The inconvenient truth about Data Privacy Day

Data Privacy Day is remembered yearly on January 28, around the world — the objective being to remind users and organizations on privacy best practices and principles in this digital age, where whoever has access to most data, will be king. The first Data Privacy Day across both the US and Canada was in 2008, however in Europe there is also Data Protection Day, which has been going on since 1981. While regulations have evolved over the last few decades, the key message is still the same – data privacy is a right.

Over the years, the very notion of data privacy continues to be debated all over the world on various platforms by numerous stakeholders including governments, tech speakers, and data privacy advocates. Today, data privacy no longer just comprises what information is collected and used, online or offline, but also predicting and analyzing the choices that are about to be made.

Data analytics, predictive analytics, and other AI analytical tools are all about understanding what consumers have done, are doing, and are planning to do. To help protect users, many nations have imposed stricter regulators on protecting the privacy of their citizens as well as ensuring data does not leave the country.

But is this sufficient? TechHQ speaks to several data privacy experts to get their views on the inconvenient truth about data privacy and data protection. Here is what they had to say.

Dave Russell, VP of Enterprise Strategy, Veeam

Today, data privacy is at greater risk than ever before. There are concerns over accidental data leakage, which is not malicious, but still represents an opportunity for exposure. Increasingly cyberthreats and ransomware no longer target data for bad actors to encrypt until a ransom is paid, but now data exfiltration and purposeful data leakage can be a component of the cyberattack.

Even small pieces of data can be important, and now many pieces of data can be combined to represent an even larger privacy risk. This means that data security, frequent reviews of what data is truly required to be retained, and data availability are all needed to ensure that corporate and personal data remains safe.

Ramsés Gallego, International Chief Technology Officer, CyberRes
 
A big part of the challenge of keeping data private is knowing what data you have in the first place. Companies were already combating huge data bloat and sprawl – lots of it unstructured or spread across multiple systems.

Add the sudden acceleration of home working and cloud adoption to the mix, plus the means to safely transport and manipulate that data across premises without adding risk, and you can see why managing privacy can be such a challenge for data officers and SOC teams.

Simon Marchand, CFE, Chief fraud prevention officer for Nuance Communications

As we transition into a post-pandemic world of remote working, shopping and socializing, it has never been more important for businesses to ensure that users are provided with a more sophisticated and secure experience. Whilst there is not and never will be one single silver bullet for fighting fraud, biometrics is a proven, effective fraud prevention tool.

By authenticating people based on who they are, rather than what they know or something they have, organizations can use biometrics to protect against fraud in any channel, regardless of new tactics fraudsters might use. Such technology can protect sensitive systems, but also protect employees against social engineering which could lead to breaches of privacy, or even more sophisticated, large-scale attacks.

Andy Teichholz, Global Industry Strategist, Compliance & Legal at OpenText

Data privacy reform has changed our global community forever. As we begin 2022, organizations face an emboldened world, demanding greater accountability and trustworthiness. The recent steps taken by several countries to bolster their consumer privacy rights and processing activities (such as China’s Personal Information Protection Law) will have a far-reaching global impact on privacy rights and data protection practices.

People are more empowered than ever to exercise their rights, submit Subject Rights Requests (SRRs) and reclaim control of their information. They want to understand how their data is used and to access, correct, delete, and restrict use. A well-executed automation for SRR response program that delivers a strong experience will be critical to improve customer satisfaction and loyalty.

Felicity March, UKI Security and Resiliency Practice Leader Kyndryl

Data is the most valuable asset for a modern business. But as organizations embark on their digital transformation journeys, or accelerate them since the start of the pandemic, managing, protecting and accessing business critical data becomes increasingly complex for organizations.

Not only has enterprise data grown exponentially in volume it is becoming increasingly diverse, dynamic and distributed. Simultaneously, data protection strategies against data corruption and cyber attacks need a wholesale approach and change in strategy and architectural designs and the use of immutable storage, air gapping and active data protection is essential to ensure that enterprises can recover back to clean data.

As we digitize more workloads, business systems and processes are becoming increasingly connected and this interconnectivity increases the risk of a small, seemingly discrete event in one part of a company having a major disruptive impact across the entire organization. Businesses need to adopt a data protection solution that can do a cyber backup, restore and maintain access to critical data.

Pritesh Parekh, Chief Trust & Security Officer, VP of Engineering at Delphix 

Although many companies have strengthened security controls to ensure only the right people have access to sensitive data, redacting and obfuscating data in all environments – and especially lower environments – is equally critical to effectively managing risk and preventing attackers from gaining access. Too often, employees either aren’t aware they could be violating security policies or don’t understand how shortcuts can put customers’ data – and their company, too – at risk.

Modern technologies – such as data masking – could help to mitigate these attacks and improve data privacy throughout an organization. Data masking can automatically identify where sensitive data resides — across every system including non-production environments for development, testing, and analytics. It then applies algorithms that replace the original value with a fictitious but realistic equivalent in an irreversible way. This, ultimately, decreases the risk of a breach and prevents hackers from getting hold of valuable data. The more masked data your company has, the less there is for bad actors to steal.

James Walker, CEO at Rightly

 We live, work and play in a world of data, but this new world can be shady and overwhelming. 2022 will be the year that consumers finally get wise and do something about how companies use (or misuse) their personal data and how this ultimately puts them at risk. This should be a warning to organizations handling personal and sensitive information. Now is the time to take people’s right to personal data security seriously.

For that to happen, businesses must do their due diligence when it comes to buying and selling consumers’ personal data. With the way many companies operate at present, consumers are at immediate risk of their data being lost online.

Chris Boyd, Lead Analyst at Malwarebytes

As Data Privacy Day is upon us, it is important that everyone adheres to the three C’s. Firstly, check your socials – we live in a society in which we feel obliged to project every detail of our lives across the internet. This eats away at our privacy and increases the risk of unsolicited and private information being shared. Reevaluating this mindset could boost your privacy and security considerations.

Secondly, consider alternating browser usage every so often. Switching from one browser to another can help keep advertisers and profilers on their toes and gives you greater insight into security measures put in place by the developers. It’s also important to ensure your browser is legitimate and not rogue software or simply an advertisement farm masquerading as a privacy tool.

And finally, challenge yourself – the evolution of social media, camera phones, and smart devices threatens other people’s privacy by allowing multiple parties to access it. We need to be as motivated to protect the privacy of others as we are on our own.