Privacy Policies

LaRon Walker

Master of Information Technology and Internet Security

March, 2010

The way we transfer data has caused a change in the way we view security and privacy. The

shift from paper to digital has greatly helped in offsite storage costs for most companies, however this

has created the risk of digital data being stolen or accessed with the ease of clicking a few buttons.

Along with this is the constant growth of data being transmitted over the Internet between consumers

and business alike, which can also be captured and used for unauthorized purposes. These risks have

created great concerns, which have led to legislations being developed to help address these issues.

Two of these legislations are the European Union Data Protection Directive of 1995, and The Payment

Card Industry Data Security Standard (PCIDSS).

The European Union Data Protection Directive of 1995 was developed to protect all European

citizens by helping unify laws across different European states that all relate to person privacy. This is

very important to ensure European citizens had the laws protecting them across Europe. The PCIDSS

developed the encryption industry standard that ensures all data transmissions involving credit card

transactions. These two legislations together have helped develop a solid data privacy model by helping

define what information is required to conduct business, who or what requires access to personal

information, and how the personal information is used, and the minimal encryption required to transmit

this information.

The main network threat I see putting an individual’s privacy at risk when accessing information

from a financial provider is that of sniffing and packet capturing applications. These applications are
designed to intercept, analyze, and decipher network information then convert it into plain text. Some

of these applications are even designed to capture encrypted network traffic then decrypt it. Examples

of these applications are NMAP, Kismet, Etherape, Ettercap, Wireshark, and Gerix-Wifi-Cracker-NG.

When used together, these applications can penetrate a network, gather host information, and

eventually capture data being transmitted to and from the computers on that network.

The best way to defend against an attack like the one described above whether consumer or

business is to make sure that firewalls are checked frequently, all updates and security patches are

current, and all security and antivirus applications are up-to-date. Along with this, businesses should

have a strong Privacy Policy Management Team that provides strict privacy guidelines that are carefully

monitored, implemented, and maintained.

References

Barr, G. (2008, October 1). Effective Privacy Policies. Faulkner Information Services. Retrieved March 27,

2010, from Faulkner FACCTS. database.

backtrack-linux.org, (2010). Backtrack Tutorials, Manuals and HowTos. Retrieved March 27, 2010 from

http://www.backtrack-linux.org/tutorials/