Startups should consider several factors when designing a data protection plan for storing and protecting digital data. In all cases, companies should develop a data protection plan that protects disclosure or inappropriate use of confidential data. Even in the worst cases like data theft, you could protect your business if and only if the business abides by legal precautions to protect data. In this blog we will talk about the 12 Ways Startups can protect digital data
Startups can protect digital data in 12 Ways:
- Add firewalls, anti-virus software and other layers of protection to your business servers and computers.
There’s no such thing as too much protection. Add redundancy to your business’ security systems. Hackers, and other black hats who roam the Internet, are looking for easy targets. Using multiple layers of security software makes accessing client information more difficult, so hackers quickly move on to the next website – the easier target.
- Choose a web host that values your business security.
There are hundreds of web hosts. These businesses provide customer and client access to your company website. They host your website on giant servers, and provide varying degrees of server-side protection.
Server-side protection is based in the web host’s operations centre, and includes things like hard-wired firewalls, security cameras focused on the server room, anti-virus and anti-spyware software, and other forms of protection. However, you may still find your business under attack from black hats mining for data on your host server.
How? If your company uses shared hosting services, your website may share the same server as a few thousand other websites. This leaves your website vulnerable to cross-side server attacks – attacks in which a hacker opens an account to gain access to other websites that share the same host server. Responsible web hosts protect your business from cross-side server attacks using software to monitor server activity. However, as a business owner, you may opt for higher levels of security.
A virtual private server (VPS) partitions your website, creating a wall between you and the other websites that share the same server. VPS costs a little more than shared hosting, but your clients’ sensitive data is also a lot safer.
Another alternative? Instead of a shared hosting account, or VPS account, your company can open a private server account – an account in which your website and your data is maintained on a separate server, all by itself. Private servers are pricier, but a lot safer than a shared hosting account.
When shopping for a web host, ask about security measures. Sync up your office-based security software with server-side software to get maximum benefit.
- Limit employee access to customer data.
Password-protect office computers and servers to limit the number of people who have access to client data. Change passwords when employees leave the company. This protects against unhappy ex-employees accessing your customers’ sensitive data, stealing it, trashing it, or causing other problems that harm your company’s reputation.
- Lockdown all computers.
Laptops, desktops, tablets, PDAs, servers – all store information that can be stolen and used by competitors or hackers to ruin your reputation. If you use a cleaning service for the office, all it takes is a knowledgeable hacker to slide an unlocked laptop into a trash bin and smuggle it out of the office with all your data intact. Lock up your hardware or chain it in place to prevent this form of analog data theft.
- Keep up with upgrades.
The software used to block unauthorized access to digital data is routinely updated and upgraded to protect against the latest computer virus. You can purchase the best anti-hacker software available, but if you don’t update that software regularly, the bad guys may be able to find a back door with a new hacker program. Hackers are always looking for new ways to access data. Keep your security software up-to-date to get the most protection.
- Notify clients and customers when data has been compromised.
If you know your office server has been hacked, and data stolen, notify customers and clients ASAP. Often, customers can take steps to protect themselves. They can notify their banks, for example, close accounts that have been jeopardized, and open new accounts with new access codes. It’s just good business. It’s also the law.
- Hire a professional.
You may know someone who has a little experience with computer security, but chances are, they won’t be current on the latest methods used by hackers and crackers. Hire an IT security professional to monitor your office server and business activity to ensure that customer information remains safe. These security professionals are highly-trained professionals who may charge a lot, but can you put a price on the trust of your loyal customer base?
- Restrict Access to Shared Data
When you create a read-only shared data page to share your results with others, you can password-protect the page to restrict access to only those that know the password.
If you’re on a team plan, you can share surveys with people on your team to give them access to the survey and results, which they can only view when they’re logged in to their account. You can also use the Library feature to securely store and share brand assets, like images and survey templates, with everyone on your team plan.
- Exporting survey results
If you download survey results to your own computer, please ensure that those downloaded files are handled appropriately since they contain protected information. We suggest that you secure those files by encrypting them and only transferring them under an encrypted connection.
- Sharing surveys with collaborators
When you share a survey with others, the users with whom you decide to collaborate will have access to view and edit that survey, including any survey responses you’ve collected. Remember to use this feature with people who are authorized to work on that survey.
- Transferring a survey to another account
If you must transfer a survey to a different Survey account, ensure that you are certain that the receiving account is the one you intend to send it to. To transfer a survey, you must enter the exact username of that account. The transfer process cannot be undone without action by the receiving account holder.
- Data Protection under Copyright Act
Indian Copyright Act, 1957 provides for database protection under Section 2(o) which defines “Literary Work”. Therefore, any data which comes under the scope of Section 2(o) is protected under the Copyright Act. Some of the leading cases related to data protection under copyright laws pertains to holding copyright in ‘client list’.
Examples of organizations that faced issues under data protection- Burlington Home Shopping Pvt. Ltd. vs. Rajnish Chibber [1995 PTC (15) 278] and Diljeet Titus, Advocate vs. Alfred A. Adebare and Ors.[130 (2006) DLT 330].
In Burlington case, the issue was whether a database consisting of compilation of mailing address of customers can be subject matter of a copyright to hold the defendant liable for infringement of the Plaintiff’s Copyright. The Court answered the question in affirmative and held that compilation of addresses developed by anyone by devoting time, money, labour and skill amounts to a literary work wherein the author has a Copyright. Accordingly, the Defendant was restricted from using the list of clients/customers included in the database exclusively owned by the Plaintiff.
Summary of the case law
Burlington Home Shopping Pvt. Ltd. v. Rajnish Chibber & Anr.
Before the Hon’ble High Court of Delhi at New Delhi
1995 PTC (15) 278
Decided on: 20.10.1995
Plaintiff was a mail order service Company. The business of the Plaintiff was to publish mail order catalogues dealing with consumer items which were posted to the select list of Plaintiff’s clients. A major investment in this regard was compilation of client list/customer database. Plaintiff had developed a list of clientele/customers database over a period of three years which was always in the gradual process of compilation. The Defendant was an employee in the Plaintiff Company. After leaving the employment of the Plaintiff, Defendant started his own business like as that of the Plaintiff. He had also managed to get a copy of database of the Plaintiff and started to use the same for his own purpose.
The database is an original literary work within the meaning of Section 2(o) of the Copyright Act, 1957 and the Copyright in the same vests with the Plaintiff and therefore any unauthorized use or substantial reproduction of the same is an act of infringement of Copyright of the Plaintiff under the Copyright Act, 1957.
The database which the Plaintiff is referring to has been developed by the Defendant and therefore there is no infringement of Copyright.
The Questions, that came up for consideration before the Court was:
- Whether a database consisting of compilation of mailing address of customers can be subject matter of a copyright; and
- Whether the defendant can be said to have committed infringement of the Plaintiff’s Copyright.
Both the questions were answered by the Hon’ble Court in affirmative. The Court held that compilation of addresses developed by anyone by devoting time, money, labour and skill amounts to a literary work wherein the author has a Copyright. On comparison of the floppies seized from the Defendant it was found that substantial number of entries were comparable word by word, line by line, space by space. The database available with the Defendant was found to be substantially a copy of the database available with the Plaintiff. The Defendant was restricted to utilize the list of clients/customers included in the database exclusively owned by the Plaintiff.
In coming to the answer to the first question, the Hon’ble Court relied on Section 2(o) which defines ‘literary work’, Section 2(y) which defines ‘work’, Section 14 (Exclusive Rights), Section 17(c) (First ownership in a contract for service) of the Copyright Act, 1957 and on the following authorities about Copyright which reiterated the legal proposition that the Compilations, like brochures, trade catalogues, client lists are capable of protection as literary works. Other than this, client list is also protected under the law relating to confidential information and trade secret.