Why security matters: Lessons from Data Privacy Day 2018

Unless data privacy is your lifeblood, you’ve probably never heard of Data Privacy Day.  It’s not publicized nearly enough (in my opinion), and to be truly vigilant about data privacy and security, it will surely take more than one day out of the year to learn about it.  However, I am thankful for the one day — and the one month, October, as National Cyber Security Awareness Month — purposefully set aside for raising awareness about data protection best practices and the importance of protecting the privacy of personal information online.

Data Privacy Day (known in Europe as Data Protection Day) is an international holiday that is observed every January 28 in the United States, Canada, India and 47 European countries.  This year, 2018, marked its tenth anniversary.  The educational focus has expanded over the past few years to include families, consumers and businesses.

On January 25, the Thursday before the official Sunday, the National Cyber Security Alliance (NCSA) streamed its signature event live from the LinkedIn headquarters in San Francisco. This event featured engaging panels, TED-style talks and interviews focusing on the latest privacy issues everyone should know about.  This year’s Data Privacy Day efforts highlighted why privacy matters, special privacy concerns in the growing “Internet of Me” and how to foster a culture of privacy awareness at work.

Personal data – fuel for cool technology

Studies show that 30.7 billion devices will be connected online by 2020So why does that matter?  Everything you do online is being recorded, collected, analyzed, shared and used because of these devices.  Consider your personal data as the fuel for all this cool new technology to actually work.  Without your personal data, they’re useless.  So always remember, Personal Information Is Like money. Value It and Protect It!” 

Privacy vs. security. As many know, security focuses on the confidentiality, integrity and availability of information. A data breach means at least one (sometimes more) of these principals was affected.  Privacy generally deals with the primary and secondary uses of the information collected and how we treat the data.  For instance, is there transparency, consent and choice at the individual level? Privacy provides individual autonomy and respect for individuals’ preferences surrounding their data.

The cost of “free” online. Nothing is really free online.  We pay for it with our personal data when we click “agree” on terms and conditions to allow companies to collect our data on mobile phone apps and on forms that we voluntarily complete on websites.

The value of our data. So, what’s the value of our data? The amount of data that’s being collected is growing in terms of the type of data companies are interested in for mining and behavioral analytics — both of which can mean big money to a lot of companies.  They can see and predict an extraordinary amount of “things” just by holding on to and utilizing the data collected — things such as preferences, purchase habits, health issues and more.

What you reveal matters

Most people think that they don’t have anything online that anyone would care about. They even joke, “If someone stole my identity, they’d give it back.”  However, there are strong consequences for our online activities. Simply posting on social media that we will be going on vacation soon — or posting while on vacation — gives “bad actors” the green light to go to our homes and invade our privacy, including computers, mail and those important documents we all usually keep in one place.

Think about the old adage, “Perception is reality.” Then think about the affiliations that could be inferred about you just from the websites you visit – stores, non-profit organizations, political links, health matters, reactions to online posts, etc.  Think about that “just for fun” online gambling account that you created. Could that account stop you from getting credit or a mortgage in the future?  Or what about the personal fitness tracker on your arm?  That information could be used by an insurance provider to determine your health risk posture or what type of insurance you are eligible to receive.

Micro-targeting

While having a “why is privacy so important” discussion at a conference for the new General Data Protection Regulation (GDPR), I was told by a colleague who lived in one of the EU member states, “Think about someone or some entity like the extreme powers of World War II getting access to your private data — your race, religious preferences, address, etc.”  What could someone like that do with your personal information?

Wow! That really put things into perspective for me.  Before, I was only worried about my money, credit and potentially the belongings in my home, but to bring my personal safety into the picture put a whole new light on why protecting my privacy is so important.  And it should be important not only to you, but to those in your community as well.  

Be a part of something big — get involved

You can get involved at home, at work and in your community. The NCSA, in partnership with StaySafeOnline and Stop. Think. Connect., provides free, nonproprietary privacy awareness and education resources to help spread the word about managing privacy and protecting personal information. So just take action, help create a culture of privacy and support the Data Privacy Day’s theme: “Respecting Privacy, Safeguarding Data and Enabling Trust.”

In your community:  Share your privacy knowledge.  Volunteer in a local school, senior care facility or faith-based organization. Send messages on community blogs.  You can use NCSA’s privacy resources to spread the word.

At work:  Privacy is good for business. Create a culture of privacy at work by teaching all employees what privacy means to your organization and the role they have in making sure privacy is achieved and maintained.

Your family:  Observation changes behavior – think about Santa Claus and the lyrics, “He sees you when you’re sleeping.” Who’s observing and why do they want/need our data?  There’s probably a lot more of your family’s information floating around in cyberspace than you think!

Managing your privacy and protecting your personal information doesn’t have to be hard. Here are five tips from the StaySafeOnline website to get you started:

  1. Value and protect your personal information. What you search online and where you shop and live has value, just like money, so be thoughtful about how you provide that personal information and how it’s collected through apps and websites. Remember, “Nothing is free!”
  2. Share with care. What you post can last a lifetime. Before posting online, think about how it might be perceived now and in the future, and who might see it.  The “Golden Rule” applies online as well – post only about others as you would have them post about you.
  3. Own your online presence. Set the privacy and security settings on your apps, services and devices to your comfort level of privacy and information sharing. Talk to your family and friends about how to protect personal information and stay safe online. (Get started with the “Get Involved at Home” resource, which has articles and information about privacy tips for parents, raising digital citizens, cyberbullying and gaming.
  4. Lockdown your login. Turn on the strongest authentication settings and tools available — such as biometrics, security keys and unique one-time codes — in your mobile device apps. Your username and passwords are not enough to protect your email, banking and social media accounts.
  5. Keep a clean machine. Update your security software, web browser and operating system to have the best defense against viruses, malware and other online threats.

These simple steps can make a huge difference and make you and your family safer online, so don’t wait! Join the greater effort, take action and be #PrivacyAware.

(Note: This blog drew on information from the NCSA and the International Association of Privacy Professionals (IAPP), a not-for-profit, non-advocacy membership association.)


Angel-Mosley-headshotAngel Mosley is a member of DXC Technology’s Security Advisory Services.  She has 15+ years of consulting, training and leadership experience across various disciplines, including data security and privacy programs, risk management, IT audit, vendor risk management, and the Strategic Trusted Advisor space. She currently serves in a leadership role as Principal Consultant of the Data Protection and Privacy practice.  Taking a ‘data privacy by design’ approach, Angel has successfully consulted with organizations to educate and help them discover and classify personal, card-holder, and healthcare protected data in their environment; and provided recommendations of how to protect it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: