ABSTRACT
Like so many terms in information technology, data protection has become significantly overloaded, and therefore it can mean very different things to different people. While there is a lot in security that can be set with hard and fast policies, data protection as a security function is increasingly becoming one based on pattern analysis of current activities compared to both historical trends and external data sources. The general data protection regulation allows for significant fines to be levied against companies who fail in their regulated obligations towards consumer data privacy, and in May 2019, Moody’s, an American credit rating agency, downgraded Equifax’s credit rating outlook over the severity of its 2017 cyber-security breach. Data protection as a privacy function is focused on understanding and enforcing boundaries between data that companies collect and what can be done with that data, from the perspective of the individual from whom the data has been collected.
