Read Example 1 and give comments. Add more information. Your document should be a minimum of 150 words plus references. Incorporate and cite current (between 2018-now) credible references.

Useful resources:

• Chapter 4 in Business Intelligence, Analytics, and Data Science: A Managerial Perspective (4th ed.)
• Chapter 11 in SAS Essentials
• SAS Institute, Inc. (2016). Data mining from A to Z: How to discover insights and drive better opportunities [White paper]. https://www.sas.com/content/dam/SAS/en_us/doc/whitepaper1/data-mining-from-a-z-104937.pdf

• Singh, N., & Singh, A. (2018). Data privacy protection mechanisms in cloud. Data Science and Engineering, 3(1), 24ù. https://link.springer.com/article/10.1007%2Fs41019-017-0046-0

Example 1:

Information privacy and security are topics which have gained considerable attention as “big-data” has grown and matured. While access to this data has unlocked new insights, business opportunities, etc., it is important to remember that much of this data may contain personal information. Luckily, there are techniques to anonymize the data, as well as laws and regulations in place to protect individuals.

My employer takes several measures to ensure customer data remains secure. The most common technique is controlled-access to any system that contains sensitive information. This policy applies to every database system that contains confidential information. In particular, SAP and the finance/legal databases contain the most restrictive access policies. This is understandable as all of this information should only be given on a “need-to-know” basis. As a quality engineer, I have access to SAP for production/customer information, however, I have virtually no access to the legal documents database. Access is configured on an individual user basis. Furthermore, access is reviewed yearly, and any changes in access are corrected ASAP.

Secondly, perhaps as security measure, my employer hosts these databases on local servers (on an intranet). Physical security is maintained as server rooms are locked with only key IT contact as key owners. A VPN was configured to allow access when not on the company network. A firewall is also in place to help improve overall network security. A third measure is to use disk-encryption for all employee laptops. This helps secure data contained in emails (locally at least) and other data stored on the laptop/hard drive.

Despite this two main practices, I see one particular area for improvement. Most notably, a few databases were hard-coded solutions. These were created before the “https” standard became common. Thus, connections to legacy databases may be inherently insecure. If someone were to monitor worker connections to these databases, information could potentially be leaked (or perhaps it would be easy to hack). One example is the customer complaint database. It contains customer location information and customer employee contact info – info which should definitely remain confidential.