Europe has long been at the forefront of data protection, years before the creation of Data Protection Day. Way back in 1981, the Council of Europe enacted The Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, "the first legally binding international instrument in the data protection field. Under this Convention, the parties are required to take the necessary steps in their domestic legislation to apply the principles it lays down in order to ensure respect in their territory for the fundamental human rights of all individuals with regard to processing of personal data," the Council explained.
This convention is more often known as Convention 108 and occurred a full 37 years before the General Data Protection Regulation (GDPR) came into effect in 2018. But European data protection advocates didn't sit still for those many years. The Council raised awareness by establishing Data Protection Day in 2006. Two years later, Data Privacy Day was launched in the United States, also celebrated annually on January 28th like its European counterpart. In 2009, the United States House of Representatives recognized National Data Privacy Day, and in 2014 the US Senate made the same move with the entire Congress recognizing the day.
Enter Data Privacy Week
As more countries come on board, Data Protection Day/Privacy Day(s) is becoming a worldwide event, now held in 47 European countries and the United States, Canada, and Israel.
But the movement doesn't stop at a single day of observance. This year the US National Cybersecurity Alliance (NCA) turned its Data Privacy Day campaign into Data Privacy Week. Of course, those serious about protection and privacy consider it a full-time endeavor.
"Data Privacy Week helps spread awareness about online privacy and educates citizens on how to manage their personal information and keep it secure. Data Privacy Week also encourages businesses to respect data and be more transparent about how they collect and use customer data," the National Cybersecurity Alliance argued on its Stay Safe Online website.
Europe Holds the Line on Data Privacy
The European Commission is a huge data protection proponent and saw the need for privacy rise during the pandemic. "The value of an efficient data protection regime has become even clearer during the coronavirus pandemic. New digital solutions such as tracing apps can only work if people can feel well protected and can trust that their data will not be misused. The GDPR is the stepping stone to Europe's human-centric approach to digital technologies; it supports and empowers citizens," argued Věra Jourová , Vice-President for Values and Transparency, and Didier Reynders, Commissioner for Justice in a joint statement . "Free and safe data flows are also a prerequisite for government and business operations to continue during the pandemic. Protecting privacy and facilitating data flows has to go hand in hand."
Learn how to comply with GDPR in our whitepaper - GDPR isn't Getting Any Easier
What is Data Privacy?
Privacy is a more discrete term than data security. "Data privacy is not the same thing as data security, although the two are intimately connected and intertwined. The analogy we like best that helps understand the difference describes data security like putting bars on windows to make it difficult for someone to burglarize your home. Data privacy is more like pulling down the window shades so no one can look inside to see what you are wearing, who lives with you, what you are cooking for dinner tonight, or what movie you are watching," explained a piece on nationaltoday.com .
What to do About Data Privacy?
Here are a few NCA data privacy best practices for consumers and enterprises:
Be Careful in Giving Out Your Data: The web is full of services that give you something for free and take your data in return. It is the fundamental basis upon which Facebook was formed. "Many accounts ask for access to personal information, such as your geographic location, contacts list, and photo album, before you even use their services. This personal information has tremendous value to businesses and allows some to even offer you their services at little to no cost," Stay Safe Online notes. "Make informed decisions about whether or not to share your data with certain businesses by considering the amount of personal information they are asking for, and weighing it against the benefits you may receive in return."
Track and Control What You Have Already Given Out: Chances are, numerous websites and services already have your data. Though you can still go back and change your privacy for more safety even easier is to set up new apps properly. "Once you have decided to use an app or set up a new account, check the privacy and security settings on web services and apps and set them to your comfort level for information sharing. Each device, application or browser you use will have different features to limit how and with whom you share information," NCA advises.
Protect Your Data by Securing Access: Breaches are a common way data privacy is violated, and these incursions can give hackers full access to your private information. "Keep your data secure by creating long, unique passwords and storing them in a password manager. Add another layer of security by enabling multi-factor authentication (MFA) wherever possible, especially on accounts with sensitive information. MFA has been found to block 99.9% of automated attacks when enabled and can ensure your data is protected, even in the event of a data breach," NCA says.
It is Good Business to Protect Privacy:A lack of privacy can lead to compliance fines and breaches – both of which can come with a slow healing black eye from the press. Even if compliance rules don't apply to you (yet), it is good business to act like they do. "According to the Pew Research Center , 79% of U.S. adults report being concerned about the way their data is being used by companies. Respecting consumers' privacy is a smart strategy for inspiring trust and enhancing reputation and growth in your business. Be open and honest about how you collect, use and share consumers' personal information," NCA suggests. "Think about how the consumer may expect their data to be used and design settings to protect their information by default. Communicate clearly and concisely to the public what privacy means to your organization and the steps you take to achieve and maintain privacy."
Know where you stand on privacy: Before improving your security posture, you must know where you currently stand. This is best done by assessing and documenting your data collection practices. "Whether you operate locally, nationally, or globally, understand which privacy laws and regulations apply to your business. Follow reasonable security measures to keep individuals' personal information safe from inappropriate and unauthorized access and make sure the personal data you collect is processed in a fair manner and only collected for relevant and legitimate purposes," NCA argues. "Don't forget to maintain oversight of partners and vendors as well. If someone provides services on your behalf, you are also responsible for how they collect and use your consumers' personal information."
Across the Globe, Data Privacy Often Relates to GDPR
For many, data protection is not an option, but a regulatory requirement. GDPR is arguably the most well-known data privacy law currently in place.
As proponents of data privacy, we know file transfers can cause data privacy trouble, so make sure you Avoid the GDPR Data Transfer Pothole blog by reading our blog or gain even more GDPR advice from Osterman’s GDPR isn't Getting Any Easier whitepaper.
You can also get an executive-level view from the Osterman Research white paper The Decision Makers Guide to Data Protection .
Doug Barney
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.