Data privacy day is January 28th, an opportunity to boost awareness and take a step towards improvement.
Privacy is a universal issue for every individual and organization and we make privacy choices daily. How can we choose wisely and devote sufficient time to better understand the many issues? We can review our personal and organizational privacy posture and make improvements.
Privacy evolves and laws increase
Privacy has deep roots in human society, but the past two decades have exponentially increased data privacy issues and threats. Never before has so much information about us been obtained, stored, analyzed, and sold. Data about our interests, connections, reading, purchases, and activities is a commodity.
Privacy legal requirements and protections are building in the United States but remain a fragmented mixture of rules. Some apply generally, and some are only for specific sectors such as health or financial. The Federal Trade Commission does general federal privacy enforcement under its authority to regulate unfair or deceptive trade practices. California was the first state to pass a comprehensive privacy law, others followed suit, and more state rules are coming.
Heightened privacy regulation is a legal wave that started in Europe with their broad privacy law, the General Data Protection Regulation (GDPR), and they created this day of recognition (known there as Data Protection Day).
Personal privacy for you and your family
Two important groups want information and data about us, and their motives range from legitimate to criminal and everywhere in between. Private enterprise wants data about us because it has value to them; cybercriminals want it for identity theft and other criminal activity.
We make privacy choices daily. Sometimes it can be overwhelming.
Consider the hundreds or thousands of privacy policies you have agreed to. Can you read all those policies, much less understand them? I cite a study in my first book that estimated that reading them would cost you 250 hours each year. Today, that number would be higher since there are more and longer policies to click “accept” for. It is impossible to read them all.
Some companies are well-intentioned, with excellent privacy and security practices and plain language privacy policies. Others fall woefully short.
As consumers, we cannot accept defeat on privacy or ignore it, but it cannot become our full-time unpaid job. We can take practical steps and do something — however small — to improve our privacy, such as:
- Read this article (congratulations, you are almost done).
- Take a few minutes to review your privacy and security settings on your computer devices and online accounts (including email and social media).
- Try to improve your knowledge, even just a little.
- Try to consciously choose what you are sharing and with whom. Don’t just accept the default.
- Discuss and consult with children about privacy choices. Help them evaluate their choices in this complex area so they can learn.
Organizations need privacy policies
Almost every organization collects and stores information about people, customers, clients, vendors, or donors. They need to handle that information transparently and consistently with good management, privacy practices, and law.
Good faith compliance with the law is a top priority, so analyzing applicable external rules is the first pedestal within Bandler’s Three Platforms to Connect. Organizations need to evaluate legal rules regarding privacy (and the overlapping field of cybersecurity).
Organizations should have a policy to manage privacy, satisfy legal requirements, and inform consumers about their practices. They should continually improve, and small steps can eventually cover great distances. An annual review is a start, which should cover three platforms:
- External rules
- Internal rules (policies and procedures), and
- Practice (what is actually done).
Privacy as an area for personal and professional development
Privacy is an issue for individuals and organizations, and threats, regulation, and consumer demand are increasing. This means if we increase our knowledge of privacy, we improve ourselves and benefit our family, employer, and customers.
Reading this article is a step for improvement, then continue on the path of privacy learning by evaluating more reading and training materials. For professional development, consider certification from the International Association of Privacy Professionals. Do some research and then take your next step — don’t wait until next year.
John Bandler is a lawyer, consultant, speaker, teacher, and author in cybersecurity, cybercrime, privacy, investigations, and more. He is the founder of Bandler Law Firm PLLC and Bandler Group LLC, legal and consulting practices that help organizations and individuals with cybersecurity, the prevention and investigation of cybercrime, privacy, compliance, risk management, and governance. John has expertise in many subjects, holds a number of certifications, and is a prolific writer and speaker. His first book is Cybersecurity for the Home and Office, his second book is Cybercrime Investigations, an extensive resource regarding the law, technology, process, and skills regarding the investigation of cybercrime. John has authored articles on a range of topics and teaches professionals and students at the undergraduate, graduate, and law school levels.
Before entering private practice, John served in government as an assistant district attorney in the New York County District Attorney's Office where he investigated and prosecuted criminal offenses ranging from cybercrime, virtual currency money laundering, and traditional street crimes and frauds. Prior to that, he served as a state trooper in the New York State Police providing full police services to the local community.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.