Spotlight on Data Privacy

Here’s a sobering statistic: More than 7.9 billion records, including credit card numbers, home addresses, phone numbers, or other sensitive information were exposed in 2019. That’s an average of 21.6 million records compromised every single day.

This is why each year on 28 January, the National Cyber Security Alliance (NCSA) promotes Data Privacy Day to drive awareness about the need to enhance data protection measures.

Here’s the advice NCSA gives businesses:

• Privacy is everyone’s business. If you collect it, protect it. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access.
• Transparency builds trust. Be open and honest about how you collect, use, and share consumers’ personal information. Think about how the consumer may expect his or her data to be used and design settings to protect information by default.
• Build trust by doing what you say you will do. Communicate clearly and concisely to the public what privacy means to your organization and the steps you take to achieve and maintain privacy.
• Conduct due diligence and maintain oversight of partners and vendors. If others provide services on your behalf, you are also responsible for how they collect and use your consumers’ personal information.

The NCSA also has a website geared toward small- and medium-sized business that want to learn how to be safer and more secure online.

In addition, other resources on security's role in managing data privacy include:

• “Data Privacy, Information Management, and Security: Adjusting to a New Normal,” which gives an overview of existing and emerging regulations, as well as tips for security managers on how to prevent data breaches.
• “French Regulator Issues First Major GDPR Violation Fine,” on Google being hit with a €50 million fine for not adhering to EU General Data Protection Regulation requirements.
• “How to Bridge the Gap,” which explores the ways physical security must interact with IT and cybersecurity to protect an organization’s digital assets.
• “Most Data Breaches Come from Insiders,” which shares that most data breaches are the result of actions taken by the organization's employees. 

And finally, check out these ASIS International education resources:

• Best of GSX: Cyber Attacks—Prevention and Response. This package gives immediate access to three recorded sessions from GSX 2019: "Cyber Threats to Expect in 2020," "Business Espionage in the Age of Technology," and "Who You Gonna Call? Working with Law Enforcement, Regulators, and Attorneys During a Breach." ($75 nonmembers, $60 ASIS members).
• New Legal Requirements in Data Privacy and Cybersecurity. A webinar on 13 February 2020 that will look at the New York SHIELD Act, the California Consumer Privacy Act, and other privacy regulations.  (Exclusive, free webinar for ASIS members.)