Today marks the beginning of Data Privacy Week, an international event that highlights the risks related to the way personal information is used online.
The event has historically been a single day – 28 January – coinciding with the signing of Convention 108, the first legally binding treaty that addressed privacy and data protection.
But this year the event’s organizer, Stay Safe Online, has expanded the campaign to a full week. From January 24–28, it is running a series of events alongside its usual guidance and resources to help people better understand the importance of data privacy.
Keep it private
The risks related to data privacy differ depending on whether you’re an individual supplying your personal information or an organization that’s using that data.
For individuals, the main concern is often about the breadth of information being requested, how it’s being used and whether it’s adequately protected.
When trying to sign up for a service or purchase a product, we’re often asked to first supply information about ourselves. Sometimes that’s necessary – for example, if you’re being charged, you need to hand over your financial details – but other times we’re left questioning why we’re being asked certain questions.
The introduction of strengthened data privacy requirements has limited the way that organizations can collect personal information, but their goal is almost always to get as many details as possible.
That makes sense. Personal information can be help improve their ability to operate and improve the user experience. However, their priority will be to gather as much data as possible while complying with relevant laws.
Data Privacy Week considers both of these viewpoints, and addresses the concerns of individuals and organizations.
It recommends that individuals begin by understanding the data trail they leave whenever they go online.
We often leave a record explicitly, posting about our activities and behaviours on social media or forums. Meanwhile, we sign up to services where we’re asked to hand over sensitive information such as financial records and healthcare data.
“It’s easy to feel a lack of control over the information collected about you,” Stay Safe Online writes. “However, there are steps you can take to learn about the types of data you’re generating online, and how it’s collected, shared and used.”
In keeping with the slogan ‘Keep it private’, the campaign suggests that individuals minimise the amount of data they share online.
Meanwhile, Stay Safe Online urges organizations to respect privacy and be more transparent about how they collect and use customer data.
This begins by assessing their data collection practices. This includes the reviewing whether all of the data that’s being collected is necessary to provide the service and the steps you are taking to protect it.
The organizer also recommends adopting a privacy framework to help manage data privacy risks and to create a culture of privacy within the business. ISO 27701 is an ideal place to start. It’s a bolt-on to ISO 27001, the international standard that describes best practice for information security, and deals specifically with data privacy risks.
Another way to create a culture of privacy is to educate employees on their data privacy responsibilities. Stay Safe Online recommends that you “engage staff by asking them to consider how privacy and data security applies to the work they do on a daily basis.”
Commit to data privacy
Organizations looking for help addressing their data privacy measures, IT Governance USA is here to help.
Our Privacy as a Service solution provides the guidance and tools you need to ensure that information you process is protected and used responsibility.
With the many different laws U.S. organizations have to navigate, the burden of compliance can be huge.
This subscription service makes that job easier, giving you access to our data protection experts, who’ll help you review your policies and processes and ensure you comply with the relevant laws.