Data Privacy Day was so 2021. It now has expanded into a full week, underscoring the importance of protecting personal data.
Ward and Smith is pleased to join the national and international efforts to recognize and support the principle that all organizations share the responsibility of being conscientious stewards of personal information. That's why the firm has committed to being a Data Privacy Week Champion.
During this week-long initiative, starting on January 24, we're encouraging individuals to learn more about managing and protecting their valuable online data. We're also encouraging businesses to respect customer data and learn about their responsibility to keep individuals' personal information safe from unauthorized access and ensure fair, relevant, and legitimate data collection and processing.
"In this digital age, personal data is its own currency that can be traded, borrowed, sold, or stolen," remarked CIPP/US privacy attorney Angela Doughty. "Anything that valuable warrants strong safeguarding to help mitigate risks of costly incidents and reputational harm. That's why initiatives like Data Privacy Week are important in bringing awareness to the little things we all can do to ensure we are protecting our personal information."
According to a Pew Research Center study, 79% of U.S. adults report being concerned about how companies are using their data. As technology evolves and the COVID-19 pandemic continues to influence how consumers interact with businesses online, data collection practices are becoming increasingly unavoidable, making it imperative that companies be open and honest about collecting, using, and sharing consumers' personal information and communicate their policies clearly and concisely.
The National Cybersecurity Alliance has offered up the following tips to help guide individuals and businesses to better data privacy practices, such as:
- For Individuals:
- Understand the privacy/convenience
tradeoff: Many accounts ask for access to personal
information, such as your geographic location, contacts list, and
photo album, before you even use their services. This personal
information has tremendous value to businesses and allows some to
even offer you their services at little to no cost. Make informed
decisions about whether or not to share your data with certain
businesses by considering the amount of personal information they
are asking for, and weighing it against the benefits you may
receive in return. Be thoughtful about who gets that information
and wary of apps or services that require access to information
that is not required or relevant for the services they are
offering. Delete unused apps on your internet-connected devices and
keep others secure by performing updates.
- Manage your privacy: Once you have
decided to use an app or set up a new account, check the privacy
and security settings on web services and apps and set them to your
comfort level for information sharing. Each device, application, or
browser you use will have different features to limit how and with
whom you share information. Get started with NCA's Manage Your Privacy Settings page to
check the settings of social media accounts, retail stores, apps,
and more.
- Protect your data: Data privacy and data
security go hand in hand. Keep your data secure by creating long,
unique passwords and storing them in a password manager. Add
another layer of security by enabling multi-factor authentication
(MFA) wherever possible, especially on accounts with sensitive
information. MFA has been found to block 99.9% of automated attacks when
enabled and can ensure your data is protected, even in the event of
a data breach.
- Understand the privacy/convenience
tradeoff: Many accounts ask for access to personal
information, such as your geographic location, contacts list, and
photo album, before you even use their services. This personal
information has tremendous value to businesses and allows some to
even offer you their services at little to no cost. Make informed
decisions about whether or not to share your data with certain
businesses by considering the amount of personal information they
are asking for, and weighing it against the benefits you may
receive in return. Be thoughtful about who gets that information
and wary of apps or services that require access to information
that is not required or relevant for the services they are
offering. Delete unused apps on your internet-connected devices and
keep others secure by performing updates.
- For Businesses:
- Conduct an assessment: Conduct an
assessment of your data collection practices. Whether you operate
locally, nationally, or globally, understand which privacy laws and
regulations apply to your business. Follow reasonable security
measures to keep individuals' personal information safe from
inappropriate and unauthorized access and make sure the personal
data you collect is processed in a fair manner and only collected
for relevant and legitimate purposes.
- Don't forget to maintain oversight of partners and vendors
as well. If someone provides services on your behalf, you are also
responsible for how they collect and use your consumers'
personal information.
- Adopt a privacy framework: Researching
and adopting a privacy framework can help you manage risk and
create a culture of privacy in your organization by building
privacy into your business. Get started by checking out the
following frameworks: NIST Privacy Framework, AICPA Privacy Management Framework, ISO/IEC 27701 - International Standard for Privacy
Information Management
- Educate employees: Create a culture of privacy in your organization by educating your employees of their and your organization's obligations to protecting personal information. Educate employees on your company's privacy policy and teach new employees about their role in your privacy culture during the onboarding process. Engage staff by asking them to consider how privacy and data security applies to the work they do on a daily basis. Better security and privacy behaviors at home will translate to better security and privacy practices at work. Teach employees how to update their privacy and security settings on work and personal accounts. Learn more.
- Conduct an assessment: Conduct an
assessment of your data collection practices. Whether you operate
locally, nationally, or globally, understand which privacy laws and
regulations apply to your business. Follow reasonable security
measures to keep individuals' personal information safe from
inappropriate and unauthorized access and make sure the personal
data you collect is processed in a fair manner and only collected
for relevant and legitimate purposes.
For more information about Data Privacy Week 2022 and how to get involved, visit https://staysafeonline.org/data-privacy-week/.