This is continuous post from Data Security & Privacy is important
1 Encryption: Locking Up Your Treasures
How do we protect our data treasures? Encryption is the answer!
Encryption is like putting a lock on your valuables. Even if someone steals your data, they won’t be able to open it without the key.
Hackers should look at your encrypted data and say,
💭 “What is this gibberish? I can’t use this!”
Now, let’s break down how to encrypt different types of data based on sensitivity levels.
1.1 Level 1 Data: Lock It Up Everywhere!
Level 1 data is highly sensitive, meaning it must be encrypted at all times to prevent leaks.
What Needs Encryption?
o Passwords
o Biometric Data (fingerprints, iris scans)
o National ID numbers (social security, driver’s license, passport)
o Financial information (bank accounts, credit card numbers)
o Location data
How to Encrypt Level 1 Data:
o Database (DB) Storage – Encryption is mandatory when storing this data.
- “Even if the database is hacked, the data will remain unreadable!”
o File Storage (Server/PC) – Encryption is required for storage on servers or personal devices.
- “Even if someone copies the file, they won’t be able to open it.”
o Internal Transfers – Restrict access to authorized users only.
- “Only the right people should see this!”
o External Transfers – Encryption is required when sending data outside the company.
- “Emails must be encrypted—no exceptions!”
1.2 Level 2 Data: Lock It When Necessary!
Level 2 data is less sensitive, but still requires protection based on the situation.
What Needs Encryption?
o Email addresses
o Names
o Home addresses
o Phone numbers
o User ID information
How to Encrypt Level 2 Data:
o Database (DB) Storage – Encryption is optional; instead, access should be restricted.
- “Only authorized users can access this data.”
o File Storage (Server/PC) – Encryption is required for personal devices or removable storage.
- “USB drives must be encrypted to prevent unauthorized access.”
o Internal Transfers – Access control is enough, but encryption might be required if laws change.
- “For now, access control is fine, but encryption might be needed in the future.”
o External Transfers – Encryption is required when sending data outside the company.
- “Emails containing personal data should always be encrypted.”
| Data Level | DB Storage | File Storage | Internal Transfers | External Transfers |
| Level 1 (Sensitive Data) | Encryption Required | Encryption Required | Access Control | Encryption Required |
| Level 2 (General Data) | Access Control | Encryption Required | Access Control | Encryption Required |
2 Protecting Company Secrets: Securing Confidential Information
Data security and privacy aren’t just about personal information—they also cover company secrets.
Think of it like this: It’s not just about protecting customer data; it’s also about guarding your company’s confidential assets.
If sensitive business information leaks, it could harm your company’s reputation, finances, and competitive advantage.
Now, let’s categorize confidential information based on its sensitivity level.
2.1 Level 1: Secret (Top Confidential Data)
This is the highest level of confidentiality—data that only a small, select group of people can access. If leaked, it could be disastrous for the company.
Examples of Secret Data:
o Strategic Business Plans & Executive Decisions
- “If this gets out, competitors will know our next move!”
o Company Reputation & Image-Related Documents
- “A leak could seriously damage our brand.”
o Executive Personal Data
- Salaries, performance reviews, and other highly private information.
o Competitive Intelligence (Pricing, Market Strategy, R&D Plans)
- “If competitors get their hands on this, we’re in trouble!”
Example
Jake once asked, “Is our business strategy really that sensitive?”
I told him, “Of course! If your competitor sees your pricing strategy, they’ll undercut you.”
Jake realized, “I need to lock this up like a treasure!”
Lesson: Secret-level data must be stored in a highly secure environment, with strict access controls and encryption.
2.2 Level 2: Confidential (Internal-Use Only Information)
Confidential information isn’t as critical as Secret data, but it should not be shared publicly. It should be available only to specific departments or authorized personnel.
Examples of Confidential Data:
o Mid-to-Long-Term Business Plans
- Sales strategies, expansion plans.
o Financial Reports
- Profit and loss statements, cost analysis.
o HR & Employee Records
- Recruitment plans, performance evaluations.
o Contracts & Legal Information
- Vendor agreements, pending lawsuits.
Example
A company once underestimated the importance of financial confidentiality. They didn’t mind if financial reports leaked—until a major supplier used that information to renegotiate prices!
That’s when they learned:
“Even financial data needs protection.”
Lesson: Confidential data must be accessible only to the right departments and should never be shared externally without approval.
2.3 Level 3: General (Internal Information That Requires Caution)
This is not highly sensitive, but it still shouldn’t be shared freely. Before releasing this data externally, it must be reviewed and approved by a manager.
Examples of General Data:
o Internal Work Documents & Project Reports
o Operational Guidelines & Standard Procedures
Example
Jake once said, “It’s just a general business report. No big deal.”
But later, an unauthorized external release of an internal document led to misinterpretations and confusion among clients.
Now, he makes sure all internal documents get approval before sharing externally.
Lesson: Even general company data should be handled with care to prevent miscommunication or unintended consequences.
| Category | Sensitivity | Access Scope | Examples |
| Secret (Top Confidential) | 🔥 Extremely Sensitive | Only a select few | Business strategies, executive salaries, competitive intelligence |
| Confidential (Restricted Access) | ⚠️ Important but less critical | Specific departments & roles | Financial reports, employee records, contracts |
| General (Internal Use Only) | ✅ Low sensitivity but still private | Internal staff (approval needed for external sharing) | Internal project reports, operational guidelines |