Context
1. How Important is Information Security in Business?
- "Advanced security measures are a must for any organization. Most companies do not like to talk about it, but security breaches happen constantly in unprotected means and even monthly.
- Cybercriminals are constantly looking to hack companies and many succeed. A good security system that protects IT for companies is the best defense a business can have against these threats.
- The importance of cybersecurity for a company is not only for protecting its information, but also the information of its employees and customers. Consequently, companies have a lot of data and information in their systems. A fact that increases the importance of security, be it of data, information, or cybersecurity in general."
2. The Real Cost of Information Security
- "Cybersecurity breaches can be costly and harmful to any organization, both in terms of finances and reputation. Recent research reported that 43% of organizations experienced a data breach involving sensitive customer or business information in the past two years.
- Based on this data, two out of five companies are hit each year by a serious breach, in which a significant amount of sensitive data is compromised. It is noticed that hardly a week goes by without at least one data breach report in the news.
- A store can have its credit card data stolen. A health insurer may have lost its policyholders’ records. The government loses records of permits – while what should have been private emails are now being posted on activist websites. It appears that no private or public organization is fully protected against cyberattacks.
- The nature of cyberattacks is much more advanced. Initially, the most common target was email, such as messages from ‘banks’ requesting account details or personal data (IDs). But as computing has advanced, cyberattacks have also moved towards larger-scale operations, which are no longer limited to an individual, but rather to businesses, financial markets, and the government sector. According to studies conducted by IBM, the average cost of a data breach is $3.62 million, which for many companies is an unbearable cost. "
3. What are the information security regulations?
GDPR, CCPA, LGPD, and POPI
3.1 What is GDPR, the EU’s new data protection law?
“The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.”
3.2 What is CCPA, the California Consumer Privacy Act?
“The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law.”
3.3 What is LGPD, the Brazilian General Data Protection Act?
“The new regulation establishes standards for managing data privacy and enables organizations to enhance their competitiveness.”
3.4 What is POPI , the Protection of Personal Information Act?
“An introduction to the Protection of Personal Information Act (or POPI Act or POPIA) Purpose of the Act. The increasing cases of theft and misuse of people’s personal information has led to the need to promulgate regulations to protect personal information and one’s right to privacy.”
3.5. What is the difference between each data security and privacy regulation?
The first difference is the time each data must be stored, collected, managed. The second difference is that each government, state or country may have its own personal data protection law. But the most common are the ones I reported.
5. Are there other security policies?
Yes! Example: HIPAA, PHI, Compliance, CalOPPA, CCPA etc
5.1 What exactly is HIPAA?
“HIPAA is the Health Insurance Portability and Accountability Act of 1996. It is US law that protects individuals’ healthcare through security and privacy rules for electronic records. This legislation may not quite be a household term, but it is associated with a certain amount of notoriety in the wake of major healthcare hacks.”
5.2 What exactly is PHI?
“PHI stands for Protected Health Information. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities”
5.3 What is compliance?
Compliance is the state of being in accordance with established guidelines or specifications, or the process of becoming so. Software, for example, may be developed in compliance with specifications created by a standards body, and then deployed by user organizations in compliance with a vendor’s licensing agreement. The definition of compliance can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation.
5.4 What is California Online Privacy Protection Act (CalOPPA)?
“The California Online Privacy Protection Act went into effect in 2004 and was updated in 2013. It requires companies that collect personally identifiable information about California residents to have a privacy policy. Websites that collect information from Californians (such as name, contact information, telephone number, or social security numbers) must have their privacy policy hyperlinked from their home page, and must use the word “privacy” in that hyperlink.”
6. Cases
- Who uses Baserow can be companies like HR
- Anyone who uses Baserow can be a regular user
- Who uses Baserow can be large, medium or small companies
- Those who use Baserow can be doctors, judges, lawyers
6.1 Note
It is important to think about the regulations for all these cases that I mentioned now
7. Notes
- I did extensive bibliographic research on information security and information security regulation with the aim of helping Baserow informatively about what information security standards are present, the difference between each and the context of why it is important to implement these policies security inside Baserow.
- To carry out this research I read several scientific articles, different sources of news and information, and here I raised different points of view and opinions on the subject.
- This feature request that I’m asking would be whether Baserow has ever thought about implementing these regulations on information security or if it will still be planned: regulations on information security.
- This is not a criticism, but an interesting feedback on this current issue that is protection, information security and regulation about it.
- Programs such as Airtable, Seatable, Bitwarden, among other software, already have regulations on the storage, use, security, protection of information
- My goal is not to promote any product, brand, service or company. My objective here is to inform you about the current regulations on information security. An interesting aspect of information security regulations is the aspect of reliability, transparency in any company that implements this type of regulation.
- I’m just a programmer interested that the Baserow company is the best company in the world. Because being the best company in the world, everyone wins.
- I contribute ideas, open source software ui/ux with the aim of helping, I don’t make money from it. Well, I just want to make these projects stand out, notoriety to provide the IT market with several possibilities, consumption choices.
- I think Baserow’s amazing idea of being an open solution, my core idea of helping Baserow would be for Baserow to be like Bitwarden of tables. Let’s say Bitwarden vs LastPass or better Baserow(Bitwarden) vs Airtable(LastPass)
- My point here is not to say what freedom is, my point here is to say that I am not a judge, a lawyer, just a programmer interested in contributing to open source solutions as Baserow or not, something Windows. I just want to make things better, safer and more transparent
- I’m not saying that Bitwarden, Baserow is better than Airtable, LastPass - just comparing the good differences of each service and company
8. References
- The Importance of Information Security in Your Organization: Top Threats and Tactics | AuditBoard
- What is GDPR, the EU’s new data protection law? - GDPR.eu
- https://advenica.com/en/why-is-information-security-so-important
- Data Protection Policy: 9 vital things and 3 Best Practices - Cloudian
- Why use a HIPAA-compliant password manager | Bitwarden Blog
- What is HIPAA Compliance? - Learn how to become HIPAA compliant
- HIPAA vs. HIPPA - Atlantic.Net
- Brazilian General Data Protection Act | Risk Advisory | Deloitte Brazil
- Why use a HIPAA-compliant password manager | Bitwarden Blog
- https://support.airtable.com/hc/en-us/articles/4408864818839-Regional-access-restrictions
- https://support.airtable.com/hc/en-us/articles/360003938973-GDPR-at-Airtable
- Security - Airtable
- What is HIPAA Compliance? - Learn how to become HIPAA compliant
- https://bitwarden.com/
- What is compliance?
- California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General
- What is GDPR? Everything you need to know about the new general data protection regulations | ZDNet
- Data Privacy Policy: What It Is & Why You Need One
- Health Insurance Portability and Accountability Act of 1996 (HIPAA) | CDC
- Why use a HIPAA-compliant password manager | Bitwarden Blog
- What is PHI? | HHS.gov
- The Importance of Information Security in Your Organization: Top Threats and Tactics | AuditBoard
- HIPAA vs. HIPPA - Atlantic.Net
- Bitwarden Security Whitepaper | Bitwarden Help & Support
- What is compliance?