It may seem contradictory, but, even in the age of Big Media, millions of people are still uneducated on how to keep their information safe and uninformed about how it is being used or shared. This is where Data Privacy Day comes in. Data Privacy Day (DPD) is part of an international effort to heavily encourage people to not only comply with privacy laws and regulations, but to also educate people on how to protect and manage their personally identifiable information (PII).
Every year on 28 January, the National Cyber Security Alliance (NCSA) creates an engaging and informative campaign in order to raise awareness about data security and protection best practices, especially in regard to social networking. The campaign is targeted towards anyone with an online presence of some sort, whether it be business or personal, and offers collaborative opportunities for various industries, such as government, academia, privacy experts, and nonprofit organizations. This internationally recognized day was initially established in 2008 in North America as an extension of Data Protection Day in Europe, which has been in effect since 1981. It is the first legally binding international treaty to recognize data privacy concerns.
In 2020, the world experienced what felt like an onslaught of events that directly disturbed people’s lives – environmental disasters, social justice movements, an economic downfall, a pandemic, and much more. Technology has astronomically advanced over the past year in order to keep up with the world as it changes, but what about data privacy? Have best practices been left behind for the sake of keeping up the pace?
This year’s theme for Data Privacy Day is Own Your Privacy. A 2019 Pew Research Center report stated that 84% of consumers want more control over how their data is being used.
Protect Your Data: At Home
When it comes to keeping our PII safe, it is crucial that we follow data security and privacy best practices as that information is extremely valuable to hackers and thieves. Information such as your IP address, purchase history, and location can offer hackers a wealth of knowledge as to your income, spending habits, card information, and where you live, for starters.
It helps to think of your personal information as being as valuable as the money in your bank account and wallet, simply because it really is. According to the IBM and Ponemon Institute report, the cost of an average data breach in 2020 is approximately $3.86 million. While most of these costs are from business reputation maintenance and regulatory fines, the costs can still add up when it’s your PII on the line. On an individual level, people can experience identity theft, monetary theft, changes in credit score, and much more, all of which can cost money and time to rectify. You wouldn’t willingly give up money from your personal wallet, so be sure not to do the same with your information.
As important as keeping that mentality is, it is just as crucial to keep track of where you find yourself willingly offering up your information; every time you are asked for your information (whether in a webform, email, mailing list, etc.), think about whether you can really trust the inquiry. While nobody thoroughly enjoys reading the terms and conditions’ fine print, if data protection is your goal, as it should be, it is highly recommended that you do so. According to a 2019 Pew Research Center report, 74% of people rarely or never read a company’s policy before accepting it. By reading a company’s policy, people will have a much better understanding on whether the information in question is required or even relevant for the services they are offering.
In addition to reading the fine print, it’s suggested that people routinely delete accounts and apps that they no longer utilize, update their applications, and manage their privacy settings. In just a few moments, you can completely update your privacy and security settings to your comfort levels. The NCSA offers great resources on how to locate your privacy settings for online services and popular devices. This way, you are mindful of your information’s worth, what information you willingly give out, and are aware of a company policy and what information is necessary to give out.
For tips on how to keep your data safe while working from home, refer back to our previous blog, How to Properly Handle Information While Working From Home.
Protect Your Data: At Work
Data privacy and security best practices may vary between businesses and individuals, but they are just as important. As we get further and further into the digital age, hackers and thieves no longer just need to breach a facility’s physical barrier in order to steal information. They can access all of your confidential information remotely through methods of phishing, hacking the cloud, and other more advanced virtual methods. (Don’t forget about dumpster diving for hard drives, USB drives, and paper too!)
From January to June 2019 alone, there were over 3,800 publicly disclosed data breaches that resulted in 4.1 billion compromised records. Yes, four billion records compromised within a short, six-month time window. As discussed above, data breaches can cost upwards of millions of dollars in reputation maintenance and fees. The most expensive type of record is client PII, which can average out to about $146.00 per compromised record. Multiply that amount by the number of compromised records (keeping in mind that one single hard drive can store a LOT of data) and your company now has a burning hole in its pocket.
Businesses can keep their clients’ information safe by instilling secure processes for collecting and maintaining relevant information for legitimate purposes. The motto should always be, “if you collect it, protect it.” One of these processes can be researching and designing a privacy framework your company can use to help manage risk assessment, along with conducting routine assessments of your data collection practices. Keep up to date on privacy laws and records retention schedules so you know when your client and employee information will expire, and what laws and regulations apply to your specific business. Train and educate current and future employees of their and your business’ obligations to protect personal or confidential information.
In addition to these methods, transparency about how your collect, use, and share consumer information is crucial. Be up front and honest with your clients, users, or consumers about what they can expect their information to be used for and offer them other settings to protect their information by default.
And last but not least, when your information-bearing media reaches end-of-life — whether hard drives, portable IT storage, or even paper — destroy it to prevent leaks that could happen for many years down the road.
You can find more information about the costs of data breaches by visiting our previous blog, Cost of a Data Breach vs. Hard Drive Crusher: How You Can Save Millions.