Protecting Your Data

January 22-28, 2023 is Data Privacy Week. To celebrate, we are partnering with the National Cybersecurity Alliance to spread awareness and resources about online privacy.

Your data is valuable. Even if you don’t agree, many organizations and groups would pay top dollar for it and they don’t all have your best interests in mind. But you have the power to take charge of your data. This is why we are excited to celebrate the second ever Data Privacy Week!

The goal of Data Privacy Week is to spread awareness about online privacy. We think data privacy should be a priority both for individuals and organizations. Our goal is twofold: we want to help individuals understand that they have the power to manage their data and we want to help organizations understand why it is important that they respect their users’ data.

Data Privacy For Individuals

All your online activity generates a trail of data. Websites, apps, and services collect data on your behaviors, interests, and purchases. Sometimes, this includes personal data, like your Social Security and driver’s license numbers. It can even include data about your physical self, like health data – think about how a smartwatch counts and records how many steps you take. While it’s true that you cannot control how each byte of data about you and your family is shared and processed, you are not helpless.

Here are some simple, easy tips that will help you manage your data privacy:

1. KNOW THE TRADEOFF BETWEEN PRIVACY AND CONVENIENCE.

Nowadays, when you download a new app, open a new online account, or join a new social media platform, you will often be asked for access to your personal information before you can even use it. This data might include your geographic location, contacts, and photos.

For these businesses, this personal information about you is tremendously valuable — and you should think about if the service you get in return is worth the data you must hand over, even if the service is free. Make informed decisions about sharing your data with businesses or services. Is the service, app, or game worth the amount or type of personal data they want in return? Is the data requested even relevant for the app or service (that is, “why does a Solitaire game need to know all my contacts”)?

 2. ADJUST THE SETTINGS TO YOUR COMFORT LEVEL

For every app, account, or device, check the privacy and security settings. These should be easy to find in a Settings section and should take a few moments to change. Set them to your comfort level for personal information sharing; generally, we think it’s wise to lean on the side of sharing less data, not more.

3. PROTECT YOUR DATA

Data privacy and data security go hand-in-hand. Along with managing your data privacy settings, follow some simple cybersecurity tips to keep it safe. We recommend following the Core 4:

  • Create long (at least 12 characters), unique passwords for each account and device. Use a password manager to store each password – maintaining dozens of passwords securely is now easier than ever.
  • Turn on multi-factor authentication (MFA) wherever it is permitted – this keeps your data safe even if your password is compromised.
  • Turn on automatic device, software, and browser updates, or make sure you install updates as soon as they are available.
  • Learn how to identify phishing messages, which can be sent as emails, texts, or direct messages.

Data Privacy For Organizations

Respecting the privacy of your customers, staff, and all other stakeholders is critical for inspiring trust and enhancing reputation. By being open about how you use data and respecting privacy, you can stand out from your competition. Communicate clearly and concisely to the public what privacy means to your organization, as well as the steps you take to achieve and maintain privacy.

Here are a few steps toward building a culture of respecting data at your organization:

1. CONDUCT AN ASSESSMENT

Assess your data collection practices. Make sure the personal data you collect is processed in a fair manner and only collected for relevant and legitimate purposes. Understand which privacy laws apply to your business, and remember you will have to think about local, national, and global regulations.

2. ADOPT A PRIVACY FRAMEWORK

Research how a privacy framework can work for you. A privacy framework can help you manage risk and create a culture of privacy in your organization. Get started by checking out the following frameworks:
NIST Privacy Framework
AICPA Privacy Management Framework
ISO/IEC 27701 – International Standard for Privacy Information Management

3. EDUCATE EMPLOYEES

Your employees are the frontlines toward protecting all the data your organization collects. Create a culture of privacy in your organization by educating your employees of their and your organization’s obligations to protecting personal information.