10 Items to Consider for Data Privacy Day

(sajib's Creative House/Shutterstock)

In case your calendar isn’t showing Data Privacy Day occurring this Saturday, January 28, consider this your warning. Acknowledging the importance of data privacy is one thing, but taking the steps to ferret out the potential ways privacy can be broken–and laying out the steps you can take to fix the problem–is something else entirely.

There’s never been as much data as exists now, and unfortunately, we’re showing ourselves to not be great collective stewards of all those exabytes of information. The latest IBM breach report shows that the average data breach in the U.S. costs a whopping $9.4 million. What’s more, 60% of small businesses go out of business within six months of a data breach. Similarly, a 2022 IDC report on found that 83% of organizations had experienced data corruption from a ransomware attack, and nearly 60% experienced unrecoverable data as a result.

Keeping private data private is easier said than done. With that said, here are some pointers from experts that could help you make progress on your own data privacy initiative.

1. Check Your Cloud Settings

Data is migrating to the cloud like never before, but the cloud brings its own challenges to data privacy, says Brad Jones, CISO and vice president of information security at Seagate. First and foremost, users should find and fix any misconfigurations in the cloud.

“Organizations need to prioritize compliance across their entire cloud infrastructure,” Jones says. “An error in a cloud’s configuration could mean that an employee is just a click away from accidentally exposing an entire database–and opening the organization up to regulatory risk and reputation damage.”

Users can also bolster their privacy by property classifying sensitive data. “This could be as simple as a tag on a server or storage location mapped to the most sensitive level of data that an application contains, or a more granular object or database level of classification offered by some platform as a service providers,” Jones says.

Also, 2FA — just use it. (Blue Island/Shutterstock)

2. Humans Will Err

Alexander Pope once wrote: “To err is human, to forgive is divine.” But for Alec Nuñez, the director of business compliance at Poll Everywhere, a new mantra might read “To err is human, to mitigate data access security errors is divine.”

“Human error has been and will continue to be the number one cause of data security issues; there is no competition,” Nuñez writes. “The principle of least privilege is a substantial foundation all companies can establish when it comes to mitigating data security risks. This concept states that a user or entity should only have access to the data, resources, and applications required to execute a task. In other words, only provide individuals access to what they actually need. This is a basic idea to implement, but it will have a huge impact, permeating your organization’s system.”

3. It’s the Data, Stupid

It’s important to remember what we’re trying to protect, says George Waller, co-founder and EVP of Zerify, a video conferencing platform: data.

“The most valuable commodity today is data,” Waller says. “Organizations use video conferencing to discuss M&A, legal, military, healthcare, intellectual property, and other topics, and even corporate strategies. Almost all of that data falls under one of the compliance regulators because it’s considered sensitive, confidential, or even classified. A loss of data like that could be catastrophic for a company, its employees, its clients and its customers.”

4. But Don’t Forget People

Data is important when it comes to Data Privacy Day (it’s literally right there in the days’ name). But Tyler Adams, CEO of wire fraud prevention company CertifID, says it’s also important to spend time thinking about people and processes, not just technology.

“Social engineering can circumvent just about any data privacy technology,” Adams warns. “Focus on your crown jewels…Enact a multi-layered defense strategy that includes a rapid response plan if the unthinkable happens. And, foster a culture where human error leads to education rather than punishment. That’s the only way we’ll all get better.”

5. Check Your Security Policy

Security and privacy are interrelated, and weak security policies can inadvertently raise privacy concerns for organizations, says NetBrain senior vice president of engineering Song Pang.

“Organizations looking to better protect customer data should consider how well they can validate their security policies, controls, and configurations,” Pang says. “Even the best security hardware and software develop vulnerabilities over time, usually as the unintended consequence of other IT activities. And with the larger attack surfaces created through cloud-based services, the need to continuously verify that security profiles are intact is essential.”

6. Start a Data Governance Project

You delay an implementation of a data governance project at your own risk, says Dharma Kuthanur, vice president of marketing at Informatica.

“With most of today’s enterprises dealing with hundreds if not thousands of data sources (and indications are this is only set to increase), a comprehensive data governance framework and equally stringent data stewardship should no longer be punted 365 days down the road,” Kuthanur says. “To help mitigate reputational risk and financial exposure, and maintain customer trust and loyalty, organizations must invest in a data management solution that automates data privacy, protection, and governance consistently and reliably across their data ecosystem.”

7. Adopt a PET

As our data privacy needs grow, so too does our technological capability in the area. One of the most promising new technologies to keep an eye on is privacy-enhancing technology, or PET, says Karl Martin, CTO at integrate.ai.

“The growing maturity and adoption of privacy-enhancing technologies (PETs) is making significant strides toward mitigating the inherent risk and cost of moving large amounts of data as these regulations evolve,” Martin says. “Organizations that are adopting frameworks that embody privacy by design–including federated learning operations that facilitate interoperability without requiring data to move–makes data science highly privacy-protective and guards against future changes to regulations. PETs have the potential to facilitate trust-based data exchanges while still ensuring regulatory compliance, no matter where future data privacy regulations end up.”

8. No Silver Bullet

Data privacy is a complex issue, and there’s no one-size-fits-all solution that works for everybody, says Tilo Weigandt, COO and co-founder of encryption solution provider Vaultree.

(dr_pad/shutterstock)

“For example, a zero-trust framework powered by AI and machine learning is not the only solution to best protect your data. Other approaches include using encryption, implementing strict access controls, and regular monitoring and auditing systems,” Weigandt writes. “Organizations should consult experts to determine the best approach for their specific needs and requirements, especially with data privacy rules certain to get more strict.”

9. Respect My Rights

By 2024, it’s predicted that 75% of the world’s population will be protected under modern data privacy regulations, according to Jeff Sizemore, the Egnyte chief governance officer. Increasingly, data privacy is considered a global human right, with consequences for violating them, he says.

“In the U.S., five states (California, Virginia, Colorado, Connecticut and Utah) have already enacted or plan to enact data privacy legislation this year. And the movement toward a federal law is only a matter of time, as we have seen positive momentum with the American Data Privacy and Protection Act (ADPPA),” Sizemore says. “Without a doubt, as government entities and regulatory bodies show increased interest in data privacy, we can anticipate stronger enforcement mechanisms. Enforcement of regulations will become more strict, with fines and litigation for noncompliance expected to increase.”

10. Make Every Day ‘Data Privacy Day’

It’s all well and good to have a “Data Privacy Day” or even a “Data Privacy Week,” says Rodman Ramezanian, global cloud thread lead at Skyhigh Security. But how about making everyday Data Privacy Day?

“Similar to most New Years’ resolutions, however, these efforts can’t just last for one week or the beginning of a year. They must be prioritized all year round with unwavering commitment,” he says. “Sadly, the moment that organizations take their ‘eyes off the ball’ and lack focus, it can be detrimental to the privacy and security of their valuable data.”

Related Items:

How to Help Your Data Teams Put Privacy First

A Culture Shift on Data Privacy

Data Classification: A Critical Piece to Your Data Security Puzzle

Editor’s note: This story has been corrected. NetBrain senior vice president of engineering Song Pang’s name was misspelled. Datanami regrets the error.