What is Data Privacy Week?
By Reese Kimmons, MS ISA
The roots of what is now Data Privacy Week can be traced back to January 28, 1981, when the first of its kind international data privacy and protection treaty known as Convention 108 was signed. In 1985, concerns regarding the evolution of artificial intelligence led to the treaty being amended and expanded.
By 2007, European nations had adopted Data Protection Day, which then spread to the U.S. and Canada by January of 2008.
In 2022, the U.S. National Cybersecurity Alliance (NCA) expanded Data Protection Day into Data Privacy Week, which will become an annual event observed every January to commemorate the anniversary of the signing of the Convention 108 treaty.
When is Data Privacy Day?
Data Privacy Week 2022 began January 24th and ran through Friday the 28th. Data Privacy Day occurs every January 28th.
This year’s data privacy themes
Data Privacy Week and its themes are intended to raise awareness regarding privacy issues and to promote the safeguarding of sensitive data at work and at home.
In 2022, the selected theme for organizations was “Respect Privacy.” For individuals, the theme was “Keep it Private.”
Organizations were encouraged to “Respect Privacy” by raising the level of security awareness among the workforce, contractors, and others with whom they do business. To help them do so, resources including various security videos, privacy tools, assessments, and others were made available at no cost.
Data Privacy Week campaigns targeting individuals to help them “Keep it Private” included information about how to manage privacy settings on devices and websites. Consumers were cautioned that devices including smart appliances, voice assistants, their children’s toys, and even their vehicles were constantly collecting, sharing, and selling their data and making it available in ways that could allow it to be compromised by cybercriminals.
Recommended reading: 12 Tips for securing your online identity and protecting your data privacy in 2022
Recommended resources for organizations
In conjunction with the Data Privacy Week 2022 Respect Privacy theme, the NCA recommended that organizations conduct data security assessments, then adopt a data privacy framework that will best fit their needs.
The agency specifically recommended the following frameworks for consideration:
- National Institute of Standards and Technology (NIST) Privacy Framework
- The American Institute of Certified Public Accountants (AICPA) Privacy Management Framework
- The International Organization of Standards (ISO/IEC) 27701 – International Standard for Privacy Information Management
The NCA also stressed the importance of employee data security and privacy training. Organizations are obligated to protect the personal information of their employees, contractors, stakeholders, customers, and anyone else with whom they do business.
Companies are encouraged to maintain their own privacy policies and train their staffers to adhere to them, stressing the role each employee plays in an overall culture of privacy and security.
To help organizations with their privacy training, the NCA published a tip sheet entitled 5 Ways to Help Employees Understand Data Privacy.
Recommended resources to help individuals “Keep it Private”
Per the NCA’s 2022 Data Privacy Week recommendations to help individuals manage and protect their sensitive information, consumers need to first understand the “privacy/convenience tradeoff.”
Many apps require access to information like the user’s geographical location, images and camera, contact lists and more, even if that access is not required for the app to function. The NCA recommends that consumers consider whether providing that type of information and device access is worth it based on the functionality offered by the app.
Remember, when you are offered something for free, like an app for your smartphone, it’s most often your information that’s for sale.
The NCA recommends that consumers read terms and conditions and check the privacy and security settings for apps and Web services. The agency also recommends that consumers take advantage of those settings that limit the amount of data collected and how that data is shared.
NCA’s 2022 Data Privacy Week recommendations for individuals also included using lengthy, complex passwords and taking advantage of multi-factor authentication wherever available.
What’s to come
The Convention 108 treaty of 1981 is evidence of the fact that data privacy and security concerns are nothing new.
Data Protection Day, adopted in Europe in 2007, has evolved into what is now Data Privacy Week. We can look forward to the continued expansion of privacy tools and resources being offered during Data Privacy Week events to come.
Because cybercriminals can now operate freely from nations where they will never be brought to justice and because they can perpetrate their attacks against targets just about anywhere in the world, it is more important than ever that organizations and governmental agencies work together to defend against them.
It’s also important that consumers understand how their personal information is being collected and used and what they can do about it. The evolution of Data Privacy Week is a big step in the right direction.
About the Author:
Reese Kimmons is an experienced IT executive with an AAS in Applications Programming, a BS in IT Management and an MS in Information Security and Assurance. During his time in the IT industry, Reese has earned certifications in ethical hacking, forensics investigations, ISO/GIAC, and Cisco networking.
- Deepfake Video Tactics Used in Ukrainian Conflict Coming to a Computer Near You - March 26, 2022
- Be Prepared: Cybersecurity Pros Predicting World Events Will Trigger Large-Scale Cyber Attacks - March 23, 2022
- Is it Still Safe to Electronically Transfer Funds Overseas? What are the risks? - March 5, 2022