In this lesson we discuss the impact of data security Which in turn suggests the Principle of Adequate Protection. We have seen impact of data breaches in recent years. The largest in terms of the people affected is the laws of 21.5 million Social Security Number, and 5.6 million fingerprints by Office of Personnel Management, OPM. Due to the data we're not encrypted and protected. The lost data include those belong to the top officer in the government and intelligent communities. National security is at stake here, the interview records can be used for black mails or in social engineering for gaining access. The laws of mail in DNC server has impact on the 2016 election. If the data, GPS data or healthcare data were modified they could cause human life. Many companies which lost personally identifiably information PII, of their employees or customers not only ruin their reputations but also need to spend millions to set up identity protection program. With these big impacts by terra bridges, there is a principle of adequate protection proposed. It says, computer items must be protected only until they lose their value. They must protect it to a degree consistent with their value. I agree with the first statement, but questions that we didn't the second statement. Because it's rather difficult to implement. For example, 24-hour encryption scheme is difficult to guarantee. Some security base practice apply this principle. For example, before the old can be disposed, the data in there must be erased completely. This including old disk and old printer memory. PII data never lost their value, they need to be properly encrypted in storage in salespersons laptops or during transmissions. They need to be protected in greater degree. From the time they are created to the time when the data are destroyed. The principles of this private and adequate protection can also be applied to systems governed Governed by HIPPA privacy regulations. For example the doctor office system need to restrict access and protect patient records. They cannot reveal them without patient's consent. They also need to keep track of access logs for the period of time required by the regulation. Ensuring only persons with proper role access the data. The principles can also be applied to a system governed by FERPA, the Family Education Rights and Privacy Act. The student information system need to restrict access to student records even by parents or other teachers and staff. Recently new security research area appears where we restrict access of data from specific geo-locations. You're in a specific time of the day or when a certain context attributes hold. In summary, we have presented a security principle for adequate protection in this lesson. And the critical principle of this privacy in the last lesson, we show how they are applied to protect the data and systems