January 28th is celebrated as Data Privacy Day each year. It is a day set aside to generate awareness on the importance of this topic. In this data economy era, customer’s data is often one of the most valuable assets of any (online) company. As such, the privacy of their customers data is (or should be) of utmost importance and that data should be treated that way.
As a Data Privacy Champion of the Nation CyberSecurity Alliance, CyberSafeTT recognizes and supports the idea that all organizations share the responsibility of being conscientious stewards of personal information. We join the growing efforts among nonprofits, academic institutions, corporations and government entities as well as individuals to raise awareness at home, at work and school and in their communities.
What does data privacy mean?
Data Privacy or Information privacy is a part of the data protection area that deals with the proper handling of data. It often speaks directly to compliance with data protection regulations applicable to the business and individual.
Data Privacy relates to how data should be collected, stored, managed, and shared with any third parties. So for example, if you sign up with a website and upload information such as email, phone, profile picture, that websites data privacy policy will tell you whether that information is being share with any other website / entity. This is often explained with the Privacy Policy section of a website.
Data privacy policies also indicate how well the website complies with applicable privacy laws.
Why is Data Privacy important?
Data is perhaps the most important asset a business owns. We live in a data economy where companies find enormous value in collecting, sharing and using data about customers or users, especially from social media. It should be well documented to all users who a company request consent to keep personal data, abide by their privacy policies, and manage the data that they’ve collected.
Managing data to ensure regulatory compliance is arguably even more important. A company may have to meet legal responsibilities about how they collect, store, and process personal data, and non-compliance could lead to huge fines. If the company becomes the victim to a hack or ransomware, the consequences in terms of lost revenue and lost customer trust could be even worse.
Who reads those lengthy data privacy policies?
A Deloitte survey of 2,000 U.S. consumers in 2017 found that 91% of people consent to terms of service without reading them. For younger people, ages 18-34, that rate was even higher: 97% did so. We think those numbers may be even higher!
That being said, we willingly put ourselves at risk by signing away all kinds of rights over what personal data an app or website collects, how they use it, with whom they share it and how long they keep it.
Luckily, the answer to this problem lies with Terms of Service; Didn’t Read .org The project offers a free browser extension that labels and rates these agreements from very good (Class A) to very bad (Class E) on the websites you visit. When installed in your browser, it scans terms of service to unearth the worrisome stuff.
Bonus Content:
Data Breaches – Have you been pwned?
We entrust organizations with the data we upload to various websites and hope that they put the necessary mechanisms in place to protect that data from any breaches or hacks. A simple action such as encrypting your email, username and password information can go a long way in protecting your data stored by many online services. Before you submit your data to any website you should ensure that the website has employed a SSL Certificate. you can tell if this is the case by looking for the lock symbol in the address bar, and also ensuring that the website address starts with https.
Even with some of those measures in place, the most prepared of online services may be hacked and your data exposed.
You can visit have I been pwned to check if your login information was compromised and out in the public.
2