‘Data Privacy Day’ Significant in Our Hyper-Connected World

This Sunday, January 28, 2018, will mark the 10th annual observance of Data Privacy Day, which commemorates the signing, back in 1981, by the Council of Europe of Convention 108, “the first legally binding international treaty dealing with privacy and data protection.” Back then, concerns were just beginning to arise about the impact of increasingly automated data processing, though few could imagine the enormous effect that technological innovation—from smartphones to social networks—would have on data proliferation and protection.

Data Privacy Day is currently recognized in nearly 50 European countries, Canada, India, and the U.S., where the National Cyber Security Alliance (NCSA) uses the occasion to draw greater attention to its year-round data privacy awareness programs. “The signing of Convention 108 represented an important point in time—it was the first legally binding international treaty designating privacy as a human right,” explained NCSA executive director, Russell Schrader. “Its commemoration will remain a significant part of its history.”

The NCSA is out to educate consumers about the value of their own data, and convince companies that protecting that data is good for business. “Consumers are increasingly understanding the value of their personal information, and they want to know how their information is used, collected, and shared,” Schrader told Security Roundtable in an interview.

What’s more, they’re not terribly happy with the current state of affairs. More than eight out of ten (81 percent) American consumers said they feel they have lost control over the way their personal data is collected and used, according to a recent survey conducted by Deloitte Insights and SSI. As the world becomes increasingly connected, the data universe—as fueled by the Internet of Things (IoT)—is exploding. Consequently, the cost of storing and analyzing that data continues to plummet, while consumers’ concerns about data security and privacy grow.

Dramatically complex

One of the most important messages for business leaders is that it’s not simply their “customer” data that they must protect, but all consumer data. “Individuals’ data is collected, used, and shared at an exponential rate, with or without our knowledge,” said Schrader, who is also a member of the U.S. Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. “The technology ecosystem has become dramatically complex, making it even more important for organizations to respect privacy, safeguard data, and enable trust.”

It’s now clear that every company—large or small, across industries, and around the world—is a data company. Company leaders can use Data Privacy Day as an excuse to beat the data protection drum internally and reassess their own data practices. To that end, the NCSA has created a data protection decision tree to help business leaders think through how they are using, collecting, and sharing consumer data. The organization also offers a number of suggestions for how businesses can be more proactive in their protection of consumer privacy:

  • If you’re going to collect it, you’d better protect it. Companies should follow reasonable security measures to protect individuals’ personal information from inappropriate and unauthorized access.
  • Be transparent about personal information collection, use, and sharing. Businesses should clearly communicate their data use practices and any features or settings they offer consumers to manage their privacy.
  • Go beyond the privacy policy. Companies can’t count on consumers to read the fine print. To educate them, they should communicate clearly and often what data privacy means to their organization and the steps they’re taking to achieve and maintain data privacy and security.
  • Create a privacy culture. Make sure employees understand and assume their roles in privacy, security, and respecting and protecting the personal information of colleagues and customers.
  • Monitor partners and vendors. Companies should do their due diligence with regards to the privacy practices of others within their extended ecosystem, because, in the end, they will be responsible for how those third parties use and collect personal information.

“Every day should be data privacy day,” Schrader concluded, “but calling attention to a particular point in time is an opportunity to catalyze a groundswell of activities, draw attention to, and collectively focus on the importance of privacy.”