Greeting all guys and myself again!

Continue from our staffs who are in charge in this circle. We gonna have a conversation about data types.

What kinds of data we need to take care?

Let’s say we are the owner of pizza shop (as the same 😸 ). We as the providers MAY keep these followings:

  1. Name – surname
    in case our customers can register
  2. Telephone number
    in case we serve pizza on delivery
  3. Address
    also needed for order on delivery
  4. Email
    if we have newsletters services

Those above are just a part of data that real company need to keep, it depends on their necessary.

Our essential data is so precious

No free stuff on the world. If we do not send our data to the provider, we cannot access their services, right? So we need to protect our data by send them to only companies we trust their security system.

Essential data

I would like to introduce a word:

PII (Personal Identifying Information)

It literally means the data which indicate a specific person. If we know them, we can get benefits or make a transaction on behalf of their owners. Some essential data are listed below:

  1. Name – surname
    As a mention before, it is a primary personal information.
  2. Telephone number
    Since it has required registration, it also is a primary one.
  3. Email
    Certainly yes for business communications
  4. Geospatial information
    aka. location-based information. This is usually bound with timestamp. Therefore, we can review when and where he/she is
  5. IP address
    It is automatically stored by IT company providers. This data generally identify locations and devices of the transactions
  6. username or user ID
    It isn’t crucial when it stays alone, but it is that way so when combined with other PII data e.g. email or mobile number. That makes data reviewers know our movement in both online and offline world
  7. Physical addresses
    Also primary data
  8. Citizen ID/Driver’s license/Passport number
    an ultimate essential information which store other essential ones. Must keep it securely.

As customers, how can we keep it in secure?

Before sending those PII data, we need to review their security, terms and conditions, company’s reputation or other standards. And the first thing we have to do after sending or stop sending our data is to setup/configure account security, haven’t we?

And we as a provider?

In order to protect our clients’ essential information, several mechanisms and tools can be applied in that case:

  • Avoid keeping essential data on cloud platform, should be done in private system
    It is true that many famous cloud storage providers have high-level data protection. But it is better to keep in our private servers which can be control all traffics by ourselves, right?
  • Encrypting all essential data
    For the worst case, at least we are not allow bad guys to retrieve our precious data in an easy way. The most encryption method I mostly use is AES 256-bit
  • Hashing
    For some reasons, we can hash any value to an unreadable text which is infeasible to proceed back to original value with the arithmetic algorithms. With this, we can utilise hashed text for many applications e.g. mapping data between two departments without revealing some PII data.

Next time, I’m gonna tell story about data security guideline in enterprises. There is GDPR ! Stay tuned.