How does information security work in Baserow?


1. How Important is Information Security in Business?

  • "Advanced security measures are a must for any organization. Most companies do not like to talk about it, but security breaches happen constantly in unprotected means and even monthly.
  • Cybercriminals are constantly looking to hack companies and many succeed. A good security system that protects IT for companies is the best defense a business can have against these threats.
  • The importance of cybersecurity for a company is not only for protecting its information, but also the information of its employees and customers. Consequently, companies have a lot of data and information in their systems. A fact that increases the importance of security, be it of data, information, or cybersecurity in general."

2. The Real Cost of Information Security

  • "Cybersecurity breaches can be costly and harmful to any organization, both in terms of finances and reputation. Recent research reported that 43% of organizations experienced a data breach involving sensitive customer or business information in the past two years.
  • Based on this data, two out of five companies are hit each year by a serious breach, in which a significant amount of sensitive data is compromised. It is noticed that hardly a week goes by without at least one data breach report in the news.
  • A store can have its credit card data stolen. A health insurer may have lost its policyholders’ records. The government loses records of permits – while what should have been private emails are now being posted on activist websites. It appears that no private or public organization is fully protected against cyberattacks.
  • The nature of cyberattacks is much more advanced. Initially, the most common target was email, such as messages from ‘banks’ requesting account details or personal data (IDs). But as computing has advanced, cyberattacks have also moved towards larger-scale operations, which are no longer limited to an individual, but rather to businesses, financial markets, and the government sector. According to studies conducted by IBM, the average cost of a data breach is $3.62 million, which for many companies is an unbearable cost. "

3. What are the information security regulations?


3.1 What is GDPR, the EU’s new data protection law?

“The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.”

3.2 What is CCPA, the California Consumer Privacy Act?

“The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law.”

3.3 What is LGPD, the Brazilian General Data Protection Act?

“The new regulation establishes standards for managing data privacy and enables organizations to enhance their competitiveness.”

3.4 What is POPI , the Protection of Personal Information Act?

“An introduction to the Protection of Personal Information Act (or POPI Act or POPIA) Purpose of the Act. The increasing cases of theft and misuse of people’s personal information has led to the need to promulgate regulations to protect personal information and one’s right to privacy.”

3.5. What is the difference between each data security and privacy regulation?

The first difference is the time each data must be stored, collected, managed. The second difference is that each government, state or country may have its own personal data protection law. But the most common are the ones I reported.

5. Are there other security policies?

Yes! Example: HIPAA, PHI, Compliance, CalOPPA, CCPA etc

5.1 What exactly is HIPAA?

“HIPAA is the Health Insurance Portability and Accountability Act of 1996. It is US law that protects individuals’ healthcare through security and privacy rules for electronic records. This legislation may not quite be a household term, but it is associated with a certain amount of notoriety in the wake of major healthcare hacks.”

5.2 What exactly is PHI?

PHI stands for Protected Health Information. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities”

5.3 What is compliance?

Compliance is the state of being in accordance with established guidelines or specifications, or the process of becoming so. Software, for example, may be developed in compliance with specifications created by a standards body, and then deployed by user organizations in compliance with a vendor’s licensing agreement. The definition of compliance can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation.

5.4 What is California Online Privacy Protection Act (CalOPPA)?

“The California Online Privacy Protection Act went into effect in 2004 and was updated in 2013. It requires companies that collect personally identifiable information about California residents to have a privacy policy. Websites that collect information from Californians (such as name, contact information, telephone number, or social security numbers) must have their privacy policy hyperlinked from their home page, and must use the word “privacy” in that hyperlink.”

6. Cases

  1. Who uses Baserow can be companies like HR
  2. Anyone who uses Baserow can be a regular user
  3. Who uses Baserow can be large, medium or small companies
  4. Those who use Baserow can be doctors, judges, lawyers
6.1 Note

It is important to think about the regulations for all these cases that I mentioned now

7. Notes

  1. I did extensive bibliographic research on information security and information security regulation with the aim of helping Baserow informatively about what information security standards are present, the difference between each and the context of why it is important to implement these policies security inside Baserow.
  2. To carry out this research I read several scientific articles, different sources of news and information, and here I raised different points of view and opinions on the subject.
  3. This feature request that I’m asking would be whether Baserow has ever thought about implementing these regulations on information security or if it will still be planned: regulations on information security.
  4. This is not a criticism, but an interesting feedback on this current issue that is protection, information security and regulation about it.
  5. Programs such as Airtable, Seatable, Bitwarden, among other software, already have regulations on the storage, use, security, protection of information
  6. My goal is not to promote any product, brand, service or company. My objective here is to inform you about the current regulations on information security. An interesting aspect of information security regulations is the aspect of reliability, transparency in any company that implements this type of regulation.
  7. I’m just a programmer interested that the Baserow company is the best company in the world. Because being the best company in the world, everyone wins.
  8. I contribute ideas, open source software ui/ux with the aim of helping, I don’t make money from it. Well, I just want to make these projects stand out, notoriety to provide the IT market with several possibilities, consumption choices.
  9. I think Baserow’s amazing idea of being an open solution, my core idea of helping Baserow would be for Baserow to be like Bitwarden of tables. Let’s say Bitwarden vs LastPass or better Baserow(Bitwarden) vs Airtable(LastPass)
  10. My point here is not to say what freedom is, my point here is to say that I am not a judge, a lawyer, just a programmer interested in contributing to open source solutions as Baserow or not, something Windows. I just want to make things better, safer and more transparent
  11. I’m not saying that Bitwarden, Baserow is better than Airtable, LastPass - just comparing the good differences of each service and company

8. References

That must have been a lot of work.

Did you know that on this page Privacy Policy // Baserow

Baserow explains how they use GDPR and CCPA?

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, California consumers have the right to:

Request that a business that collects a consumer’s personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.

Request that a business delete any personal data about the consumer that a business has collected.

Request that a business that sells a consumer’s personal data, not sell the consumer’s personal data.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

1. Context

  1. Thank you for feedback…
  2. But… I have more questions than answers
    • a. What is the difference between the regulamentation: California Online Privacy Protection Act (CalOPPA) and the California Consumer Privacy Act(CCPA) and the California Privacy Rights Act(CCRA)?
    • b. Where is Baserow Compliance - the document: compliance?
    • c. I use baserow for financial data - would Baserow need to comply with the Gramm-Leach-Bliley Act (GLBA)?
    • d. CCPA guarantees the same rights, duties and obligations as regulamentation: Protected Health Information(PHI)?
    • e. How can these two Baserow measures comply with the other measures, regulations?

2. Things I read, references

Hello James, we’re going to release a FAQ page soon, and the question regarding information security will be described there in detail. I’ll update you here, once it’s live.

1 Like

thank you for feedback ;D

1 Like