Approximately 15 American and Canadian business and technology stakeholders launched Data Privacy Day in 2008, a holiday modeled after an identical celebration already popular across Europe, according to the National Cyber Security Alliance (NCSA).In the years since this leadership collective, now the advisory board to the NCSA, founded Data Privacy Day, enterprises across the globe have embraced the annual event, using every Jan. 28 to raise awareness about the importance of protecting the personal information of customers and employees. Four hundred and fifty organizations, including Evident, have registered as NCSA Data Privacy Day Champions in the last year and generated online content that reached more than 1.1 billion people.
Similar activity should unfold this year, with enterprises leveraging Data Privacy Day to draw attention to the issue of data privacy with internal and external parties. Companies that have yet to organize Data Privacy Day activities or roll out related initiatives still have time to take action. Here are some valuable ways that businesses can use the holiday to spread awareness on data privacy best practices:
Prepare your organization for GDPR
The European Union's long-awaited General Data Protection Regulation (GDPR) is scheduled to go into effect May 25, 2018. This law significantly toughens existing data collection and management regulations around the world, which have remained largely unchanged since 1995.
In fewer than four months, organizations based in Western Europe, as well as any international businesses managing data on EU citizens will be required to carefully document their information intake processes, obtain explicit consent from all parties providing personally identifiable data and adhere to strict breach reporting requirements. Firms that fail to meet these thresholds could face fines numbering in the tens of millions. In fact, the GDPR allows EU officials to dole out financial penalties 79 times larger than those assessed in 2017, according to data from NCC Group.
Despite the breadth of this new legislation, many businesses are not prepared to achieve compliance. Analysts for the New York City-based software firm Varonis connected with more than 500 information technology professionals at organizations across the U.K., the U.S., France and Germany, and found that 75 percent of survey participants believed their respective businesses would "face serious challenges" when attempting to comply with the GDPR. Enterprises in this position should use Data Privacy Day as a reminder to evaluate their levels of compliance and ensure they are prepared to operate in a more data privacy-minded Europe.
Address data security
Security and privacy go hand in hand nowadays. Organizations that stringently defend their digital assets against would-be hackers and carefully track server activity are obviously more likely to adhere to data privacy standards, whether legally binding or informal. Last year, cybercriminals executed more than 1,300 large-scale breaches and collected over 174 million pieces of customer and employee data, according to the Identity Theft Resource Center. Both of these disturbing figures smashed previous highs and are likely to surge even higher over the course of 2018 because of the further development of hacking tactics and purchasable malware.
Data Privacy Day is the perfect occasion for reviewing back-end systems to assess their stability in the face of cybercriminals of all kinds. Internet of things technology is a good topic to address, as a mere 36 percent of businesses have formalized data security policies centered on mobile devices and the systems used to manage them, according to PricewaterhouseCoopers.
Most modern employees are well aware of the concept of data privacy. After all, 3 out of 4 American adults now use smartphones and are likely aware of the data that flows through them, the analysts at Pew Research Center reported. However, understanding an idea and adhering to it in real time are two very different actions. Information may make the world go round, but that does not mean that users completely understand the machinations of that movement.
With this in mind, businesses should consider leveraging the hype around Data Privacy Day to organize and offer data privacy workshops that empower their workers to more effectively manage and protect their data, both personally and professionally. Ideally, such instruction should include training for things like identifying phishing scams sent via email, avoiding downloaded malware and the ways in which employees might give away personally identifiable information without even knowing it.As we near Data Privacy Day, organizations of all sizes should consider using the occasion to pursue some of the activities above. Those interested in taking more extreme action, like partnering with a proven data management partner, should consider contacting Evident. We provide our partners with a secure platform for using, sharing and authenticating valuable data. Connect with us today to learn more.
David Thomas, CEO at Evident, is an accomplished cybersecurity entrepreneur. He has a history of introducing innovative technologies, establishing them in the market, and driving growth – with each early-stage company emerging as the market leader.