen, I’m doomed!”

o Identity Documents & National IDs

• Social security numbers, driver’s licenses, passports, alien registration numbers.
• “If someone gets this, they know exactly who I am.”

o Financial Information

• Bank account numbers, credit card numbers.
• “If this leaks, my money is gone.”

o Location Data

• Real-time tracking, GPS location history.
• “This reveals exactly where I am right now.”

6.1.2     Example

My friend Jake once asked, “Are credit card numbers really that sensitive?”
I told him, “Of course! If this leaks, your customers will be furious.”
That’s when he realized, “I need to protect this like a treasure!”

Bottom line: Level 1 data must be strictly secured, encrypted, and restricted to authorized personnel only.

6.2    Level 2 Personal Data: “Keep It in a Locked Drawer”

Level 2 data isn’t as critical as Level 1, but it still requires protection. It’s like keeping important documents in a locked drawer—not as extreme as a vault, but you still wouldn’t leave it lying around.

6.2.1     What qualifies as Level 2 data?

o Email Addresses

• “Getting spammed is annoying.”

o Names

• “I don’t want my name being used everywhere.”

o Addresses

• “I don’t want strangers showing up at my door.”

o Phone Numbers

• “Getting unwanted calls is frustrating.”

o User ID & Other Identifiers

• Data that can be used to infer someone’s identity.

6.2.2     Example

A store owner once thought, “It’s just a phone number, no big deal.”
But after receiving customer complaints about spam calls, he realized:
“Even Level 2 data can cause trouble if mishandled!”

Bottom line: Level 2 data must still be protected to prevent annoyances, fraud, or minor privacy violations.