The 17th Annual Data Protection Day took place recently (January 28) but is relevant all year round. It is a day marked by the ‘gloom’ and ‘uncertainties’ of international crises by the war, the climate crisis and the economic crisis, according to the Council of Europe.
Data Protection Day is an annual event, celebrated across the globe, to raise awareness around data privacy and protection best practices, educating both consumers and businesses on protecting information online and encouraging compliance with privacy laws.
A statement by the Council of Europe’s Data Protection Commissioner, Jean-Phillippe Walter, warned that respecting data protection was weakened this year in the context of international crises.
“This bleak picture has implications for our human rights and fundamental freedoms, including the right to data protection,” said Walter. “In this climate of uncertainty and tension, there is indeed a strong temptation to introduce measures restricting our rights and freedoms and to resort too conveniently to surveillance technologies that could get to unwise processing of personal data.”
The statement also pointed to the fast-paced digitalisation of society and reckless use of technology by tech giants as a key risk to consumers.
Sridhar Iyengar, Managing Director for Zoho Europe, commented: “Data Privacy Day is an important initiative for both consumers and businesses with an urgent need to raise awareness around the protection of personal data, and it is brilliant to see the Council of Europe taking a leading role in promoting transparent data practices.
“The data privacy disconnect between consumers and organisations is becoming increasingly concerning, with research from Cisco revealing that 43% of consumers feel that their data is not sufficiently protected by organisations online. In contrast, 96% of security professionals believe that their organisation has the required processes in place for ethical data privacy. There is a clear gulf that should be addressed to ensure consumers feel that their data is protected.
“Collecting data without transparency and the consent of the respective person is theft and such shady actions are completely unnecessary because consumers today are well aware that we live in a Data Economy. In a digital space marked by an increased volume of cyberattacks and a rise in third-party cookie trackers, it is imperative that businesses place an emphasis on making their customers feel safe online.
“Companies must start with transparent, ethical data policies rather than violating the trust of consumers, considering how they can protect this asset at every stage. The Cisco research highlighted that 76% of people would not buy from a company who they don’t trust with their data. It must become clear to everyone that data protection is more than just a feature; it is non-negotiable and the basis of a trusting customer relationship, which is at the foundation of business success.”
The Council of Europe has called for a number of safeguards to be introduced to protect people’s data, including:
· The development of AI systems be regulated by robust legislation.
· Digitalisation, the use of AI or the use of other surveillance technologies must be accompanied and preceded by a broad democratic and public debate.
· Education and awareness of digital technology and the use of information and communication technologies for all segments of the population must be developed and highlighted so that everyone can regain control of their private lives.
· The activities of the IT giants must be better regulated.
· Laws must be enforced and their application better supervised.
We spoke to industry experts who provided commentary discussing their opinions on how this annual day draws attention to the importance of re-establishing business practices to safeguard customer data…
Andy Teichholz, Global Industry Strategist, Compliance & Legal, OpenText
While government authorities and businesses have been challenged during the pandemic with balancing the twin priorities of protecting public health and protecting personal data, consumers have become more aware of the growing risks around their personal data, including where it may end up and who has access to it. With ongoing news coverage of high-profile data breaches and publicity around new government legislation on the horizon, consumers are more aware than ever before of their data privacy rights and organisational obligations to safeguard personal data. Our recent research found that almost three-quarters (72%) of consumers say they have new concerns about how organisations use their data, since the start of the pandemic.
Customer trust is crucial for business success but gaining and maintaining that trust is not always easy. Almost half (46%) say they would no longer use or buy from a company they were previously loyal to if it failed to protect or leaked their personal data. In today’s digital age, consumer priorities are rapidly shifting to take stock of how their personal data is being processed and used. To this end, customers are more empowered than ever to exercise their rights and reclaim control of their information by submitting Subject Rights Requests (SRRs), with our research showing that more than a third (34%) of consumers would completely abandon a brand if the company failed to respond to an SRR.
With the help of available technologies including AI and ML tools, organisations cannot only locate all personal and sensitive information, they can appropriately classify, manage and protect it throughout its life cycle and apply policy-based retention tools to support data minimisation. They can also automate the SRR fulfilment process to ensure deadlines are met and that processes are repeatable and defensible. It’s also essential to bake cyber-resilience into the fibre of an organisation. While it is impossible to totally remove the risk of a breach, cyber-resilience encourages a solid recovery plan to be put in place in the event of one. To create a true information advantage, establishing an integrated data management strategy will also help businesses differentiate themselves in the marketplace.
Customer trust is fragile and Data Privacy Day is an opportunity for organisations to reflect on their practices – to ensure they are doing all that they can to respect privacy rights, safeguard their customer’s personal data and maintain their loyalty.
Cindi Howson, Chief Data Strategy Officer at ThoughtSpot
In a digital economy, we are creating, capturing and sharing more personal data than ever before. Companies rely on customer data more than ever to create actionable insights to personalise services, operate more efficiently and drive business growth. We’re living in the ‘decade of data’ – and with this comes, of course, the decade of data privacy.
Privacy now extends far beyond protecting ourselves physically and encompasses everything we do or interact with digitally: our online footprint, often referred to as our digital twin. We’ve seen a raft of high-profile data breaches in the spotlight this past year which has fuelled public concern around data privacy. As companies become more data dependent, customers become even more reluctant to share data while citizens remain woefully ignorant about data collected on them. It is this tension and misalignment that needs to be properly addressed in order to unlock data’s full potential.
Those working with customer data within any business need to be vigilant about how personal data is collected, stored and used, as well as the implications of failing to handle this data correctly. Behind this data are real people, many of whom will not hesitate to take their business elsewhere should their data be lost or exposed. Ensuring data privacy is not just a technology issue, it’s also about company culture, process and controls. And with analysts now able to extract increasing amounts of data from even more internal and external sources, ensuring data privacy must be part of an organisation’s DNA. Dumping data from analytics tools to spreadsheets remains a weak link.
Nowadays, laws and regulations such as GDPR, CCPA and LGPD place stricter requirements on organisations, while giving individuals more access and rights around their data. Data Privacy Day, and the extended Data Privacy Week, is our opportunity, as businesses and data leaders, to bring awareness to those persistent knowledge gaps, take a closer look at best practices around data and open up the conversation around data privacy and protection.
Candid Wüest, VP of Cyber Protection Research at Acronis
As we commemorate Data Privacy Day, data protection remains a hot topic – one that needs a collective approach towards reducing data breaches and cyberattacks. As the world becomes more dependent on data, scores of organisations are increasingly becoming targets with some falling victim to breaches worth millions of dollars.
Some of the most recent data breach cases occur after cyberattackers gain access through an API. This is a trend that has emerged even as more companies increasingly shift their data management strategy to primarily used cloud storage and applications. As organisations integrate cloud2cloud interconnections, complexity in deployment continues to grow too. This is because most companies still need to be equipped to deal with imminent cyberattacks thanks to misconfigured or insufficient protection for their APIs.
A crucial point worth raising is that ransomware has already shifted to stealing and exfiltrating data in recent years. Attackers know that having this data and threatening to release it can be more devastating than encryption, which can be fought with backups. The most effective way to deal with such threats is adopting a holistic view and a solution like data loss prevention, which can significantly help potential targets mitigate the risks.
Passwords remain the number one defence when it comes to protecting data. As an authentication mechanism, a strong password is what stands between an organisation’s valuable data and millions of dollars in losses, not to mention a bad reputation. Sadly, we still see many companies with authentications (A.K.A. passwords like 123456) and no Multi-Factor Authentication (MFA) applied – this is a disaster waiting to happen.