As the proliferation of smartphones and IoT devices continues, this year’s Data Privacy Day serves as a good reminder for organizations to discuss their own privacy awareness, how to safeguard their data, and how to empower business leaders and teams to take better actions when online.
Data Privacy Day (a.k.a. Data Protection Day) recognizes the Jan. 28, 1981 signing of Convention 108, the first legally binding international treaty for dealing with privacy and data protection. Today it’s a celebration for all businesses and organizations.
Data Privacy Day is currently led by the National Cyber Security Alliance (NCSA), which educates consumers on how they can protect their data and their online privacy.
(Related: What are the challenges to encryption?)
This year, NCSA is using its theme of “respecting privacy, safeguarding data, and enabling trust” to talk about issues like identity protection, privacy awareness, and securing a digital identity.
For NetApp, a data-management company that tries to ensure employees are aware of potential cyber risks, ensuring data privacy is at the forefront. According to Michael Elliott, cloud evangelist at NetApp, the growing attention on data privacy and sovereignty means regulations have heightened, and compliance remains a big concern for companies.
Other concerns that companies face include the impact of the Internet of Things on security and privacy, said Geoff Webb, vice president of solutions strategy at Micro Focus. He said that with these sensors and the deep penetration of these devices into people’s lives, businesses, and homes, the “current expectations and standards around privacy may quickly become obsolete.”
“The immense volumes of information potentially gathered by these devices means that even legitimate use could quickly triangulate the identity of an individual from many fragments of data, exposing our lives to an unprecedented degree,” said Webb. “As of this Data Privacy Day, we have neither the experience as a society nor the legislative framework to decide what should constitute ‘privacy at all,’ nor have to protect it.”
The power of privacy: How organizations are taking action
This year, Mozilla had a few announcements in honor of Data Privacy Day, including its newly launched Firefox Focus privacy-centric browser.
The latest version of Firefox is designed to keep online users safe, which is a key priority for Mozilla, a long-term and vocal proponent for using HTTPS, wrote Nick Nguyen, vice president of product at Mozilla. It has also backed initiatives like Let’s Encrypt, he added.
With this version, web pages that have not been secured with HTTPS will be highlighted as potential threats. A red line through the lock icon will be displayed for connections that are not secure, urging users to consider the possible security risks of certain sites.
Mozilla also launched the first version of the Internet Health Report, with privacy and security as the first steps toward a healthy Internet. Some of the tenets of a healthy Internet include one that is private and secure, one that is open and innovative, and one that is decentralized, according to Mozilla.
Mozilla recommended using trusted products to protect data privacy. Basic tips to create a secure Internet include locking down logins, making sure all Internet-connected devices are up to date, and if something looks suspicious, deleting it instead of opening it.
There’s no hiding it: Personal information is all over websites and applications. Some of that sensitive information comes from documents from employers, banks, vendors, and other places where Social Security numbers, bank account information and birthdates could exist.
Data privacy can be compromised through these documents, according to Chris Strammiello, vice president of Global Alliances at Nuance (a computer software company). This unwanted “data leakage” occurs when people have uncontrolled access to scanning combined with access to sensitive content, he said.
“Safeguard privacy by placing filters within scanning applications to restrict document access,” said Strammiello. “These content filters can search for specific words or character strings like ‘confidential’ or ‘non-disclosure’ once they are transformed to a searchable format during the scanning process. After terms are identified, the software can take any number of actions, including automatically encrypting the file prior to sending, or perhaps quarantine or delete the file altogether.”
Companies should also consider the fact that no one is fully protected against breaches, according to Strammiello. Of course, even with the right resources and preventative measures, breaches still occur, and when this happens, companies face mandated reporting requirements to avoid additional penalties, he said.
“Maintaining a comprehensive log of print and scanning activities will give you peace of mind that you can address regulatory reporting requirements in response to a data breach,” said Strammiello. “You will know who engaged with which documents on what devices—and what happened to those documents.”
Security starts with your staff
Organizations can take the issue of data privacy into their own hands by starting with the individual, according to NetApp’s Elliott. Companies need to make sure each employee is educated on privacy issues and what they can do to not only protect their company, but also protect their own personal information on the web.
He suggested organizations host regular data privacy and safety trainings for employees to make sure they have a unified approach to potential risks.
“Companies should understand both how data is transported to the cloud and where their data ultimately resides,” said Elliott. “Ultimately, it is the data owner that is responsible for the security, privacy and sovereignty of their data.”
Webb said that organizations now take data privacy pretty seriously, but it’s important that the organization should look to improve controls for who has access to all of this sensitive data, especially since this level of information can contain facts about the staff and their family.
“Often employees have more access than they should, and a lax attitude to governance over access to data is an Achilles’ heel that will usually be the undoing of even relatively sophisticated and secure businesses,” said Webb.