Data protection is something that affects almost everything that we do. From checking our phones first thing in the morning to logging in at work, from high-street shopping to monitoring our biometric data at the gym, we are constantly handing over our personal information.
Although many of us are broadly aware of the risks involved when sharing this data, we don’t fully grasp the ramifications – nor do we realise there are ways we can better protect our personal information.
It’s why, for the past sixteen years, there has been an international effort to raise awareness of online privacy. Data Protection Day is celebrated on 28 January, the anniversary of the Council of Europe’s data protection convention being opened for signature.
In the run-up to Data Protection Day (known as Data Privacy Day outside Europe), governments and organisations around the globe carry out activities to promote the importance of data protection.
Let’s take a look at some of the ways you can mark the day, and the ways you can be more informed about data protection?
Keep it private
One of the key lessons regarding data protection is for individuals to understand the impact of handing over our personal information.
We often leave behind a trail explicitly, posting about our activities and behaviours on social media or forums. Meanwhile, when signing up for a service or purchasing a product, we’re often asked to first supply information about ourselves.
Sometimes that’s necessary. For example, if you’re being charged, you need to hand over your financial details. But other times we’re left questioning why we’re being asked certain questions.
Why, for instance, do we need to provide an email address when buying something over the counter in a high-street shop? Why do we need to create an account to read an article on our local newspaper’s website?
It’s easy to resign yourself to these sorts of practices and say that it’s just how the world is these days. But every time we hand over our personal information, we’re creating another space where our information could be misappropriated and expanding the possibility that we could be victims of fraud.
As such, we encourage everyone to think carefully before handing over their personal data. The information and shouldn’t be given out to anyone who asks for it.
When prompted to provide your personal information, you should ask yourself what you get in return. The organisation might use the data to improve the user experience, but do you know who will have access to the information you share? Might it be accessed by a third party who will use the information in a way that negates the benefits.
Another tip is to review the privacy and security settings on web services and apps that you use. Each device, app or browser has different features to limit how personal data will be used and who it will be shared with.
We also recommend securing your data by creating unique passwords and storing them in a password manager. This reduces the risk of a cyber criminal guessing your credentials but means you don’t have the burden of having to remember a series of complex passwords.
Addressing data privacy at work
Data Protection Day is a great way to drive public awareness of the risks related to sharing your personal data, but for organisations these risks must be addressed more than once a year.
These concepts should be embedded within the core principles of your business. The introduction of the GDPR (General Data Protection Regulation) and its UK equivalent has greatly increased the burden on organisations to manage people’s personal data responsibly, and it gives supervisory authorities the power to levy significant fines for anyone that fails to meet their responsibilities.
But data protection isn’t just about regulatory compliance. A robust information security management system can tackle the pervasive threat of data breaches and cyber attacks. A UK government study found that 38% of small business were targeted by criminal hackers last year, while our own research found that more than 1,000 organisations worldwide disclosed a security incident.
IT Governance offers a range of solutions to help organisations address data protection and mitigate the risk of cyber attacks. Our services include staff awareness e-learning, documentation toolkits, security testing solutions and consultancy packages.
A version of this article was originally published on 24 January 2022.