Data Privacy Day was earlier this week. I can’t think of a time when data privacy was more discussed among businesses and individuals than right now, and yet, this day to focus on privacy went largely unnoticed. At least, I had no idea it was coming until a couple of people alerted me. Now I know it falls every January 28.
Of course, data privacy isn’t something we should be thinking about only one day a year. Nor should data privacy be seen only in relation to NSA spying and Edward Snowden. It is something that should be practiced regularly and improved upon whenever possible in order to keep information from getting into the wrong hands (and I don’t mean the government).
As Guidance Software’s Anthony Di Bello pointed out in a blog post, data privacy and security needs to be used everywhere for it to be effective. The best practices used at work should extend to home. The trick is making sure employees understand why instituting best practices for privacy is so important. Di Bello provided an example from a chief information security officer (CISO) with whom he works, and I think this advice should be shared:
This CISO knows that a single, annual 30-minute webinar on security awareness training will not be enough to establish best-practices data handling for the employees of this global company and the many third parties who are part of their information ecosystem. To interest employees in improving corporate data security, his team focuses a variety of courses year-round on the individual employee’s personal data privacy and security. People are naturally more invested in topics that improve their personal lives, and have found that that employees trained to appreciate data security will apply those same security principles when working with corporate and customer data at work.
Computer users should be encouraged to think about privacy choices the next time they create a new online profile, or load an app on a phone, or sign up for a frequent shopper card at their favorite retail establishment, Chester Wisniewski, senior security advisor at Sophos, told me in an email, adding:
And with the big data movement hell bent on collecting as much information about us whenever possible, apparently innocuous or unimportant details can be pieced together in new and surprising ways.
Wisniewski provided three very easy ways to protect user privacy. These steps encourage employees to not only protect their own data, but company information as well: