“With the California Consumer Privacy Act (CCPA) going into effect in January 2020, this year’s Data Privacy Day couldn’t be more timely for increasing awareness among businesses and consumers about the importance of respecting and protecting personal information,” said Kelvin Coleman, executive director of the National Cyber Security Alliance (NCSA). “With the tremendous growth of businesses collecting and using personal data and millions of customers putting private information online, Data Privacy Day works to encourage businesses to improve data privacy and security practices and educate consumers about the many ways their personal information can be used and shared.”
Data Privacy Day (known in Europe as Data Protection Day) is an international effort held annually on January 28 to create awareness about the importance of privacy and protecting personal information, and is sponsored by the NCSA.
The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices. Consumers can follow these tips to stay safe online and to protect their personal information. Although this day is mostly to raise awareness for consumers, businesses are encouraged to keep consumer data out of hacker’s hands by understanding what and where are the “digital crown jewels” others want, learning how to protect those assets, detecting when something has gone wrong, and reacting quickly to minimize impact.
Security, Risk, and Governance—Secure what matters most
Cyber threats are escalating. Aging apps and processes (along with new ones) are full of unforeseen risks. Privacy and compliance requirements are mounting. And point solutions don’t offer the scope, vision, or cross-silo analytics needed for these company-wide challenges. We strongly encourage our customers to take a holistic, analytics-driven approach to securing what matters most—identities, applications, and data. Incidentally, Identities have evolved beyond heartbeats. Businesses need to ask, who has access to what, and how are privileges managed?
To help businesses protect sensitive data, it is first important to first know what data needs protecting. Organizations should follow the best practices of automating the identification of personal information (or PII) that is most important to their customers, and then secure this data throughout its lifecycle in conjunction with privacy regulations such as the EU’s General Data Protection Regulation (GDPR) or the aforementioned CCPA, to name two. Some of these regulations are global in nature which now leaves many historically non-regulated organizations having to cope with these new requirements. Organizations need a uniform way to apply policy to all regulated data (structured and unstructured).
But knowing what is sensitive customer data (name, address, credit card, social security number) and where the sensitive data resides is not enough. With cyber attackers lurking seemingly everywhere, external or even internal, enterprises cannot fully control and trust their data environment. They have to instead protect the data itself with data-centric security. For companies that take data privacy seriously, the only alternative is to implement a data-centric privacy and protection program, one that encrypts or tokenizes at the data level itself. This allows any sensitive company or consumer data to be fully protected across the entire lifecycle of that data, yet still allowing the data to be moved around the organization, and to be processed and analyzed in a protected fashion.
There are InfoSec venders that offer robust point solutions however, #buyerbeware! Very few vendors can assure security and governance professionals that they are protected against breach, guarding the privacy of individuals and their data, and complying with regulatory and jurisdictional regulations – at scale, with ease, insight and confidence.
Enterprises need a holistic solution that addresses their need to access and analyze sensitive information and deliver new value to consumers, as well as their need to build security into their business in a seamless and efficient way. For businesses that want to take data privacy seriously, then security should be at the core of everything they do. So on this Data Privacy Day we issue a call to action to enterprises large and small: take the right steps to protect your information and keep private data private.
Share your support for Data Privacy Day by following @MicroFocusSec on Twitter and by using the hashtag #PrivacyAware.