LIVING IN THE I.T.

ERA
A period that has a particular quality or character. We are living in an era in which technology is
developing very rapidly.....

Prepared by
Prof. SIDNEY BUENAVENTURA
Prof. RENZ BALDERAMA
Prof. KT. V. FORTUNY
Prof. ROBINSON E. JOAQUIN
Prof. ANN CAMILLE M. MAUPAY
Prof. MARK ANTHONY S. MERCADO
Prof. CHARITO M. MOLINA
Prof. ANTWAUN SISON
Prof. SHERLY DELA MERCED
Prof. SHE PAMINTUAN
UNIT VI: Information and Control
and Privacy
Introduction/Overview

Week 11 to Week 12 Unit VI: Information and Control and Privacy will give an overview about control and privacy,
 

Define the different characteristics of information, Discuss why information security and privacy a contemporary
issue and Explain what is privacy and the data privacy and protection regulation.
Learning Goals/objectives

At the end of the lessons, the student are expected to:

 

•
Understand the characteristics of information in terms of Availability, Accuracy, Authenticity, Confidentiality, Integrity,
Utility and Possession. ;

•
Explain why information security and privacy a contemporary issue in terms if Fraud, Hoaxes, Identity Theft, System
Hacking, Disclosure and Privacy Breach;

Learn Data Privacy and Protection Regulation.

Characteristics of Information
Availability

Availability means information should be consistently and readily accessible

 

for authorized parties. This involves properly maintaining hardware and

technical infrastructure and systems that hold and display the information.

Information should be easy to obtain or access.  Information kept in a book of

some kind is only available and easy to access if you have the book to hand. 
A good example of availability is a telephone directory, as every home has
one for its local area.  It is probably the first place you look for a local number.
But nobody keeps the whole country’s telephone books so for numbers
further afield you probably phone a directory enquiry number.  For business
premises, say for a hotel in London, you would probably use the Internet.

Businesses used to keep customer details on a card-index system at the

 

customer’s branch.  If the customer visited a different branch a telephone call

would be needed to check details.  Now, with centralized computer systems,
businesses like banks and building societies can access any customer’s data
from any branch.
Accuracy

Information needs to be accurate enough for the use to which it

 

is going to be put.  To obtain information that is 100% accurate

is usually unrealistic as it is likely to be too expensive to produce
on time.  The degree of accuracy depends upon the
circumstances.  Accuracy is important.  As an example, if
government statistics based on the last census wrongly show an
increase in births within an area, plans may be made to build
schools and construction companies may invest in new housing
developments. In these cases any investment may not be
recouped.
 Authenticity

Authenticity is assurance that a message, transaction, or other exchange

 

of information is from the source it claims to be from. Authenticity

involves proof of identity. We can verify authenticity through
authentication.

The process of authentication usually involves more than one “proof” of

identity (although one may be sufficient). The proof might be something a
user knows, like a password. Or, a user might prove their identity with
something they have, like a keycard. Modern (biometric) systems can also
provide proof based on something a user is. Biometric authentication
methods include things like fingerprint scans, hand geometry scans, or
retinal scans.
Confidentiality

Confidentiality is roughly equivalent to Confidentiality measures are designed

 

to prevent sensitive information from unauthorized access attempts. It is

common for data to be categorized according to the amount and type of
damage that could be done if it fell into the wrong hands.

Confidentiality is the keeping of another person or entity’s information private.

Certain professionals are required by law to keep information shared by a client
or patient private, without disclosing the information, even to law enforcement,
except under certain specific circumstances. The principle of confidentiality is
most commonly expected in the medical field, and the legal field.

Sometimes safeguarding data confidentiality involves special training for those

privy to sensitive documents. Training can help familiarize authorized people
with risk factors and how to guard against them. Further aspects of training
may include strong passwords and password-related best practices and
information about social engineering methods to prevent users from bending
data-handling rules with good intentions and potentially disastrous results.

A good example of methods used to ensure confidentiality is requiring an

 

account number or routing number when banking online. Data encryption is

another common method of ensuring confidentiality. User IDs and passwords
constitute a standard procedure; two-factor authentication (2FA) is becoming
the norm. 
Integrity

Integrity involves maintaining the consistency, accuracy and trustworthiness of data

 

over its entire lifecycle. Data must not be changed in transit, and steps must be taken
to ensure data cannot be altered by unauthorized people (for example, in a breach of
confidentiality).

These measures include file permissions and user access controls. Version control
 

may be used to prevent erroneous changes or accidental deletion by authorized

users from becoming a problem. In addition, organizations must put in some means
to detect any changes in data that might occur as a result of non-human-caused
events such as an electromagnetic pulse (EMP) or server crash.

Data might include checksums, even cryptographic checksums, for verification of

 

integrity. Backups or redundancies must be available to restore the affected data to

its correct state. Furthermore, digital signatures can be used to provide effective 
nonrepudiation measures, meaning evidence of logins, messages sent, electronic
document viewing and sending cannot be denied.
Utility

"Utility" refers to the usefulness of the information to the

 

intended users. "Objectivity" focuses on whether the

disseminated information is being presented in an accurate,
clear, complete, and unbiased manner, and as a matter of
substance, is accurate, reliable, and unbiased.
 Possession

Possession means to hold occupancy with or without rights 
 

of ownership. This exactly describes possession in the psych
ic sense. It is the possession of the physical body with—
though frequently without—the permission of the owner.
Why is information security and
privacy a contemporary issue?
 Fraud

Fraud is commonly understood as dishonesty calculated for advantage. A person who 
 

is dishonest may be called a fraud.
Fraud is most common in the buying or selling of property, including real estate, 
Personal Property, and intangible property, such as stocks, bonds, and copyrights.

Fraud must be proved by showing that the defendant's actions involved five separate 
elements: 
(1) a false statement of a material fact,
(2) knowledge on the part of the defendant that the statement is untrue, 
(3) intent on the part of the defendant to deceive the alleged victim, 
(4) justifiable reliance by the alleged victim on the statement, and 
(5) injury to the alleged victim as a result.
 Hoaxes

A hoax is a falsehood deliberately fabricated to

 

masquerade as the truth. It is distinguishable from errors

in observation or judgment, rumors, urban legends,
pseudoscience's, and April Fools' Day events that are
passed along in good faith by believers or as jokes.

Hoax is to trick into believing or accepting as genuine

something false and often preposterous
Identity Theft

Identity theft is the crime of obtaining the personal or financial

 

information of another person to use their identity to commit fraud,

such as making unauthorized transactions or purchases. Identity
theft is committed in many different ways and its victims are typically
left with damage to their credit, finances, and reputation.

KEY TAKEAWAYS

Identity theft occurs when someone steals your personal information

 

and credentials to commit fraud.

There are various forms of identity theft, but the most common is
 

financial.

Identity theft protection is a growing industry that keeps track of

 

people's credit reports, financial activity, and Social Security number

use.
System Hacking

System hacking is a vast subject that consists of hacking the different

 

software-based technological systems such as laptops, desktops, etc. System

hacking is defined as the compromise of computer systems and software to
access the target computer and steal or misuse their sensitive information.
Here the malicious hacker exploits the weaknesses in a computer system or
network to gain unauthorized access to its data or take illegal advantage.

When one enters the world of hacking, he is bombarded with seemingly

similar or even synonymous terms: malicious users or malicious attackers,
hackers, crackers and more. But what does each of them mean? In a more
technical or meticulous context, chances are that you'll come across the term
cracker as the more precise one when describing a hacker whose motivation
is malice and wrongful gain. Therefore, cracking is illegal as well as unethical
hacking. System hacking, on the other hand, has usually got a more generic
definition: it is the procedure of obtaining unauthorized access to a system
and its resources. Some hacking types are perfectly legal, the most typical
example being ethical hacking, a system penetration testing, conducted by
information security specialists.
 Disclosure

Disclosure of information is
 

any release of information from one party to another. Usually it refers to
 release of management information relevant to 
COLLECTIVE BARGAINING
 and potentially useful to trade union negotiators. 
Privacy Breach

A privacy breach occurs when an organization or individual either

 

intentionally or accidentally:

Provides unauthorized or accidental access to someone's personal

 

information.

Discloses, alters, loses or destroys someone's personal information

 

A privacy breach also occurs when someone is unable to access

 

their personal information due to, for example, their account being
hacked. 
What is Privacy?
Privacy

Privacy is a fundamental right, essential to autonomy and the

 

protection of human dignity, serving as the foundation upon which

many other human rights are built.

Privacy enables us to create barriers and manage boundaries to

 

protect ourselves from unwarranted interference in our lives, which

allows us to negotiate who we are and how we want to interact with
the world around us. Privacy helps us establish boundaries to limit
who has access to our bodies, places and things, as well as our
communications and our information.

The rules that protect privacy give us the ability to assert our rights
 

in the face of significant power imbalances.

Data Privacy and Protection Regulation
Scope and Application

The Data Privacy Act is broadly applicable to individuals and legal entities that
 

process personal information, with some exceptions. The law has extraterritorial
application, applying not only to businesses with offices in the Philippines, but when
equipment based in the Philippines is used for processing. The act further applies to
the processing of the personal information of Philippines citizens regardless of
where they reside.

One exception in the act provides that the law does not apply to the processing of
 

personal information in the Philippines that was lawfully collected from residents of
foreign jurisdictions — an exception helpful for Philippines companies that offer
cloud services.
Approach

The Philippines law takes the approach that “The

 

processing of personal data shall be allowed subject to

adherence to the principles of transparency, legitimate
purpose, and proportionality.
Collection, Processing, and Consent

The act states that the collection of personal data “must be a declared, specified, and
 

legitimate purpose” and further provides that consent is required prior to the
collection of all personal data. It requires that when obtaining consent, the data
subject be informed about the extent and purpose of processing, and it specifically
mentions the “automated processing of his or her personal data for profiling, or
processing for direct marketing, and data sharing.” Consent is further required for
sharing information with affiliates or even mother companies.

Consent must be “freely given, specific, informed,” and the definition further requires
that consent to collection and processing be evidenced by recorded means.
However, processing does not always require consent.

Consent is not required for processing where the data subject is party to a
 

contractual agreement, for purposes of fulfilling that contract. The exceptions of

compliance with a legal obligation upon the data controller, protection of the vital
interests of the data subject, and response to a national emergency are also
available.

An exception to consent is allowed where processing is necessary to pursue the

 

legitimate interests of the data controller, except where overridden by the

fundamental rights and freedoms of the data subject.
Information Privacy
Address Privacy and Security
 

Careful consideration about which data are collected and how they are stored and shared.
 

Collecting data should be responsible enough to be transparent in how they collect and use personal data.
 

Security measures and policies that protect and uphold an individual's dignity and privacy should be in place and made known to the
 

individual.

Data privacy, also called information privacy, is the aspect of information technology (IT) that deals with the ability an organization or
 

individual has to determine what data in a computer system can be shared with third parties.

Here are some tips to protect yourself online:

 

https://www.privacy.gov.ph/30-ways/
 

Source: National Privacy Commission (NPC)