On this day in 2007, the Council of Europe first initiated the European Data Protection Day. A day to raise awareness about the best practices in cybersecurity, data protection, and data privacy. In the ensuing years, the U.S. Senate passed Resolution 25 to recognize the day as National Data Privacy Day. Ever since then, several nations across the world have observed January 28 as Data Privacy Day.
With the emergence of several social networking platforms, there was a renewed interest in the sphere, and most countries observed this day toward a better focus on protecting information online. The focus on privacy was further expanded toward families, consumers, and, most importantly, businesses. Down the line, the Data Privacy Day marked a beginning for better cybersecurity awareness across the world — for devising privacy policies and compliance norms.
The theme for this year’s Data Privacy Day is “Own Your Privacy,” a departure from the earlier ill-thought analogy of “I don’t care about privacy. I have nothing to hide.” Reports and surveys indicate that several people feel there is an increasing lack of control over their data. To shed light on the topic and to build better cybersecurity awareness, CISO MAG has gathered opinions from infosec leaders across the world. Take a look:
1Data is the lifeblood
“Data is the lifeblood of most modern companies, and the long-term negative impact on those who suffer breaches demonstrates just how serious the issue of data loss has become today. And for those of us who are now working from home, the threat level posed by the blurred lines of using personal devices to respond to work emails, or using our work laptops to buy something online, has increased exponentially.
With such a high volume of data flowing in and out of businesses every day, effective data protection strategies must embrace the following: visibility to all data, all the time; analytics to understand and manage risk; controls to enforce data protection policies; and a consolidated view into all threats targeting sensitive data.
Taking a comprehensive approach while implementing cybersecurity controls is imperative for protection, especially when it comes to sensitive and valuable customer or financial information. Fundamentally, what we’re talking about here is no-compromise data protection for your no-compromise organization.”
2Securing Access to a Broader Data Landscape Is Not Without Its Pitfalls
“Public health breakthroughs rarely happen in a silo. Researchers crave access to any and every piece of relevant data available, especially in the midst of a pandemic. Access to real-time data from disparate, global sources can help public health officials advance critical decisions when every moment counts. However, securing access to this broader data landscape is not without its pitfalls. The sensitivities associated with these assets dictate that additional access cannot come at the expense of privacy and security.
While discussions on data sharing have been taking place in the health care industry for years, COVID-19 has notably advanced the conversation, especially as it pertains to sharing sensitive information on a global scale. The pandemic has made it clear that we need to be able to share public health data quickly and efficiently without tearing down the existing regulatory frameworks put in place to protect the privacy of the individual.
This search for balance is increasingly leading towards the use of privacy-enhancing technologies (PETs), which are gaining recognition for their transformational ability to enable and preserve data privacy throughout its processing life cycle. By giving public health officials involved in the fight against COVID-19 access to data collected and generated by health care workers and researchers around the globe, PETs can enable collaborative health care efforts with the potential to benefit us all.”
3Other Countries Are on Their Way Too
“In our new digital economy, people around the world are becoming acutely aware of how their information is being collected, stored, and used. The GDPR ushered in a new paradigm that elevated awareness about the importance of privacy and the exploitation of data. Some of the largest countries around the world have responded by enacting or augmenting their privacy protections to closely mirror the GDPR. We see this in Brazil and recently in California through the recent passage of California Privacy Rights Act (CPRA). Other countries are on their way too. Steps are being taken in India, China, and Canada, to potentially modernize and augment their data privacy rights and protections.
With stricter data privacy enforcement and consumers empowered to act on their rights, companies must be prepared to deploy technology and aggressively operationalize their data privacy programs to meet the most stringent standards. Beyond potential fines, any organization that fails to comply with data privacy laws risks breaking trust with their customers. By investing in comprehensive privacy management capabilities underpinned by information governance and automation, organizations can achieve data protection by design and default – satisfying regulatory requirements, avoiding non-compliance penalties and more importantly, maintaining customer trust.”
4Data Privacy Has Become an Urgent Priority
“We live in a world where people rely heavily on mobile apps and the internet for many of their daily tasks. This trend has accelerated since last year, owing the pandemic, with people preferring to work from the safety of their homes. Increased usage and dependency on mobile devices create more opportunities for cybercriminals to steal user data. Data privacy has therefore become an urgent priority today.
Personally Identifiable Information (PII) such as medical records, bank details, passwords, phone numbers, and email IDs are most commonly targeted by cybercriminals. While organizations and the government are investing increasing amounts of money to safeguard the personal data of customers and consumers, it is also important for us to take proactive steps at an individual level to secure our data and our devices. Some of the simplest ways to do this are to use strong passwords; avoid using public Wi-Fi; watch out for phishing emails; regularly back up important data, and keep all apps and operating systems on our devices up-to-date. With the evolving cybersecurity landscape, it has become imperative for us as individuals to invest in a robust multi-device security to ensure digital safety for us.”
5Data Is the New Oil
“The analogy of ‘data is the new oil’ has quickly become the defining metaphor in this digital age. Although data is deeply integrated into the functioning of online collaboration tools and modern cloud architectures, the risk of theft and exfiltration looms higher than ever as most employees work remotely on unsecured home networks. With cybercriminals getting creative to steal users’ personal information, data privacy and security have become elemental in this new reality.
With no overarching framework or a unified approach to data privacy, it all boils down to ensuring the right levels of protection, access control, and encryption for the right data. As industries rally under the seismic shift to digitalization, businesses need to go above and beyond to cultivate digital trust and adopt a robust cybersecurity posture to help consumers exercise their rights to data privacy. Adopting a threat-aware network built on a combination of ethical, compliant and privacy-preserving principles, and driven by AI assisted automation will be key to scale for the future.”
6Review and Refresh Your Privacy and Data Protection Practices
On this Data Privacy Day, don’t just try to ‘get well’ on your protection policy, but plan how to ‘stay healthy.’ Over the next year, data will fuel your business growth, and protecting data privacy will help you build a company that your customers trust. To keep pace with the business, you must integrate data privacy and protection into your organization’s data management strategy because it takes only one wrong step to lose the customers’ trust. Data Privacy Day only comes once a year, but data protection matters every day. With an integrated approach to data protection and privacy, next year’s Data Privacy Day will be a reminder to celebrate your successes!”
7Data Privacy Day Serves as an Important Reminder
“In the wake of COVID-19, remote work, cybersecurity concerns, and the high-profile SolarWinds hack, we’ve seen security elevate in importance, and the protection of sensitive data has become more of a shared responsibility across the company. Organizations are realizing that IT and security teams aren’t the only ones with something to lose in the event of a breach; the whole business is at stake. The board doesn’t want to risk a security breach or be found negligent based on a lack of investment in security.
With more and more companies experiencing breaches and people’s personal information being shared with so many businesses, Data Privacy Day serves as an important reminder for organization leaders to acknowledge their shared responsibility for cybersecurity and effective data protection across the entire business. For companies that aren’t currently operating in this way, it is time for them to take a step back and make a plan to prioritize it in 2021.
8Online Privacy is in its Lowest Point Ever
“It isn’t a secret that online privacy in 2020 is in its lowest point ever; we carry around tracking devices, self-report our activities and have given blanket permissions to both governments and corporations to access what we shop for, what we search for and who we communicate with.
This isn’t a technology problem – the Internet allows distributed, anonymous communication and there are various layers of anonymous communication protocols we can use (which is why terrorists can use those same applications without worry), but blaming the average user for choosing convenience over privacy is the wrong way to go about it. The actual blame lies with us, IT security professionals. We got distracted, got addicted to the simplicity of some of these services and often focused on security when we should have also insisted on privacy. Fortunately, the last few months were a multi-stage wakeup call; we now need to use this momentum to change the standards: it falls on us, security professionals, to give normal users the tools protect their privacy; we’ve done a reasonably good job with getting the average user more secure over time (though there’s still a long way to go), we now need to do the same with privacy. With some luck, 20 years from now online privacy will increase the way that online security has increased dramatically from 2000 to 2020. It’s on us, security professionals, to get it right. “