Editing Data security (section)

== International laws and standards ==

=== International laws ===

In the [[United Kingdom|UK]], the [[Data Protection Act 1998|Data Protection Act]] is used to ensure that personal data is accessible to those whom it concerns, and provides redress to individuals if there are inaccuracies.<ref>{{Cite web
 |url         = https://ico.org.uk/for-organisations/guide-to-data-protection/principle-1-fair-and-lawful/
 |title       = data protection act
 |access-date  = 29 July 2016
 |url-status     = live
 |archive-url  = https://web.archive.org/web/20160413194602/https://ico.org.uk/for-organisations/guide-to-data-protection/principle-1-fair-and-lawful/
 |archive-date = 13 April 2016
}}</ref> This is particularly important to ensure individuals are treated fairly, for example for credit checking purposes. The Data Protection Act states that only individuals and companies with legitimate and lawful reasons can process personal information and cannot be shared. [[Data Privacy Day]] is an international [[holiday]] started by the [[Council of Europe]] that occurs every January 28. 
<ref name=dataprivacyday>{{cite web|url=http://googleblog.blogspot.com/2008/01/celebrating-data-privacy.html|title=Celebrating data privacy|author=[[Peter Fleischer]], [[Jane Horvath]], [[Shuman Ghosemajumder]]|publisher=[[Google Blog]]|access-date=12 August 2011|year=2008|url-status=live|archive-url=https://web.archive.org/web/20110520195323/http://googleblog.blogspot.com/2008/01/celebrating-data-privacy.html|archive-date=20 May 2011}}</ref>

Since the [[General Data Protection Regulation]] (GDPR) of the [[European Union]] (EU) became law on May 25, 2018, organizations may face significant penalties of up to €20 million or 4% of their annual revenue if they do not comply with the regulation.<ref>{{cite web |url=https://www.itgovernance.co.uk/dpa-and-gdpr-penalties |url-status=dead |archive-url=https://web.archive.org/web/20180331015558/https://www.itgovernance.co.uk/dpa-and-gdpr-penalties |archive-date=2018-03-31 |title=GDPR Penalties}}</ref>  It is intended that GDPR will force organizations to understand their [[data privacy]] risks and take the appropriate measures to reduce the risk of unauthorized disclosure of consumers’ private information.
<ref>{{cite web|title=Detect and Protect for Digital Transformation|url=https://www.informatica.com/products/data-security.html#fbid=UIV8MkPprTe|website=Informatica|access-date=27 April 2018}}</ref>

=== International standards ===

The international standards [[ISO/IEC 27001]]:2013 and [[ISO/IEC 27002]]:2013 cover data security under the topic of [[information security]], and one of its cardinal principles is that all stored information, i.e. data, should be owned so that it is clear whose responsibility it is to protect and control access to that data.<ref>{{Cite web |title=ISO/IEC 27001:2013 |url=https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/05/45/54534.html |access-date=2022-11-03 |website=ISO |date=16 December 2020 |language=en}}</ref><ref>{{Cite web |title=ISO/IEC 27002:2013 |url=https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/05/45/54533.html |access-date=2022-11-03 |website=ISO |date=15 April 2021 |language=en}}</ref> The following are examples of organizations that help strengthen and standardize computing security:

The [[Trusted Computing Group]] is an organization that helps standardize computing security technologies.

The [[Payment Card Industry Data Security Standard]] (PCI DSS) is a proprietary international information security standard for organizations that handle cardholder information for the major [[Debit card|debit]], [[Credit card|credit]], prepaid, [[e-purse]], [[Cash machine|automated teller machines]], and point of sale cards.<ref>{{cite web|title=PCI DSS Definition|url=https://www.pcmag.com/encyclopedia/term/59104/pci-dss|access-date=1 March 2016|url-status=live|archive-url=https://web.archive.org/web/20160302073624/http://www.pcmag.com/encyclopedia/term/59104/pci-dss|archive-date=2 March 2016}}</ref>

The [[General Data Protection Regulation|General Data Protection Regulation (GDPR)]] proposed by the European Commission will strengthen and unify data protection for individuals within the EU, whilst addressing the export of personal data outside the EU.