Written By
Edited By : Amy Edel
This page features 19 Cited Research Articles
Fact Checked
Fact-Checked

Editors carefully fact-check all Consumer Notice, LLC content for accuracy and quality.

Consumer Notice, LLC has a stringent fact-checking process. It starts with our strict sourcing guidelines.

We only gather information from credible sources. This includes peer-reviewed medical journals, reputable media outlets, government reports, court records and interviews with qualified experts.

What Is Data Protection?

Data protection entails safeguarding any personal financial or health information that you have in your custody against misuse, accidental disclosure, theft or damage.

Complying with local and international data protection laws can protect your business from hefty regulatory fines. It can also help you build trust with your customers in this digital age.

Data Privacy vs. Data Protection

The terms data privacy and data protection may seem interchangeable, but there are important distinctions. In the European Union, data privacy is often a basic right guaranteed by law. It gives digital users greater control over access to their personal information. Even without such measures, you can take steps to protect your privacy online.

In contrast, data protection refers to technical data security mechanisms that enable compliance with privacy policies. Businesses, governmental agencies and other groups and organizations can build public trust by guaranteeing the privacy of their customers’ and partners’ sensitive information.

Data Protection Strategies

To keep yourself and your data safe, identify any personal information or asset that may be at risk when you open an email or an email attachment, buy a product or service online or surf the internet. Also, avoid practices such as data mining — gathering large amounts of personal, financial or medical information in one place. That creates a potential treasure trove for hackers.

Other steps to protect your information, money, passwords and computer system against various cyber threats include:

  • Avoiding sensitive transactions when using public internet services or potentially unsecure WiFi
  • Being on guard for phishing emails (don’t click suspicious or unknown email attachments or links)
  • Creating strong passwords that are unique for each account
  • Regularly monitoring your credit card, credit reports and bank accounts for suspicious activity
  • Updating your operating system, applications and antivirus programs regularly
  • Using secure browsers and limiting information shared on social media
  • Using two-factor authentication to protect your accounts if your password is stolen

It’s likely that many websites you visit collect personal information about you for marketing purposes. They do this through digital cookies they add to your computer browser to track your internet navigation. You can install software to prevent some of the collection. Some sites also allow you to opt out of cookie collection.

7 Principles of Data Protection

If you store or process personal data in your organization, there are basic data protection standards you should keep in mind. Many stakeholders and agencies around the world recognize the following General Data Protection Regulation principles:

  • Accountability: Anyone who handles data must be trained and must understand the purpose and function of GDPR.
  • Accuracy: Verify the accuracy of personal data and update old, inaccurate information whenever reasonably possible.
  • Data minimization: Limit personal data processing to necessary and relevant applications.
  • Integrity and confidentiality: Secure personal data against breach or unauthorized access during storage, transit, and processing.
  • Lawfulness, fairness and transparency: You should only collect and process personal data for legitimate, reasonable use with the data owner’s full knowledge and consent.
  • Purpose limitation: Collect personal data for a specific application and duration.
  • Storage limitation: Don’t store personal data for longer than necessary for its intended application.

Organizations should establish a data management framework that allows them to track, classify and protect personal information in line with these key data protection principles.

Over the past decade, storing information in the cloud has grown as a frontline solution for access and security. Cloud data protection brings on new decisions, such as what model (public clouds, private clouds, community clouds or hybrid clouds) and what services to use. Services include software-as-a-service, platform-as-a-service, function-as-a-service and infrastructure-as-a-service. Cloud storage is most vulnerable to security hacks and data breaches.

Data Breaches

A data breach occurs when bad actors illegally access your sensitive personal information. This can include Social Security numbers, banking information and credit card details.

For example, in April 2023, criminals may have accessed names and other sensitive Medicaid details for about 20,800 Iowans. And in February 2023, Brightline discovered hackers had breached Stanford University’s health plan data belonging to covered employees, post-doctoral students and dependents

So far in 2023, the biggest data breaches according to IT Governance UK have been:
  • Twitter: 220 million breached records
  • T-Mobile: 37 million breached records
  • People Connect: 20.2 million breached records
  • JD Sports: 10 million breached records
  • AT&T: 9 million breached records

In a ransomware attack impacting Latitude Financial in March 2023, criminals breached 330,000 customer records, including credit card details of Cole supermarket customers. Since 2005, 14 million Latitude customer records have been stolen.

In March 2023, hackers stole 10 terabytes of data from Western Digital Corp., including volumes of customer information. They demanded a minimum eight-figure ransom not to publish the breached data.

Identity Theft

Identity theft occurs when a cyber criminal steals your personal information and uses it to impersonate you in fraudulent transactions. They can use your credit card or bank account details to make purchases or open bank accounts in your name. Credit card fraud and tax-related fraud are the two most prevalent types of identity theft, but there are many others.

Ways to Steal Someone’s Identity:
  • Computer viruses that can scrape and disseminate your personal information
  • Eavesdropping and secretly recording your phone calls
  • Handheld skimming devices that can copy your credit card details for fraudulent duplication
  • Phishing emails that impersonate a legitimate source, tricking you into clicking a redirect link to a fake website and supplying your personal information
  • Spyware that records your smartphone or computer keystrokes to steal your passwords

Identity thieves can target anyone. To protect yourself, regularly check your bank and credit card accounts for strange and unexplained transactions, especially unknown purchases. Also use password managers to keep your various passwords secure.

Report any unfamiliar accounts on your credit report. Act quickly if you receive a data breach notification from your service provider.

Scams and Fraud

According to the Federal Trade Commission, scammers stole about $8.8 billion from consumers in 2022. Imposter scams, in which fraudsters impersonate someone you trust or know to trick you into sending them money, accounted for most of the reported losses.

Keep an eye out for different types of phone call imposter scams, such as:
  • An IRS impersonator demands cash or you’ll be arrested for “owed back taxes.”
  • A caller impersonating Windows technical personnel requires access to your computer for repairs or updates.
  • A “distressed grandchild” calls and begs you to send them money.
  • The caller announces you won the lottery, but you must pay some money before collecting your prize.

If you’ve been scammed, you can file a complaint with the FTC on their official website. Econsumer.gov is another useful online resource for reporting international fraud.

Personal Health Information

Your medical information is also a lucrative target for theft, as criminals can use it to secure prescription drugs or file insurance claims in your name. In 2022, health care and other organizations reported 707 data breaches impacting 51.9 million records to the Department of Health and Human Services’ Office for Civil Rights.

To protect yourself against the growing risk of medical identity theft, scrutinize your health plan statements and medical files regularly for any inconsistencies.

Should You Turn off Data Sharing?

Experts recommend turning off location tracking and data sharing for marketing purposes whenever possible. If your smart device supports automatic connectivity with nearby devices, disable the feature to protect your personal data.

To help fix bugs and improve the user experience, apps, browsers and consumer tech gadgets like smartphones and laptops often collect your usage data by default. This means your privacy may be at risk if you don’t change the defaults to limit data sharing.

Data Protection Laws

The U.S. has enacted several “standalone” data protection laws, each for a specific sector. Examples include the Health Insurance Portability and Accountability Act for medical information, the Graham-Leach-Bliley Act for the financial realm, and the Privacy Act of 1974 for federal agencies.

The GDPR is more comprehensive and recognizes the right to privacy in Europe. A complementary law, the Data Protection Act, provides rights to residents of the United Kingdom. In the U.S., California has GDPR-inspired data protection laws, and four more states will begin enforcing similar statutes in 2023.

Data Protection Compliance

For regulatory compliance purposes, your organization should establish standard protocols that govern the secure creation, collection, storage and processing of personal information. A data protection officer can oversee the specification of technical requirements, compliance documentation and staff training.

Please seek the advice of a qualified professional before making decisions about your health or finances.
Last Modified: June 2, 2023

19 Cited Research Articles

Consumernotice.org adheres to the highest ethical standards for content production and references only credible sources of information, including government reports, interviews with experts, highly regarded nonprofit organizations, peer-reviewed journals, court records and academic organizations. You can learn more about our dedication to relevance, accuracy and transparency by reading our editorial policy.

  1. Ainsworth, K. (2023, April 15). Coles Confirms its Customers Impacted by Latitude Financial Data Breach. Retrieved from https://www.abc.net.au/news/2023-04-15/coles-confirms-latitude-data-breach/102227694
  2. Lahiri, A. (2023, April 14). Western Digital Data Breach: Hackers Demand Huge Ransom In Exchange Of Sensitive Data. Retrieved from https://finance.yahoo.com/news/western-digital-data-breach-hackers-132007371.html
  3. KCCI. (2023, April 11). 20,800 Iowans Impacted by National Data Breach that Exposed Medicaid Data. Retrieved from https://www.kcci.com/article/iowa-national-data-breach-exposed-medicaid-data/43570552#
  4. Green, J. (2023, April 4). Stanford: Personal Information Stolen in Health Care Data Breach. Retrieved from https://www.mercurynews.com/2023/04/13/stanford-personal-information-stolen-in-health-care-data-breach/
  5. SailPoint. (2023, March 4). Data security in cloud computing. Retrieved from https://www.sailpoint.com/identity-library/data-security-in-cloud-computing/
  6. Forbes Technology Council. (2023, February 27). 13 Tech Experts Explain Essential Facts About Data Privacy And Data Protection. Retrieved from https://www.forbes.com/sites/forbestechcouncil/2023/02/27/13-tech-experts-explain-essential-facts-about-data-privacy-and-data-protection/
  7. Federal Trade Commission. (2023, February 23). Retrievd from https://www.ftc.gov/news-events/news/press-releases/2023/02/new-ftc-data-show-consumers-reported-losing-nearly-88-billion-scams-2022
  8. The HIPAA Journal. (2023, January 24). 2022 Healthcare Data Breach Report. Retrieved from https://www.hipaajournal.com/2022-healthcare-data-breach-report/
  9. Bellamy, F. (2023, January 12). U.S. Data Privacy Laws to Enter New Era in 2023. Retrieved from https://www.reuters.com/legal/legalindustry/us-data-privacy-laws-enter-new-era-2023-2023-01-12/
  10. Office of Privacy and Civil Liberty. (2022, October 4). Privacy Act of 1974. Retrieved from https://www.justice.gov/opcl/privacy-act-1974
  11. National Federation of Self Employed & Small Businesses. (2022, October 2). Why is Data Protection So Important? Retrieved from https://www.fsb.org.uk/resources-page/why-is-data-protection-soimportant.html
  12. Chen, B. (2022, July 29). The Default Tech Settings You Should Turn Off Right Away. Retrieved from https://www.nytimes.com/2022/07/27/technology/personaltech/default-settings-turn-off.html
  13. Forbes Technology Council. (2018, December 19). Data Privacy Vs. Data Protection: Understanding The Distinction In Defending Your Data. Retrieved from https://www.forbes.com/sites/forbestechcouncil/2018/12/19/data-privacy-vs-data-protection-understanding-the-distinction-in-defending-your-data/
  14. Federal Bureau of Investigation. (n.d). On the Internet: Be Cautious When Connected. Retrieved from https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/on-the-internet
  15. Information Commissioner’s Office. (n.d). Some Basic Concepts. Retrieved from https://ico.org.uk/for-organisations/guide-to-data-protection/introduction-to-dpa-2018/some-basic-concepts/
  16. European Data Protection Supervisor. (n.d). Data Protection. Retrieved from https://edps.europa.eu/data-protection/data-protection_en
  17. Klosowski, T. (n.d). How to Protect Your Digital Privacy. Retrieved from https://www.nytimes.com/guides/privacy-project/how-to-protect-your-digital-privacy
  18. The World Bank. (n.d.). Data protection and privacy laws. Retrieved from https://id4d.worldbank.org/guide/data-protection-and-privacy-laws
  19. Data Protection Commission. (n.d). Principles of Data Protection. Retrieved from https://www.dataprotection.ie/en/individuals/data-protection-basics/principles-data-protection