Why companies should treat every day like Data Privacy Day

Published: January 26th, 2017

As the proliferation of smartphones and IoT devices continues, this year’s Data Privacy Day serves as a good reminder for organizations to discuss their own privacy awareness, how to safeguard their data, and how to empower business leaders and teams to take better actions when online.

Data Privacy Day (a.k.a. Data Protection Day) recognizes the Jan. 28, 1981 signing of Convention 108, the first legally binding international treaty for dealing with privacy and data protection. Today it’s a celebration for all businesses and organizations.

Data Privacy Day is currently led by the National Cyber Security Alliance (NCSA), which educates consumers on how they can protect their data and their online privacy.

This year, NCSA is using its theme of “respecting privacy, safeguarding data, and enabling trust” to talk about issues like identity protection, privacy awareness, and securing a digital identity.

For NetApp, a data-management company that tries to ensure employees are aware of potential cyber risks, ensuring data privacy is at the forefront. According to Michael Elliott, cloud evangelist at NetApp, the growing attention on data privacy and sovereignty means regulations have heightened, and compliance remains a big concern for companies.

Other concerns that companies face include the impact of the Internet of Things on security and privacy, said Geoff Webb, vice president of solutions strategy at Micro Focus. He said that with these sensors and the deep penetration of these devices into people’s lives, businesses, and homes, the “current expectations and standards around privacy may quickly become obsolete.”

“The immense volumes of information potentially gathered by these devices means that even legitimate use could quickly triangulate the identity of an individual from many fragments of data, exposing our lives to an unprecedented degree,” said Webb. “As of this Data Privacy Day, we have neither the experience as a society nor the legislative framework to decide what should constitute ‘privacy at all,’ nor have to protect it.”

The power of privacy: How organizations are taking action
This year, Mozilla had a few announcements in honor of Data Privacy Day, including its newly launched Firefox Focus privacy-centric browser.

The latest version of Firefox is designed to keep online users safe, which is a key priority for Mozilla, a long-term and vocal proponent for using HTTPS, wrote Nick Nguyen, vice president of product at Mozilla. It has also backed initiatives like Let’s Encrypt, he added.

With this version, web pages that have not been secured with HTTPS will be highlighted as potential threats. A red line through the lock icon will be displayed for connections that are not secure, urging users to consider the possible security risks of certain sites.

Mozilla also launched the first version of the Internet Health Report, with privacy and security as the first steps toward a healthy Internet. Some of the tenets of a healthy Internet include one that is private and secure, one that is open and innovative, and one that is decentralized, according to Mozilla.

Mozilla recommended using trusted products to protect data privacy. Basic tips to create a secure Internet include locking down logins, making sure all Internet-connected devices are up to date, and if something looks suspicious, deleting it instead of opening it.

There’s no hiding it: Personal information is all over websites and applications. Some of that sensitive information comes from documents from employers, banks, vendors, and other places where Social Security numbers, bank account information and birthdates could exist.

Data privacy can be compromised through these documents, according to Chris Strammiello, vice president of Global Alliances at Nuance (a computer software company). This unwanted “data leakage” occurs when people have uncontrolled access to scanning combined with access to sensitive content, he said.

“Safeguard privacy by placing filters within scanning applications to restrict document access,” said Strammiello. “These content filters can search for specific words or character strings like ‘confidential’ or ‘non-disclosure’ once they are transformed to a searchable format during the scanning process. After terms are identified, the software can take any number of actions, including automatically encrypting the file prior to sending, or perhaps quarantine or delete the file altogether.”

Companies should also consider the fact that no one is fully protected against breaches, according to Strammiello. Of course, even with the right resources and preventative measures, breaches still occur, and when this happens, companies face mandated reporting requirements to avoid additional penalties, he said.

“Maintaining a comprehensive log of print and scanning activities will give you peace of mind that you can address regulatory reporting requirements in response to a data breach,” said Strammiello. “You will know who engaged with which documents on what devices—and what happened to those documents.”

Security starts with your staff
Organizations can take the issue of data privacy into their own hands by starting with the individual, according to NetApp’s Elliott. Companies need to make sure each employee is educated on privacy issues and what they can do to not only protect their company, but also protect their own personal information on the web.

He suggested organizations host regular data privacy and safety trainings for employees to make sure they have a unified approach to potential risks.

“Companies should understand both how data is transported to the cloud and where their data ultimately resides,” said Elliott. “Ultimately, it is the data owner that is responsible for the security, privacy and sovereignty of their data.”

Webb said that organizations now take data privacy pretty seriously, but it’s important that the organization should look to improve controls for who has access to all of this sensitive data, especially since this level of information can contain facts about the staff and their family.

“Often employees have more access than they should, and a lax attitude to governance over access to data is an Achilles’ heel that will usually be the undoing of even relatively sophisticated and secure businesses,” said Webb.

About Madison Moore

Madison Moore is an Online and Social Media Editor for SD Times. She is a 2015 graduate from Delaware Valley University, Pa., with a Bachelor's Degree in media and communication. Moore has reported for Philly.com, The Philadelphia Inquirer, and PhillyVoice. She is new to Long Island and is a cat enthusiast. Follow her on Twitter at @Moorewithmadi.

View all posts by Madison Moore

Cookie	Duration	Description
cf_use_ob	past	Cloudflare sets this cookie to improve page load times and to disallow any security restrictions based on the visitor's IP address.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__atuvc	1 year 1 month	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it, before the share count cache is updated.
__atuvs	30 minutes	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it, before the share count cache is updated.
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_S6PB8V57DG	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_846073_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_jsuid	1 year	This cookie contains random number which is generated when a visitor visits the website for the first time. This cookie is used to identify the new visitors to the website.
at-rand	never	AddThis sets this cookie to track page visits, sources of traffic and share counts.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
iutk	5 months 27 days	This cookie is used by Issuu analytic system to gather information regarding visitor activity on Issuu products.
uvc	1 year 1 month	Set by addthis.com to determine the usage of addthis.com service.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
WMF-Last-Access	1 month 14 hours 26 minutes	This cookie is used to calculate unique devices accessing the website.

Cookie	Duration	Description
__Host-GAPS	2 years	This cookie allows the website to identify a user and provide enhanced functionality and personalisation.
_pxhd	session	Used by Zoominfo to enhance customer data.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
loc	1 year 1 month	AddThis sets this geolocation cookie to help understand the location of users who share the information.
mc	1 year 1 month	Quantserve sets the mc cookie to anonymously track user behaviour on the website.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
__gpi	1 year 24 days	No description
__Secure-YEC	1 year 1 month	No description
_heatmaps_g2g_100754890	10 minutes	No description
_techvalidate_session	session	No description
cf_7166_id	20 years	No description
cf_7166_person_last_update	session	No description
f5avraaaaaaaaaaaaaaaa_session_	session	No description available.
GoogleAdServingTest	session	No description
Gyazo_cfwoker	7 years 2 months 17 days 7 hours	No description
incap_ses_451_2783402	session	No description
incap_ses_769_2783402	session	No description
loglevel	never	No description available.
m	2 years	No description available.
nlbi_2783402	session	No description
prism_252377639	1 month	No description
TS011605d9	session	No description
ustream-guest	session	No description available.
visid_incap_2783402	1 year	No description
xtc	1 year 1 month	No description

AI

AI and Software Development

Observability

Guide to Observability

CI/CD

A guide to CI/CD

Cloud Native

Cloud Native Content

Data

A Guide to Data

Test

Automation

Mobile

Mobile Testing

API

Sponsored by Parasoft

Performance

Load & Performance Testing

DevSecOps

A Guide to DevSecOps

Enterprise Security

A Guide to Security

Supply Chain Security

Supply Chain Security

Dev Manager

Dev Managers Content

Agile

A Guide To Agile

Value Stream

A Guide To Value Stream

Productivity

A Guide To Productivity

DevOps

DevOps Content

Microservices

A Guide to MicroServices

AI

AI and Software Development

Value Stream Management

A Guide To Value Stream

Why companies should treat every day like Data Privacy Day

Subscribe to SDTimes

About Madison Moore

Related Articles

GitLab Duo Chat released as part of GitLab 16.11

Meta releases the first two Llama 3 models

SD Times Open-Source Project of the Week: STORM

Red Hat Trusted Software Supply Chain gets updated with three new offerings