Each year on January 28, an international initiative known as Data Privacy Day serves to remind us of the importance of data privacy and the protection of personal information. The goal of Data Privacy Day 2021 is to empower consumers to Own Your Privacy and businesses to Respect Privacy.
It Takes Two to Protect Data Privacy
Protecting the privacy and security of sensitive data is a legal and regulatory responsibility of any business who collects, processes, stores, transmits or otherwise touches a consumer’s data.
Federal and industry regulations such as HIPAA, GLBA, FINRA, Sarbanes-Oxley Act, PCI Data Security Standard, CMMC and numerous others include data privacy requirements to greater or lesser extent. Non-compliance can be costly, especially for violations of the HIPAA Privacy and Security Rules in the healthcare industry.
By the same token, consumers who share their personal data are also obligated to protect that information to the best of their abilities. While individuals don’t always have much control over how their data is handled, there are actions they can take.
That’s why the National Cyber Security Alliance (NCSA) provides data privacy protection guidance for both businesses and consumers.
In 2021, the NCSA is encouraging consumers to learn more about how to protect their valuable data online—and also encouraging businesses to be accountable for keeping consumers’ personal information safe from unauthorized access and “ensuring fair, relevant and legitimate data collection and processing.”
Message to Businesses: Respect Privacy
Almost 80% of adults in the U.S. are concerned about how businesses use their data, according to recent research.
And as these pie charts illustrate, slightly more than 60% believe that it’s impossible to live in today’s world without business and government entities collecting data about them.
As just one example, think about the data that is collected each time an individual browses the web. Anyone who uses the Internet is familiar with the cookies that allow web browsers, like Chrome, Firefox, Safari and others, to create a more convenient browsing experience for consumers.
However, in addition to their benefits, cookies can pose a privacy risk due to the amount of information they collect. Cookies record personally identifiable information that may include individuals’ names, addresses, account login credentials, and more. Clearly, browsing convenience comes at a price.
Businesses who are able to convey a positive message about how they gather and use individuals’ information may gain some marketing and reputational advantages by building customer trust in an environment in which that trust is increasingly rare.
The NCSA recommends five tips to help businesses respect individual privacy and build trust. The professionals at 24By7Security support these recommendations, as well as others aimed at safeguarding information privacy and security.
1: If you collect it, protect it. This includes implementing reasonable security measures to protect data from inappropriate and unauthorized access. Data breaches can be costly and damaging in multiple ways. In addition, collect only the information you really need to perform your service or sell and deliver your product.
2: Adopt a privacy framework. Create a culture of privacy in your organization. Build a robust privacy framework that includes policies, procedures, and processes designed to protect private data. If you are a regulated business, which includes just about every business nowadays, a privacy framework is not just a good idea—it is probably mandated. Familiarize yourself with the foremost privacy framework resources, such as the National Institute of Standards and Technology (NIST).
by Rupal Talati, HCISSP
Rupal Talati is a Security Analyst with 24By7Security, specializing in HIPAA security risk assessments and relationship management and liaison with clients. In addition to her certification as a Health Care Information Security and Privacy Practitioner (HCISPP) and as a Certified Data Privacy Practitioner (CDPP) from Network Intelligence, Rupal has a strong technical background with an Master of Science in Computer Science from Long Island University, New York, and a Master of Science in Physics, Electronics/Telecommunications from Gujarat University, India.