Data Protection Day is almost upon us, which means it's a great time to talk about what data privacy is and why January 28 is a day of worldwide recognition for this important issue.
In 2006 the Council of Europe decided to launch a Data Protection Day to be celebrated each year on 28 January, the date on which the Council of Europe’s data protection convention, known as “Convention 108”, was opened to signature. Data Protection Day is now celebrated globally and is called Privacy Day outside Europe.
Data Protection Day originates from a 1981 Council of Europe treaty meant to protect an individual's right to privacy. As technology advanced, the Council worked to update the treaty to include new protections appropriate to the capabilities and practices of the times. In 2006, the Council of Europe named January 28 as European Data Protection Day. Three years later, the US followed by declaring January 28 as National Data Privacy Day. Other organizations like the National Cyber Security Alliance and the Online Trust Alliance also started observing January 28 as Data Privacy & Protection Day. The day is observed worldwide by many types of organizations, including governments, businesses, educational institutions, non-profit organizations, and concerned individuals.
Data Privacy & Protection Day was started to promote awareness and use of best practices surrounding this issue. The National Cyber Security Alliance leads the Data Privacy Day (DPD) initiative in the United States, and has several resources here for you to review and use in your business. The Online Trust Alliance also has several resources to help you employ best practices. The 2017 publications will be available soon.
Europe observes January 28 as Data Protection Day and has several resources available online. The initiative began with a focus on business, but the material and messaging now includes information for families, individuals, and consumers. The Information Commissioner's Office has several training videos available here. The Council of Europe maintains a website here with information on the events of each year. They also maintain a fact sheet here (pdf) which summarizes important legal actions and regulatory activities of the year.
So what does all of this mean to you? Why should you care about this day of recognition, and all of the activities around it?
There are two big benefits of the worldwide observation of Data Protection Day. The first is obvious: more material being shared and discussed in person or online, means that more people are being informed of the risks associated with sharing sensitive information. The second is less obvious to consumers and individuals, and deals directly with how we conduct business and protect ourselves from crime.
In 2016, the ICO issued more than £1 million in fines to British businesses that had failed to keep their customer or employee data safe. Alongside changes to our data protection regulations, policy makers have been sending an increasingly clear message that breaches of personal privacy are a very serious matter. The GDPR might seem a way off, but compliance will require businesses to make some significant changes to their privacy policies, culture and technologies. If one thing is for sure, data protection will have to become a cornerstone of security strategy.
One area especially relevant to this is the cloud, which is now widely being used both for the storage of data and to host applications that may contain sensitive customer information. Placing layered protections around cloud services, above and beyond those offered by the cloud vendors themselves, will help ensure that customer information is not being left open to cyber attack. The time for procrastination has passed, organisations should start looking for ways to future-proof their data protection policies now.
Initiatives like Data Protection Day help IT professionals communicate the importance of protecting sensitive data. Armed with information like this, these professionals are better able to get buy-in from supervisors and others who may not fully understand the risks. If this helps the IT professional implement better user training or upgrade the security infrastructure, then Data Protection Day has definitely done its job.