With current data regulations in place like the CCPA and GDPR, it’s hard to imagine data privacy not being a top priority for companies. But unfortunately that’s still not the case, and companies still struggle to make it a priority. To remind companies to practice good data hygiene and privacy, Data Privacy Day is celebrated every year.
“The California Privacy Act gives new teeth to Data Privacy Day,” said Cindy Provin, senior vice president of Entrust Datacard and general manager of nCipher Security. “We as an industry need to do more than just live up to the mere letter of the law. Based on our research, 79% of Americans care how a company uses their private information. That means consumers want reassurances that their private data is not at risk. It is the industry’s responsibility to build that trust by putting a comprehensive security strategy in place that leverages encryption and key management best practices. Then it’s up to industry to educate consumers about how and why a company should earn their trust.”
RELATED CONTENT:
CCPA set to take effect at the start of 2020
Data auditing is the future of data privacy
Industry watch: The little dirty data secret
Celebrated every year on January 28, the day is used to commemorate the signing of Convention 108 on January 28, 1981. Convention 108 was the first international treaty that dealt with privacy and data protection, according to the National Cyber Security Alliance.
It was first celebrated in Europe as Data Protection Day, and expanded to the United States and Canada in 2008 with the new name of Data Privacy Day.
The National Cyber Security Alliance will be hosting livestreams of talks today, starting at 1 PM ET/10 AM PT. Topics include “Privacy Across the Globe,” “CCPA and the Wake of Privacy Legislation in the U.S.,” “A World Without Privacy,” and “Industry Perspectives: Going Beyond Privacy Compliance.”
Despite pressure from new regulations like the CCPA and GDPR, a lot of companies are just doing the bare minimum to avoid trouble, if they’re even doing that. According to cloud security company Bitglass, 38% of Fortune 500 companies still don’t have a Chief Information Security Officer (CISO). They also found that 77% of the Fortune 500 don’t indicate on their website who is responsible for the company’s security strategy, and 52% don’t explain how they protect the data of their customers, apart from a legally required privacy notice.
“Given that most companies are entrusted with consumers’ personally identifiable information (PII), they represent an attractive target for cybercriminals,” said Anurag Kahol, CTO and co-founder of Bitglass. “Organizations must stay vigilant, be aware, and get a handle on the security of their data. Placing security, compliance, and consumer privacy at the epicenter of your business with a proactive security strategy can help address individuals’ privacy concerns and cement their loyalty in your brand.”
According to Eve Maler, interim CTO at ForgeRock, there are four steps that companies should take to strengthen their data protection practices:
- Identify where digital transformation opportunities and user trust risks intersect. For example, every year companies will release new smart devices intended to go in a child’s bedroom without considering the fact that parents may be freaking out that it’s listening to their child. “There are just so many ways to provide all of these great new products and services, but the risks or gaps are there and you have to think about them first,” said Maler.
- Consider personal data as a joint asset between the organization and the individual. “It’s a matter of getting stakeholders coming together in a rather complex pattern to think about how to use personal data cleverly for providing value, and seeing that it has value to people,” said Maler.
- Lean in to consent. According to Maler, when you ask for consent to store a user’s personal data, you are giving that person authority and control over their data.
- Leverage identity and access management systems to build trust. This involves going above and beyond what is just required for compliance to data regulations.