Foundations · Module 8

Privacy and everyday data protection

Privacy is not only a legal idea.

45 min 3 outcomes Cybersecurity Foundations

Previously

Human factors and phishing

If we design the system so the safe action is slow and awkward, people will route around it.

This module

Privacy and everyday data protection

Privacy is not only a legal idea.

Next

Foundations capstone

This capstone turns learning into action.

Progress

Mark this module complete when you can explain it without rereading every paragraph.

Why this matters

It is a safety idea.

What you will be able to do

  • 1 Explain data minimisation and why collecting less reduces harm
  • 2 Explain why retention increases risk over time
  • 3 Name one habit that reduces privacy risk without becoming a burden

Before you begin

  • No previous technical background required
  • Read the section explanation before using tools

Common ways people get this wrong

  • Overcollection. Teams collect ‘just in case’ and create future harm. Minimise by default.
  • Deletion that is only UI. Deleting from the interface is not deletion. Know where the copies live.

Privacy is not only a legal idea. It is a safety idea. If we collect and keep less data, there is less to leak, less to misuse, and less to clean up later.

Privacy is a security property. It is about reducing harm from unnecessary collection, unnecessary sharing, and unnecessary retention. If you collect less data, there is less data to leak. If you keep data for less time, there is less to steal later.

Mental model

Personal data journey

Privacy is about what data leaves, where it rests, and who can see it.

  1. 1

    Collect

  2. 2

    Store

  3. 3

    Use

  4. 4

    Share

  5. 5

    Delete

Assumptions to keep in mind

  • Purpose is stated. If you cannot say why you need the data, you should not collect it.
  • Retention is deliberate. Keeping data forever is not neutral. It increases risk and cost.

Failure modes to notice

  • Overcollection. Teams collect ‘just in case’ and create future harm. Minimise by default.
  • Deletion that is only UI. Deleting from the interface is not deletion. Know where the copies live.

Check yourself

Quick check. Privacy

0 of 4 opened

What does data minimisation mean

Collect only what you need, for a clear purpose, and no more.

Why does retention increase risk

Because data you keep can be stolen later. Keeping less reduces future harm.

What is one privacy-safe habit

Review and remove unused accounts and reduce app permissions.

Why can logging create privacy risk

Logs can contain personal or sensitive data if you record too much.

Artefact and reflection

Artefact

A short note on one privacy habit you will keep for the next month

Reflection

Where in your work would explain data minimisation and why collecting less reduces harm change a decision, and what evidence would make you trust that change?

Optional practice

Map a simple data flow. Then ask who could be harmed, how, and which control reduces that harm.

Also in this module

Account hygiene audit

Work through a safe checklist: recovery methods, old accounts, app permissions, and simple hardening steps.

Sources

Source NIST Cybersecurity Framework (CSF) 2.0 (2024)
Source OWASP Top 10 (2025)
Source OWASP ASVS 5.0.0
Source ISO/IEC 27001:2022 Information security management systems
Back to Cybersecurity