How safe is your data from a data breach? After 2021, it might not be so safe after all. Between January and December 2021, almost 6 billion accounts were the target of a data breach. 6 billion. Just over half of the accounts—around 3.2 billion—came from the Compilation of Many Breaches (COMB) data leak, affecting the data of about 70 percent of Internet users worldwide. These astounding results are proof the world needs greater data protection practices to safeguard data confidentiality, integrity, and privacy from unauthorized access.
To help increase awareness about the importance of data privacy, the US Congress and the Council of Europe launched Data Privacy Day, occurring each year on January 28. On this day, the world unites to increase its understanding of the importance of data privacy and data privacy practices. Learn about the history of this day, why it matters, and what you can do to increase data privacy awareness across your organization.
The history of Data Privacy Day
The roots of Data Privacy Day go back to January 28, 1981, when the Council of Europe signed the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data. This treaty—known as Convention 108—was created to protect individuals’ privacy as automated data processing increased around the world. It was the first legally binding international treaty that dealt with data protection and privacy.
Several years later, in 2007, the Council of Europe held its first European Data Protection Day, followed by the US House of Representatives voting to declare January 28 as National Data Privacy Day. Today, individuals and organizations from the US, Canada, Israel, and 47 European countries participate in Data Privacy Day.
Each year, public and private partnerships globally sponsor activities and events to actively increase individual data privacy and protection awareness based on a theme. This year, the National Cybersecurity Alliance (NCSA) is promoting the theme “Stop, Think, and Connect”—a global online safety, security, and privacy campaign.
Why Data Privacy Day is important
With enterprises collecting vast amounts of data—and the rate of data breaches increasing every day—individuals and organizations must take control to protect their data’s privacy. The need for control is apparent, as found in a recent survey of 1,000 consumers, in which over 90 percent expressed concern about safeguarding their data. It’s also evident in the billions of accounts compromised in 2021, as mentioned previously. It’s not surprising considering the rate of cyber attacks has increased 600 percent since the pandemic started.
Data Privacy Day is important to remind us to follow safe data practices to protect personal identifiable information (PII) and sensitive data.
For consumers, it means:
- Reviewing data privacy settings on digital and social media accounts.
- Using strong passwords of 10 characters long with complex combinations.
- Regularly changing passwords to keep hackers away.
- Knowing and limiting the data they share, how they share it, and where they share it.
For businesses and organizations, it means:
- Following the safe data practices established and upheld by industry standards, such as General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and the California Consumer Privacy Act (CCPA).
- Providing user-friendly data privacy controls for consumers related to how their information is used or shared.
- Reviewing back-end systems and controls to assess their ability to protect data and prevent a data breach.
- Reminding employees to follow prescribed protocols for entering, managing, sharing, and storing data.
While no individual or organization can complete all these tasks in one day, Data Privacy Day brings awareness about the importance of these areas and making them part of everyday life.
7 tips to protect your PII and sensitive data
Data Privacy Day is a good time to review existing policies and protections around your PII and sensitive data. Follow these tips to maintain the confidentiality and integrity of your data. Keep this list handy. When Data Privacy Day comes around each January 28, use it as a checklist to review these key parts of your data privacy strategy.
1. Classify your data
Know what data you need to protect and create a data classification policy. Common classification levels include:
- Restricted: The most sensitive data with the greatest risk if compromised.
- Confidential: Moderately sensitive data that gives access to an organization’s inner operations if compromised.
- Public: Generally available information that might have some or no controls and poses little risk if compromised.
You might have other classifications depending on your data. However, you decide to classify your data, follow your strategy continually to ensure proper handling.
2. Establish a data transparency strategy
Data transparency drives trust and loyalty with your customers. It gives them control over their data privacy, especially online. Take steps to:
- Tell your customers how their information will be used.
- Allow customers flexible options to choose what they want to sign up for with options to opt-out.
- Provide a portal for customers to control the personal data they want to share.
3. Encrypt your data from end to end
Data encryption is an essential component of maintaining your data’s privacy, security, and integrity, especially when storing it in the cloud. The two main types of encryption are:
- Asymmetric encryption: An approach where the data sender and data receiver each have unique keys to lock and unlock the data. This type is also known as public-key encryption.
- Symmetric encryption: An approach where the data sender and data receiver use the same key to lock and unlock the data. Each party must know what the key is, making it unguessable for a third party to steal it.
Create a strategy to encrypt your data to protect it before sending it over untrusted networks. Also, establish a cryptographic key to decrypt the data.
4. Comply with industry regulations
Industry regulators have a full range of protections in place that organizations must follow from cybersecurity to data privacy and protection. Whether GPDR, HIPAA, SOC2, or another standard, each has its own set of rules that govern how organizations manage personal data, such as how much data to collect and when to dispose of it. An organization that fails to comply with these standards risk facing hefty financial fines.
As you work toward compliance, schedule a pre-audit with a third party to help rule out any major issues before the official compliance audit.
5. Secure your supply chain
Supply chain attacks are becoming more frequent. Two recent high-profile data breaches that come to mind include:
- SolarWinds, is an IT security company whose software update was compromised before it was sent to customers and ultimately affected any company that downloaded and applied the update. The average cost of the attack on affected companies is estimated to be $12 million.
- Target, a US retailer whose credentials were stolen by a third-party vendor to gain access to the company’s customer service database, affecting 41 million consumers. The company was ordered to pay a $18.5 million multi-state settlement.
The rate of supply chain attacks is expected to increase in 2022, as low barriers to entry remain the biggest target. To prevent from such attacks getting at your data, establish a supply chain risk management team to vet each vendor you do business with and assess how they collect and use your data. This team can also look for vulnerabilities in the supply chain and set security protocols for working with third parties.
6. Manage software vulnerabilities
Software vulnerabilities result from poor design or code defects. Hackers use tools to scan for vulnerabilities to gain entrance into an organization. To prevent them from getting into your network and at your data, implement the following practices:
- Practice secure coding.
- Build automatic security testing into the entire software development process.
- Immediately apply patches to address vulnerabilities.
- Secure your data endpoints—your devices where your most valuable data tends to be least protected.
Remain vigilant over your development and IT practices to ensure your teams keep your data and information secure.
7. Train employees on data privacy practices
Human error is one of the biggest factors that contribute to cybersecurity breaches. According to a recent report, the average cost of human errors that result in data breaches is $3.3 million. Yet only 38 percent of global organizations prepare themselves to manage a sophisticated cyber attack.
Position your employees as your first line of defense against cyber attacks. Provide data privacy awareness training as part of your cyber security awareness training program. Focus on the following topics and include any others that are specific to your organization’s data and cybersecurity needs:
- Handling PII and sensitive data
- Data privacy laws
- Industry requirements for data privacy
- Password policies
- Phishing and other social engineering scams
- Reporting a cyber threat, attack, or data breach
Choose a solution that leverages data analytics and delivers timely, engaging, and relevant content in small bites right in the workflow. This approach makes it easier for employees to learn, understand, and apply the lessons when confronted with a potential threat. It also gives them the confidence to know how to recognize and react to a threat.
Observe Data Privacy Day every year
This January 28 and every January 28, take time to observe Data Privacy Day in your organization. Remind your employees to follow safe data handling practices. And follow our tips to protect your organization’s PII and sensitive data.
Although training your employees on data privacy practices is the last item on the list, it may just be the most important one. Provide cybersecurity awareness training that includes data privacy training. It’s just the glue you need to hold your data privacy protection strategy together.