Data Protection and Physical Security
Data Protection and Physical security

Physical security is the safeguarding of people, equipment, networks, and data against physical acts and occurrences that could seriously harm a business, government organisation, or institution.

The physical security framework is made up of three main components: access control, surveillance and testing. The degree to which each of these elements is implemented, enhanced, and maintained can frequently be used to measure the effectiveness of a physical security programme for an organisation.

Access Control

Limiting and managing who has access to places, facilities, and resources is the key to maximising one’s physical security measures. Measures used to restrict access to certain assets to authorised persons only are included in access control. These corporate walls frequently come in the form of ID badges, keypads, and security personnel. However, these barriers might differ substantially in terms of approach, technique, and price.

Access controls that are more advanced use a technology-supported strategy. Security teams can employ ID card scanners and near-field communication (NFC) ID cards as physical authentication techniques to confirm people’s identities as they enter and leave different locations.

Before investing in such hardening measures, organisations should weigh the benefits and costs of their adoption.


This is one of the most crucial physical security elements for both incident recovery and prevention. The technology, manpower, and resources that corporations utilise to keep an eye on various real-world places and facilities’ operations are referred to in this context as surveillance. Patrol guards, heat sensors, and notification systems are a few examples.

Closed circuit television (CCTV) cameras, which capture activities over several regions, are the most popular sort of surveillance. The advantage of these surveillance cameras is that they are useful for both preventing and catching criminal activity.


Physical security is an incident reaction and prevention measure. Plans for disaster recovery (DR), for instance, focus on the effectiveness of physical security systems and how well a business can recognise, address, and limit threats. Implementing active testing is the only method to guarantee that such DR policies and procedures will be efficient when the time comes.

These policy tests ought to be carried out on a regular basis to ensure that roles and duties are understood and limit the possibility of errors.


IoT-related dependency among enterprises increases the requirement for both digital and physical security. IoT necessitates a high level of physical security to protect data, servers, and networks. Physical security now encompasses a wider range thanks to the IoT’s growing interconnection. Applications and virtual machines (VMs) running in the cloud, for instance, are only as secure as their underlying physical servers.

In order to prevent significant data losses, these data centres need to be adequately secured employing physical security measures, regardless of whether enterprises invest in first-party or third-party cloud computing services.

Major Privacy Updates of the Week

Meta Platforms Inc. agrees to a $725 million settlement over Cambridge Analytica Scandal.

The settlement amount of $725 million is the largest private civil penalty fine Meta has paid in its history, as well as it being the largest settlement amount ever in a data privacy class action case.

Meta did not admit to any wrongdoing, yet it has issued a statement that says that the decision was reached “in the best interest of our community and shareholders”. Furthermore, the company has implied that Facebook has “revamped” its privacy practices and “implemented a comprehensive privacy program.”

Read more


Toyota Motors India reports data breach, Customers’ personal information exposed.

Toyota Motor Corporation warns that a data breach may have leaked the personal information of some customers. The data breach at Toyota Kirloskar Motor which is a joint venture with the Indian giant Kirloskar Group has been reported to the relevant Indian authorities, according to Toyota India.

The source code for the T-Connect website (which gives car owners access to the infotainment system of their vehicle) was posted to GitHub and could have led to the compromise of more than 296,000 customer records.

Read more

Ireland flag

Irish Data Protection Commission fines Meta 390 million euros over Privacy violation.

The Irish DPC has completed two investigations into Meta Platforms Ireland Limited’s data processing operations. Meta Ireland was fined €210 million by the DPC for GDPR violations connected to its Facebook services and fined €180 million for violations related to its Instagram service.

It was found that Meta had violated its transparency obligations by not clearly shaping its legal basis for the processing of personal data of users and also found that Meta’s terms of service which required the users to accept personalised ads violated EU rules. The DPC directed Meta to reassess the legal basis on how they run advertising based on personal data in the European Union and to ensure compliance with the EU rules within 3 months.

Read more

Singapore Flag

Singapore-based crypto firm loses over 10 million USD in a hacking incident.

Thousands of users reported they had funds stolen from their BitKeep wallets after a hacker manipulated files that enabled users to download the wallet on their phones.

The cryptocurrencies which were stolen consisted of Binance’s BNB Coin, stablecoins Tether and Dai, and Ether. A BitKeep spokesperson has stated that a police report has been lodged and a task force set up by the police in collaboration with cybersecurity experts.

To safeguard consumers from potential losses, the organization has taken steps such as identifying the addresses used in the attack and freezing part of the stolen money.

Read more

France flag

France’s Data Protection Authority (CNIL) issues 60 million euro fine to Microsoft for cookie violations.

Investigations were conducted by CNIL over the non-consensual cookie placement and tracking through Microsoft’s Bing search engine.

It was found that cookies were deposited on the user’s terminal without their consent, and such cookies were used for advertising and other purposes.

Furthermore, there was no option to deny cookies. A periodic penalty was also placed on the company requiring the company to collect the consent of individuals residing in France, and on non-compliance of this, a fine of 60,000 euros per day would be levied beyond 3 months. 

Read more

Curated by: Prajwala D Dinesh, Ritwik Tiwari, Ayush Sahay


Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!

*By clicking on subscribe, I agree to receive communications from Tsaaro