January 28th is a vital reminder to businesses and consumers
Each year on January 28, an international initiative known as Data Privacy Day serves to remind us of the importance of data privacy and the protection of personal information. The goal of Data Privacy Day 2021 is to empower consumers to Own Your Privacy and businesses to Respect Privacy.
Data Privacy Day is scheduled in January so that we may carry these reminders with us throughout the year. Safeguarding data privacy is an essential component of protecting proprietary information from unauthorized access and maintaining compliance with a host of regulatory requirements developed to safeguard data privacy.
It Takes Two to Protect Data Privacy
Protecting the privacy and security of sensitive data is a legal and regulatory responsibility of any business who collects, processes, stores, transmits or otherwise touches a consumer’s data.
Federal and industry regulations such as HIPAA, GLBA, FINRA, Sarbanes-Oxley Act, PCI Data Security Standard, CMMC and numerous others include data privacy requirements to greater or lesser extent. Non-compliance can be costly, especially for violations of the HIPAA Privacy and Security Rules in the healthcare industry.
By the same token, consumers who share their personal data are also obligated to protect that information to the best of their abilities. While individuals don’t always have much control over how their data is handled, there are actions they can take.
That’s why the National Cyber Security Alliance (NCSA) provides data privacy protection guidance for both businesses and consumers.
In 2021, the NCSA is encouraging consumers to learn more about how to protect their valuable data online—and also encouraging businesses to be accountable for keeping consumers’ personal information safe from unauthorized access and “ensuring fair, relevant and legitimate data collection and processing.”
Message to Businesses: Respect Privacy
Almost 80% of adults in the U.S. are concerned about how businesses use their data, according to recent research.
And as these pie charts illustrate, slightly more than 60% believe that it’s impossible to live in today’s world without business and government entities collecting data about them.
As just one example, think about the data that is collected each time an individual browses the web. Anyone who uses the Internet is familiar with the cookies that allow web browsers, like Chrome, Firefox, Safari and others, to create a more convenient browsing experience for consumers.
However, in addition to their benefits, cookies can pose a privacy risk due to the amount of information they collect. Cookies record personally identifiable information that may include individuals’ names, addresses, account login credentials, and more. Clearly, browsing convenience comes at a price.
Businesses who are able to convey a positive message about how they gather and use individuals’ information may gain some marketing and reputational advantages by building customer trust in an environment in which that trust is increasingly rare.
The NCSA recommends five tips to help businesses respect individual privacy and build trust. The professionals at 24By7Security support these recommendations, as well as others aimed at safeguarding information privacy and security.
1: If you collect it, protect it. This includes implementing reasonable security measures to protect data from inappropriate and unauthorized access. Data breaches can be costly and damaging in multiple ways. In addition, collect only the information you really need to perform your service or sell and deliver your product.
2: Adopt a privacy framework. Create a culture of privacy in your organization. Build a robust privacy framework that includes policies, procedures, and processes designed to protect private data. If you are a regulated business, which includes just about every business nowadays, a privacy framework is not just a good idea—it is probably mandated. Familiarize yourself with the foremost privacy framework resources, such as the National Institute of Standards and Technology (NIST).
3: Assess your data collection practices. Make sure that you understand all of the privacy laws and regulations that apply to your industry and business. Develop a plan to implement them and routinely maintain them. In addition, train your employees in the applicable requirements and educate them in your company’s obligations to protect data privacy for its customers, whether other businesses or consumers.
4: Become more transparent. Create a Privacy Policy that clearly explains how you go about collecting data, what kinds of data you collect, why you collect it, how you use it, who you share it with, how you store it, how long you keep it, where you keep it, and how you dispose of it. Transparency builds trust, and actions like these demonstrate accountability and crate credibility.
5: Maintain oversight of partners and vendors. If you engage any other companies in collecting, processing, using, transmitting, storing, or disposing of data on your behalf, they need to meet the same standards that apply to you, and you are responsible to ensure that they do too. Data often exists in an ecosystem, rather than in a vacuum, and every element of the ecosystem is obligated to safeguard that data.
Message to Consumers: Own Your Privacy
In spite of an inexorable loss of control over their own private information, consumers can take certain steps to understand the types of data they create online and how that data is collected, used, and shared. Knowledge is power, and the better-informed an individual is, the better decisions they’ll be able to make as to who can have access to their data and under what circumstances. The NCSA offers three tips for safeguarding your own data, and we concur wholeheartedly with these and other recommendations.
1: Treat your personal information like money in the bank. Your purchase history, IP address, geographic location, mailing address, phone number, and other personal information is as valuable as gold to businesses. When asked to share individual information, think first about how much and what type of information is being requested—and whether the benefits of disclosing it are worth the risk and sacrifice.
2: Keep tabs on your apps. Many software applications ask for access to personal information such as geographic location, contacts list, photo albums, and other data before allowing their services to be used. And many times, it isn’t necessary. Be skeptical of apps that try to obtain data under false pretenses or too casually. Check your devices periodically to delete unused apps. Keep other apps as secure as possible by performing timely updates.
3: Manage privacy settings. Don’t automatically accept default or factory privacy settings. Check the privacy and security settings on your web services and applications and set them to levels you are most comfortable with. Each device, browser, and application may have different features designed to limit how and with whom you share information.
Does this process take some time? Of course. But isn’t being proactive about your privacy worth it? For your convenience, the NCSA offers instructions for a number of browsers and applications on their website at StaySafeOnline.org.
Become a Data Privacy Day Champion
In the 13 years Data Privacy Day has been in existence, the number of companies and consumers who have become privacy champions has grown exponentially. The Data Privacy Day Champion program is a way to show support for this important modern-day cause, as hundreds of companies, schools and school districts, higher education institutions, nonprofits, government organizations, and individuals have already done. 24By7Security is proud to be a recurring annual Champion of Data Privacy Day!
Applying to become a Champion is easy using the simple online form on the NCSA website at StaySafeOnline.org, and no financial contribution is required.
While you’re there, sign up to receive the NCSA newsletter and attend a Data Privacy Day webinar at 1PM EST on Thursday, January 28, 2021.
The National Cyber Security Alliance also promotes Cybersecurity Awareness Month every October. Watch for more information right here on the 24By7Security blog!
Summary
Personal information about consumers and commercial customers is collected freely on the Internet every hour of every day. That data is stored in private databases and in shared ecosystems and is vulnerable to being lost, stolen, and otherwise compromised at every turn. Diligent work by businesses as well as consumers is required to protect the privacy of that data. The promotion of Data Privacy Day each year on January 28th helps us all to remember our individual and collective obligations to protect data and stay safe online.
