Every year on 28 January, the National Cybersecurity Alliance (NCA) creates an informative and engaging social media campaign in an effort to bring awareness to the general public about data security and protection best practices. The international campaign is called Data Privacy Day (DPD), and heavily encourages people to comply with privacy laws and regulations, but also serves to educate people on how to protect and manage their personally identifiable information (PII).
Even in the age of Big Media, millions of people are unaware of the various ways their PII is being used, collected, shared, and even sold. The annual campaign is targeted towards anyone with any sort of online presence. This internationally recognized day was initially established in 2008 in North America as an extension of Data Protection Day in Europe, which has been in effect since 1981. It is the first legally binding international treaty to recognize data privacy concerns.
In 2022, the NCA has expanded Data Privacy Day into a week-long initiative called Data Privacy Week. The week, lasting from 24-28 January, is filled with various steps, goals, and webinars individuals and organizations alike can make and attend as a way of encouraging transparency about how their customer data is being used.
You can find a full list of Data Privacy Week events here on the NCA’s website. Below, we break down the major takeaways both individuals and organizations should take from the week-long event.
Individual Level: Keep It Private
When it comes to keeping our PII and personal health information (PHI) safe, it is crucial that we follow data security and privacy best practices as that information is extremely valuable to hackers and thieves. Certain information such as your IP address, purchase history, and location can offer hackers a wealth of knowledge as to your income, spending habits, card information, and where you live. Remember, identity theft is not a joke!
If it helps to understand the criticality of keeping your information safe, imagine each piece of identifying information (whether it be your IP address or your credit card statements) as having a monetary value. According to the IBM and Ponemon Institute report, the cost of an average data breach in 2020 is approximately $3.86 million. While most of these costs are from business reputation maintenance and regulatory fines, the costs can still add up when it’s your PII on the line. (Read more in our blog here.) You wouldn’t willingly give up money from your personal wallet, so be sure not to do the same with your information.
NSC Recommended Steps to Take:
Understand the privacy/convenience tradeoff
Today, before you can even use most apps, they will ask you for access to personal information ranging from geographic location to contacts and photo albums. By allowing access to these very personal and private forms of information, you may be offering up much more than necessary. For example, why does a mindless gaming app need access to my contacts and location in order for me to play? It is best to make informed decisions on what you should do: weigh whether or not the information they are asking for is really necessary, how the benefits weigh against the tradeoff, and if you really need the app at all.
Manage your privacy
Once you deem an app worthy of your time and phone storage, take an extra moment or two to review the app’s privacy and security settings, and adjust them to your comfort level as necessary. You can use the NCA’s Manage Your Privacy Settings page as a guideline on how you can check your favorite app’s settings.
Protect your data
While data privacy and data security are not interchangeable, they are in fact a packaged deal. Use best practices such as creating long and intricate passwords, utilizing multi-factor authentication when possible, and using a password manager to keep your passwords secure and up to date.
Organization Level: Respect Privacy
According to a recent Pew Research Center study, approximately 79% of adults in the US are concerned about how companies use their personal data. As an organization, the privacy of your consumers’ and customers’ data should be your utmost concern. By respecting their data and being transparent, an organization instills trust which will in turn enhance reputations and company growth.
NSC Recommended Steps to Take:
Conduct an assessment
Regardless of if your company operates locally, nationally, or globally, it is important to understand the privacy laws and regulations of the area in which your business operates and to ensure they are being followed. In addition, evaluate your security measures, access to individuals’ personal information, and screen any outside partners and vendors as well to ensure they are not misusing your consumers’ information.
Adopt a privacy framework
Find a privacy framework that works best for you, your organization, and your consumers to help mitigate potential risk and implement a privacy culture within your organization. The NCA recommends reviewing the following frameworks to start: NIST Privacy Framework, AICPA Privacy Management Framework, and ISO/IEC 27701 – International Standard for Privacy Information Management.
By creating an office culture surrounded by data privacy and data security, you are educating your employees on not only how to keep their personal information safe but how to better serve your consumers and their information. Engage staff by asking them how they view your current privacy culture, implement mandatory training and webinars, and consistently assess your current standards.
In addition to these methods, transparency about how your collect, use, and share consumer information is crucial. Be up front and honest with your clients, users, or consumers about what they can expect their information to be used for and offer them other settings to protect their information by default.
And lastly, when your information-bearing media reaches end-of-life — whether hard drives, portable IT storage, or even paper — securely destroy it to prevent leaks and data breaches down the road.