Today is Data Privacy Day—an annual reminder of the challenges and importance of data privacy. The day is intended to provide some guidelines on data privacy, and to encourage businesses and individuals to do a better job of protecting their data. This attention to data privacy plays a pivotal role in cybersecurity, not just because of the business and financial repercussions of failing to safeguard data effectively, but because data privacy is generally the initial catalyst that drives an organization to consider cybersecurity at all. The tools and processes put in place to protect data privacy also prevent system downtime, corrupted financials, stolen credentials, and other cyber attacks.
For the most part, though, people give Data Privacy Day about as much time and attention as they do reading an End User License Agreement—just a quick, “Yeah, I get it,” and back to business as usual.
“Unfortunately, while there is constant outrage about privacy, the fact that it is constantly and irrevocably breached hasn’t caused a sea change in attitudes, penalties, or protections,” said Jack Danahy, SVP, Security for Alert Logic. “Government fines notwithstanding, the absence of liability protections for consumers has muted corporate response. The outcome in suits filed for private data loss is typically a dismissal, the result of a lack of provable, proximate, harm from the disclosure. Without the potential for meaningful judgements and penalties, organizations don’t have the motivation, or investor support, to invest in better privacy protection.”
Data Privacy for Organizations
Security should be a top priority for any organization. Ideally, it should be a primary focus because the company has integrity and understands the responsibility it has to protect and secure sensitive data it is entrusted with. If that fails, though, there are a myriad of compliance frameworks that mandate at least some baseline level of data security and include stiff penalties for data breaches and exposure. Whether a company does it for the right reason or because they’re legally obligated, cybersecurity is still a top concern.
Dan Pitman, Principal Security Architect for Alert Logic, explains that data privacy concerns around your business can cause revenue loss and delayed sales. “Review data security processes and technologies regularly. Reduce the amount of personal data that is stored and processed to a minimum and put in place best-practice protections based on risk to reduce costs and impact when there is a data breach.”
Data Privacy for Individuals
It may seem like there is little or nothing individuals can do to safeguard their own data. To some extent, that may be true. There are some businesses that have your data that you have little or no choice in—like Equifax, or your employer, or the state or federal government. Hopefully businesses will do what is necessary to protect your data, but individuals can exercise some degree of control by being selective about what data they share and with whom.
Pitman suggests that individuals strive as much as possible to keep their personal and business data separate. “This can be as simple as remembering to use personal emails and other contact details for personal online activities and work details for work activities.”
“We should be thinking about whether we will knowingly continue to make the same decisions about sharing our data,” stressed Danahy. “Will we continue to simply click through the GDPR warning, and will we shrug our shoulders when our private data is stolen? So long as we acquiesce to inadequate protections as the cost for interactivity, we really have no right to expect companies to invest in improving those protections.”
Danahy pointed out that an individual can opt for the extreme—give up the smartphone and apps, don’t use social media, and avoid putting smart devices in your home. That existence is impractical for most, but it’s up to you to find the right balance. Danahy emphasized, “We can choose not to share some of our data, with the risk of less interesting, less customized, services. We can also look at new alternatives—like Tim Berners-Lee’s project, Inrupt—that are trying to re-imagine the ownership of your private information, but that is very new and young.”
The choice is yours. Danahy summed up, “Or, we can knowingly participate in the unintentional data promiscuity promoted by our app and interaction-heavy current state. So long as we are doing it knowingly, we are getting what we deserve.”