Data Privacy Day: 7 Tips to Protect Your PII and Sensitive Data

By Daniella Balaban
image January 23, 2024 image 6 MIN READ

How safe is your data from a data breach? After 2021, it might not be so safe after all. Between January and December 2021, almost 6 billion accounts were the target of a data breach. 6 billion. Just over half of the accounts—around 3.2 billion—came from the Compilation of Many Breaches (COMB) data leak, affecting the data of about 70 percent of Internet users worldwide. These astounding results are proof the world needs greater data protection practices to safeguard data confidentiality, integrity, and privacy from unauthorized access. 

To help increase awareness about the importance of data privacy, the US Congress and the Council of Europe launched Data Privacy Day, occurring each year on January 28. On this day, the world unites to increase its understanding of the importance of data privacy and data privacy practices. Learn about the history of this day, why it matters, and what you can do to increase data privacy awareness across your organization.

The history of Data Privacy Day

Why Data Privacy Day is important The roots of Data Privacy Day go back to January 28, 1981, when the Council of Europe signed the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data. This treaty—known as Convention 108—was created to protect individuals’ privacy as automated data processing increased around the world. It was the first legally binding international treaty that dealt with data protection and privacy.

Several years later, in 2007, the Council of Europe held its first European Data Protection Day, followed by the US House of Representatives voting to declare January 28 as National Data Privacy Day. Today, individuals and organizations from the US, Canada, Israel, and 47 European countries participate in Data Privacy Day. 

Each year, public and private partnerships globally sponsor activities and events to actively increase individual data privacy and protection awareness based on a theme. This year, the National Cybersecurity Alliance (NCSA) is promoting the theme “Stop, Think, and Connect”—a global online safety, security, and privacy campaign.

Why Data Privacy Day is important

With enterprises collecting vast amounts of data—and the rate of data breaches increasing every day—individuals and organizations must take control to protect their data’s privacy. The need for control is apparent, as found in a recent survey of 1,000 consumers, in which over 90 percent expressed concern about safeguarding their data. It’s also evident in the billions of accounts compromised in 2021, as mentioned previously. It’s not surprising considering the rate of cyber attacks has increased 600 percent since the pandemic started.

Data Privacy Day is important to remind us to follow safe data practices to protect personal identifiable information (PII) and sensitive data. 

For consumers, it means:

For businesses and organizations, it means:

While no individual or organization can complete all these tasks in one day, Data Privacy Day brings awareness about the importance of these areas and making them part of everyday life. 

7 tips to protect your PII and sensitive data

Data Privacy Day is a good time to review existing policies and protections around your PII and sensitive data. Follow these tips to maintain the confidentiality and integrity of your data. Keep this list handy. When Data Privacy Day comes around each January 28, use it as a checklist to review these key parts of your data privacy strategy. 

1. Classify your data

Know what data you need to protect and create a data classification policy. Common classification levels include:

You might have other classifications depending on your data. However, you decide to classify your data, follow your strategy continually to ensure proper handling

2. Establish a data transparency strategy

Data transparency drives trust and loyalty with your customers. It gives them control over their data privacy, especially online. Take steps to:

3. Encrypt your data from end to end

Data encryption is an essential component of maintaining your data’s privacy, security, and integrity, especially when storing it in the cloud. The two main types of encryption are:

Create a strategy to encrypt your data to protect it before sending it over untrusted networks. Also, establish a cryptographic key to decrypt the data. 

4. Comply with industry regulations

7 tips to protect your PII and sensitive data Industry regulators have a full range of protections in place that organizations must follow from cybersecurity to data privacy and protection. Whether GPDR, HIPAA, SOC2, or another standard, each has its own set of rules that govern how organizations manage personal data, such as how much data to collect and when to dispose of it. An organization that fails to comply with these standards risk facing hefty financial fines. 

As you work toward compliance, schedule a pre-audit with a third party to help rule out any major issues before the official compliance audit. 

5. Secure your supply chain

Supply chain attacks are becoming more frequent. Two recent high-profile data breaches that come to mind include:

The rate of supply chain attacks is expected to increase in 2022, as low barriers to entry remain the biggest target. To prevent from such attacks getting at your data, establish a supply chain risk management team to vet each vendor you do business with and assess how they collect and use your data. This team can also look for vulnerabilities in the supply chain and set security protocols for working with third parties.

6. Manage software vulnerabilities

Software vulnerabilities result from poor design or code defects. Hackers use tools to scan for vulnerabilities to gain entrance into an organization. To prevent them from getting into your network and at your data, implement the following practices:

Remain vigilant over your development and IT practices to ensure your teams keep your data and information secure. 

7. Train employees on data privacy practices 

Human error is one of the biggest factors that contribute to cybersecurity breaches. According to a recent report, the average cost of human errors that result in data breaches is $3.3 million. Yet only 38 percent of global organizations prepare themselves to manage a sophisticated cyber attack. 

Position your employees as your first line of defense against cyber attacks. Provide data privacy awareness training as part of your cyber security awareness training program. Focus on the following topics and include any others that are specific to your organization’s data and cybersecurity needs: 

Choose a solution that leverages data analytics and delivers timely, engaging, and relevant content in small bites right in the workflow. This approach makes it easier for employees to learn, understand, and apply the lessons when confronted with a potential threat. It also gives them the confidence to know how to recognize and react to a threat. 

Observe Data Privacy Day every year

This January 28 and every January 28, take time to observe Data Privacy Day in your organization. Remind your employees to follow safe data handling practices. And follow our tips to protect your organization’s PII and sensitive data. 

Although training your employees on data privacy practices is the last item on the list, it may just be the most important one. Provide cybersecurity awareness training that includes data privacy training. It’s just the glue you need to hold your data privacy protection strategy together.