What steps will you take to maintain best the confidentiality of the collected data?

What steps will you take to maintain best the confidentiality of the collected data?

 

Collected data

 

Collected data

Collected data  is very important. Data collection is  the process of collecting and measuring information about specific variables in an established system, which then allows relevant questions to be answered and results to be evaluated. Data collection is a component of research in all fields of study, including the  physical  and  social sciences ,  humanities and business . While methods vary by discipline, the emphasis on ensuring accurate and honest collection remains the same. The goal of all data collection is to capture quality evidence that will allow analysis to lead to the formulation of compelling and credible answers to the questions that have been posed. What is meant by privacy?

The ‘right to privacy’ refers to being free from intrusions or disturbances in one’s private life or personal affairs. All research should outline strategies to protect the privacy of the subjects involved, as well as how the researcher will have access to the information.

The concepts of privacy and confidentiality are related but are not the same. Privacy refers to the individual or subject, while confidentiality refers to the actions of the researcher.

Informed consent

There are many ways to obtain consent from your research subjects. The form of consent affects not only how you conduct your research, but also who can have access to the personal data you hold.

It is called  informed consent , when before obtaining consent, the research subject is described what is going to be done with their data, who will have access to it and how it will be published.

When deciding which form of consent to use, it is worth considering who needs access to personal data and what needs to be done with the data before it can be shared publicly or with other researchers.

Anonymized data does not require consent to share or publish, but it is considered ethical to inform subjects about the use and destination of the data.

Confidentiality

Confidentiality   refers to the researcher’s agreement with the participant about how private identifying information will be handled, administered, and disseminated . The research proposal should describe strategies for maintaining the confidentiality of identifiable data, including controls over the storage, manipulation, and sharing of personal data.

To minimize the risks of disclosure of confidential information, consider the following factors when designing your research:

  • If possible, collected data the necessary data without using personally identifiable information.
  • If personally identifiable information is required, de-identify the data after collection or as soon as possible.
  • Avoid transmitting unencrypted personal data electronically.

Other considerations include retaining original collection instruments, such as questionnaires or interview recordings. Once these are transferred to an analysis package or a transcription is made and the quality is assured or validated, there may no longer be a reason to retain them.

Questions about what data to retain and for how long should be planned in advance and within the context of your abilities to maintain the confidentiality of the information.

The Data Protection Law arises as a need to protect all the information that is currently being used, and aims to safeguard the confidentiality of people and their data.

If you want to safeguard personal data, emails and other types of information, various measures can be taken to increase security levels. Next,  three methods will be described to protect the confidentiality of information,  which can be used in both personal and work settings.

Data encryption

Data encryption is  not a new concept, in history we can go to the ciphers that Julius Caesar used to send his orders or the famous communication encryption enigma machine that the Nazis used in the Second World War.

Nowadays,  data encryption  is one of the most used security options to protect personal and business data.

Data encryption  works through mathematical algorithms that convert data into unreadable data. This encrypted data consists of two keys to decrypt it, an internal key that only the person who encrypts the data knows, and a key

external that the recipient of the data or the person who is going to access it must know.

Data encryption can be used   to protect all types of documents, photos, videos, etc. It is a method that has many advantages for information security.

 

Data encryption

Advantages of data encryption

  • Useless data : in the event of the loss of a storage device or the data is stolen by a cybercriminal, data encryption allows said data to be useless for all those who do not have the permissions and decryption key.
  • Improve reputation : companies that work with encrypted data offer both clients and suppliers a secure way to protect the confidentiality of their communications and data, displaying an image of professionalism and security.
  • Less exposure to sanctions : some companies or professionals are required by law to encrypt the data they handle, such as lawyers, data from police investigations, data containing information on acts of gender violence, etc. In short, all data that, due to its nature, is sensitive to being exposed, therefore requires mandatory encryption, and sanctions may be generated if it is not encrypted.

Two-step authentication

Online authentication is   one of the simplest, but at the same time most effective, methods when it comes to protecting online identity. By activating two-step authentication for an account, you are adding another layer of security to it.

This method double checks access to the account, verifying that it is the true owner who is accessing it. Firstly, the traditional username and password method will be introduced, which once verified, will send a  code to the mobile phone  associated with the account, which must be entered to access it.

This method ensures that in addition to knowing the account username and password, you must be in possession of the associated mobile phone to be able to access it.

Currently, there are many platforms that allow you to activate this service to access them, such as Google, Facebook or Apple. They are also widely used in the video game sector, which is very prone to identity theft. Massive games like World of Warcraft or Fornite allow you to use  two-step authentication.

Although it is a very efficient system when it comes to protecting the  confidentiality of information , many users are reluctant to activate it, since the dependence on the mobile phone or simply adding one more step in authentication puts them off. backwards.

Username and Password ID

One of the traditional protection methods and no less effective, is the activation of  username and password.  It consists of creating a user identity and adding a linked password to it, without which it is impossible to access the account or platform.

To use email, access online platforms, etc., we are accustomed to using this  security method  when accessing them. That is why it is important to install this type of access in the operating systems of the computers we use, only allowing access to the equipment to those who know the username and its linked password.

It is important to create a method to recover  or change the password,  in case you forget it or suspect that the user account may be compromised by third parties. Normally, platforms use various methods to perform this recovery, such as linking to another email account or a mobile phone number, using a secret question whose answer only the user knows, etc.

Data protection example

These three methods presented are not exclusive, in fact, the ideal is to use them all together to make the protection of the confidentiality of the information more effective.

Data protection example

We can see the use of the three methods with this simple example:

We are going to send a report to the personnel manager, which includes the profiles selected in the last job interviews. We are dealing with information that must be protected to prevent it from being exposed or stolen.

To send the email, we access our computer and enter our username and password (username and password ID method). To the report, which we have in a PDF text file, we add a password using the PDFelement software (data encryption method).

To send the email, we access our Gmail account, where we enter our username and password, we receive a code on the mobile phone, which we enter to access the account (2-step authentication method ) . We compose the email for the chief of staff and attach the previously encrypted PDF file. Before sending the email, we activate Secure Mail encryption, an extension for Google Chrome that encrypts and decrypts emails sent with Gmail ( data encryption method) . We proceed to send the email.

Finally, using Whatsapp, we send  the  PDF encryption key to the chief of staff (he also uses Secure Mail to access his Gmai account), who can access the sent file securely. We use a platform other than Gmail to send the encryption password, to increase the level of security.

As we have seen, we can use various methods, both to protect the privacy of identities and the confidentiality of data. combined use of all methods  offers greater guarantees that the data travels safely through the network until it reaches the recipient.

Table of Contents