This Saturday marks Data Privacy Day, an international event that raises awareness about the risks when sharing our personal information online.
Although many of us are broadly aware that organizations often our personal data can used in a variety of ways that aren’t always to our benefit, many of us don’t fully grasp the ramifications.
We hand over information about ourselves at practically every moment of the day, from checking our phones first thing in the morning to logging in at work, from online shopping to monitoring our biometric data at the gym.
Organizations can use this data to customize the user experience, but they can also use it to send us targeted ads and to track us in ways that breach our privacy.
Moreover, if cyber criminals get their hands on this information, they can use it to commit fraud and to target us with scams.
Data Privacy Day helps the public better understand these threats and learn how they can keep their privacy intact.
In the run-up to this year’s event on 28 January, governments and organizations around the globe carry out activities to help us achieve that.
Keep it private
The risks related to data privacy differ depending on whether you’re an individual supplying your personal information or an organization that’s using that data.
For individuals, the main concern is often about the breadth of information being requested, how it’s being used and whether it’s adequately protected.
When trying to sign up for a service or purchase a product, we’re often asked to first supply information about ourselves. Sometimes that’s necessary – for example, if you’re being charged, you need to hand over your financial details – but other times we’re left questioning why we’re being asked certain questions.
The introduction of strengthened data privacy requirements has limited the way that organizations can collect personal information, but their goal is almost always to get as many details as possible.
That makes sense. Personal information can be help improve their ability to operate and improve the user experience. However, their priority will be to gather as much data as possible while complying with relevant laws.
Data Privacy Day considers both of these viewpoints, and addresses the concerns of individuals and organizations.
It recommends that individuals begin by understanding the data trail they leave whenever they go online.
We often leave a record explicitly, posting about our activities and behaviours on social media or forums. Meanwhile, we sign up to services where we’re asked to hand over sensitive information such as financial records and healthcare data.
If organizations are to gain customers’ trust, they must respect privacy and be more transparent about how they collect and use personal data.
This begins by assessing their data collection practices. This includes the reviewing whether all of the data that’s being collected is necessary to provide the service and the steps you are taking to protect it.
The organizer also recommends adopting a privacy framework to help manage data privacy risks and to create a culture of privacy within the business.
ISO 27701 is an ideal place to start. It’s a bolt-on to ISO 27001, the international standard that describes best practice for information security, and deals specifically with data privacy risks.
Another way to create a culture of privacy is to educate employees on their data privacy responsibilities. Stay Safe Online recommends that you “engage staff by asking them to consider how privacy and data security applies to the work they do on a daily basis.”
Commit to data privacy
For organizations looking for help addressing their data privacy measures, IT Governance USA is here to help.
Our Privacy as a Service solution provides the guidance and tools you need to ensure that information you process is protected and used responsibility.
With the many different laws U.S. organizations have to navigate, the burden of compliance can be huge.
This subscription service makes that job easier, giving you access to our data protection experts, who’ll help you review your policies and processes and ensure you comply with the relevant laws.
A version of this article was originally published on 24 January 2022.