Data Privacy is a Priority in a Digital-First World

Last year the National Cybersecurity Alliance (NCA) expanded Data Privacy Day, celebrated each Jan. 28, into Data Privacy Week because protecting sensitive data in an increasingly digital-first world is becoming a top priority.

“An unfathomable excess of online data is generated every day as the global economy churns; individuals take to social media; and modern life strives to keep pace with advancing technology,” says the NCA. “Securing that data is rapidly becoming a necessity as companies recognize it is an asset and realize the potential value in collecting, using, and sharing it.”

Data Privacy Day Began in 2008

Data Privacy Day in the United States and Canada was first celebrated in 2008, following on the heels of Europe’s Data Protection Day, which was started in 2006.

Jan. 28 was chosen as Data Privacy Day and Data Protection Day each year to commemorate the Jan. 28, 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.

The increasing importance of data privacy is evident in the expansion of Data Privacy Week.

“The goal of Data Privacy Week is to spread awareness about online privacy. We think data privacy should be a priority both for individuals and organizations. Our goal is twofold: we want to help citizens understand that they have the power to manage their data and we want to help organizations understand why it is important that they respect their users’ data,” says the NCA.

What is Data Privacy?

Data privacy, also known as information privacy, is the branch of data security involving properly handling the collection, storage, and dissemination of information — including to third parties.

“In recent years, many companies have learned the importance of data privacy through breaches and privacy failures. To avoid such calamities, having protective measures and strategies in place is crucial. From the smallest of businesses to major corporations, everyone is at risk,” says the NCA. “As the data economy continues to evolve, companies find the roles of data protection officers and similar professionals becoming a demand. This demand intensifies with new regulations and standards on information security.”

In the U.S., there is legislation in place regarding data privacy and protection in many industries, including:

• The Health Insurance Portability and Accountability Act (HIPAA). It was designed to protect patient information in health care and health insurance.
• In finance there is the Gramm-Leach-Bliley Act (GLBA). This was passed to help protect nonpublic personal information — such as income, credit scores, and more.

“While there are several regulations at state and federal levels, consumer privacy is regularly compromised by companies and governments. We are poised to see a significant increase in regulation in the future. As data protection regulation grows worldwide, the demand for global privacy and requirements also increases,” says NCA.

What Organizations Can Do to Protect Data Privacy

Organizations can take three central steps to protecting data privacy:

• Conduct an assessment.
• Adopt a privacy framework.
• Educated employees.

Here is a closer look at each area:

Conduct an Assessment

• Assess your data collection process.
• Generate and follow security measures to keep individuals’ personal information safe from unauthorized access.
• Make sure the data you collect is processed in a fair manner and only collected for relevant and legitimate purposes.
• Maintain oversight of partners and vendors.

Adopt a Privacy Framework

• Adopting a privacy framework can help you manage risk and create a culture of privacy in your organization by building privacy into your business.
• Start by checking out the following framework:

o   NIST Privacy Framework

o   AICPA Privacy Management Framework

o   ISO/IEC 27701 – International Standard for Privacy Information Management

Educate Employees

• Create a privacy policy for your company and ensure your employees know it.
• Teach new employees about their role in your privacy culture during the onboarding process.
• Engage staff by asking them to consider how privacy and data security applies to the work they do on a daily basis.
• Remind employees to update their privacy and security settings on work and personal accounts.

“Integrating data privacy training into your onboarding process and general training programs is a first step. Implement free security tools available on the market such as VPNs, encrypted storage solutions, and password managers. You can reduce vulnerability with these tools that are relatively easy to install and operate,” says the NCA. “Next, be sure to monitor your network for suspicious activity and potential attacks. These breaches can happen to organizations of all sizes.”

What Consumers Can Do to Protect Data Privacy

Consumers can protect their data privacy by taking these steps:

• Know the tradeoff between privacy and convenience.
• Adjust privacy settings to your comfort level.
• Protect your data.

Here is a closer look at all three:

Know the Tradeoff Between Privacy and Convenience

• Make informed decisions about sharing your data with certain businesses.
• Consider the amount of information they are asking for. Weigh it against the benefits you may receive in return.
• Be wary of apps or services that require access to information that is not relevant to their services.
• Delete unused apps.

Adjust Privacy Settings to Your Comfort Level

• Check the privacy and security settings on web services and apps.
• Set them to your comfort level for information sharing.
• Get started with NCA’s Manage Your Privacy Settings page to check the settings of social media accounts, retail stores, apps and more.

Protect Your Data

• Create long, unique passwords and store them in a password manager.
• Enable multi-factor authentication.
• Recognize and report phishing.
• Update software.

“On a consumer level, there are some steps to take to improve your privacy despite not having much control over how organizations store and secure your data. A good first protective measure to take is in line with businesses. Password managers and VPNs are available on an individual level to encrypt your Internet connection and keep sensitive information safe,” says the NCA. “Also, be sure to back data often to secure it in the event of a compromise. Lastly, ignoring click-bait content and strange requests via email or social media is a simple way to protect your network and data.”

The recommendation(s), advice and contents of this material are provided for informational purposes only and do not purport to address every possible legal obligation, hazard, code violation, loss potential or exception to good practice. Dean & Draper Insurance Agency specifically disclaims any warranty or representation that acceptance of any recommendations or advice contained herein will make any premises, property or operation safe or in compliance with any law or regulation. Under no circumstances should this material or your acceptance of any recommendations or advice contained herein be construed as establishing the existence or availability of any insurance coverage with Dean & Draper Insurance Agency. By providing this information to you, Dean & Draper Insurance Agency does not assume (and specifically disclaims) any duty, undertaking or responsibility to you.  The decision to accept or implement any recommendation(s) or advice contained in this material must be made by you.