Data Privacy Day (known in Europe as Data Protection Day) is an international event that occurs every year on 28 January. The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices.
Just how private is our data?
For Data Privacy Day 2022, The National Cybersecurity Alliance is encouraging individuals to “own their privacy” and companies to build trust with their employees and business partners.
Would you tell your full name, date of birth, email address, home address, parent’s/children’s names, where you went to school, what games you play, what your hobbies are to a stranger walking down the street? Of course not. So why publish it all online for strangers to see?
We all like to think our data is private and under our control, but most of the time — if you aren’t careful about what you post online — it’s not.
As of 2017, data overtook oil as the most valuable resource, and on average, data usage on phones has so far increased by around 20% each year. This shows the true value of big data and how much your data is worth to companies.
Your data can make other people money. Just like oil, data can be refined into an essential commodity. Big data can predict and calculate outcomes that can change your world — from economic shifts to political views — and it can be processed to produce intelligence that we might not want to be made public.
What is the impact for a company that has had a data breach in the EU?
Regulators and governments are acting hard and fast on companies that don’t follow GDPR regulations.
In its July 2021 company earnings report, Amazon revealed it received a massive $877 million fine due to a cookie consent policy which saw the business using internet cookies to track you without your authorisation.
WhatsApp were fined $255 million by Ireland’s government after claiming that the messaging service had failed to properly explain its data processing practices to its users.
In the UK, a maximum fine of £17.5 million or 4% of annual global turnover can be issued for breaches like these, whichever is greater.
5 Data privacy tips for individuals
Let’s review some recommendations for individuals on how to keep your data safe.
Tip 1. Be careful what you post online. Think about that stranger on the street. Would you tell them this information? If not, why post it online where they could see it?
Look into your online profile from a stranger’s point of view. Check your old accounts, current accounts and social media profiles to see what other people can find out about you.
Data gathering is not always a bad thing: sometimes you want your favourite online shop to remember you and make recommendations based on your needs and preferences. But you need to know the difference.
Tip 2. Be selective about what you share with services. Do you really need to give Google access to your location? Do you need your microphone and camera turned on for Facebook if you never have Facebook calls? Be wary of apps that ask for access to information that’s not relevant for the services they’re offering. Question whether the apps you use should know your location or have access to your microphone and camera.
Tip 3. Certain online tools can help you stay secure and keep your data yours. Use browsers with an ‘incognito mode’ to stop cookies being tracked, or install VPNs or proxies. If your cookies are being tracked, ensure you clear them with your cache at the end of each browsing session.
Tip 4. Stand up for your rights. If you think a company has tried to access information you’ve kept hidden or interacted with your data in any illegal way, you can report them through your country’s data regulation body. See something, say something!
Tip 5. Test your skills. Try to conduct Open Source Intelligence (OSINT) on yourself. Do a deep search for yourself online and imagine you were going for a job interview. Is there anything you can find that you wouldn’t want your potential employer seeing?
Your data is part of a dynamic landscape, so keeping up to date with how to protect it is as important as patching your operating system:
5 Data privacy tips for businesses
As a business, privacy can be an important tool in establishing trust with customers, clients and employees. Here are 5 tips for how businesses can protect their data:
Tip 1. Educate employees about privacy and data protection. Your business could have the best GDPR team in the world, but it only takes one mistake from an employee to cause a potential breach.
- Start by teaching all employees what privacy means to your organisation and the role they have in making sure privacy is achieved and maintained, and data is protected.
- Ensure they understand the potential impacts of data protection and privacy breaches.
- Organise privacy and security training that builds up their knowledge.
- Ensure governance and risk are a big part of the future for the business.
Tip 2. Provide support for your employees. Create an environment where your people know they can speak to you about any issues. If an employee has made a mistake that could lead to a breach, wouldn’t you rather they tell you about it instantly?
Businesses have a responsibility to strengthen individuals’ privacy too. Help develop your employees’ skills by conducting training and awareness days, and encourage them to take part in professional development. A smarter workforce is a safer workforce.
Tip 3. Hire Subject Matter Experts (SMEs). Bring in the professionals. They have experience and knowledge in this particular field and can save you a lot of pain by preventing breaches.
Tip 4. Encourage a positive atmosphere. This is both internal and external. A workforce that has higher morale will almost certainly work more efficiently and behave more positively. This will help ensure best practices are adhered to and also help prevent insider threats.
Tip 5. Align yourself with a privacy framework. Adopting data protection and privacy regulations can help you become compliant and handle any privacy issues that might come your way. Plus, risk management is always easier to assess in collaboration with other business partners.
- NIST Privacy Framework
- AICPA Privacy Management Framework
- ISO/IEC 27701 – International Standard for Privacy Information Management
Here are your three key points to remember about how to protect your online presence.
- Security: Keep your applications and devices updated and only allow apps access to your location, camera and microphone if they absolutely need it. Always remove access when it’s no longer required.
- Privacy: This is the right to keep your most intimate thoughts secret and the power to limit what control others have over your life. Don’t expose private information about somebody else (customers or employees) as this could lead to a breach and result in huge fines for the business.
- Anonymity: Remove data from the services you use unless it’s a trusted and validated platform.