Do you really know how your personal information is being collected, shared, and used (or misused) on the internet? While there’s a growing awareness that we need to keep our data private— according to a May 2022 Ipsos survey, an overwhelming majority (84%) of people say that they are at least somewhat concerned about the safety and privacy of the personal data that they provide on the internet — many people still underestimate how valuable their data is. But the bottom line is that individuals and companies should still be proactive in practising data protection.
Data Privacy Day was established in 2008 to commemorate the first legally binding international treaty regarding privacy and data protection (Convention 108, signed in 1981). In the Global and Indian Union, the occasion is called Data Protection Day. Taking place every January 28, it’s an annual call to action for more intelligent and responsible management of personal data.
Data privacy defined
Data privacy involves complying while handling sensitive data through consent, notice and regulatory obligations while being transparent about how data is shared with third parties and how data is legally collected and stored.
While personal data can provide businesses with insight into their customers’ buying habits, it also provides cybercriminals with the tools needed to commit identity theft, fraud and other crimes. Data privacy is also critical to organizations looking to protect their proprietary research and business-critical data.
Data Privacy Day seeks to educate both individuals and companies on the value of controlling who has access, visibility, and control of their data — sharing the skills needed for smarter data protection.
Data privacy’s growing importance
Threats to data privacy are ubiquitous nowadays, and everyone should be aware of them. However, it may be deemed especially critical for companies regularly handling and storing customer data. In the last 10 years, we’ve seen countless companies lose the trust of their customers after falling victim to data breaches. From Yahoo to LinkedIn, AIIMS each of these companies has experienced devastating backlash from careless mismanagement of personal data, resulting in millions of dollars in damages.
Worse than the financial damage, these companies faced a crippling blow to their reputation. And in the wake of these breaches, executives are more frequently being held personally responsible if their data protection strategy is found lacking. A recent survey found that this is probably why more than 60% of people blame companies instead of hackers when a data breach occurs. As per the Reserve Bank of India report, financial frauds in Indian banking fell 46%, Rs. 19485 crores between April and September 2022.
Data privacy regulations increasing
Over the past several years, regulatory restrictions have been promulgated to hold organizations of all kinds accountable in their collection, handling, and protection of customer data: the two most notable examples being GDPR in the E.U. and the CCPA in California. Others include the Health Insurance Portability and Accountability Act (HIPAA), the Graham-Leach-Bliley Act (GLBA), and the Federal Information Security Management Act (FISMA).
HIPAA is a law that protects sensitive patient healthcare information by specifying how healthcare providers must secure such data against fraud and theft. The law also sets limits on how organizations can use or disclose protected health information.
GLBA applies to financial institutions and sets out responsibilities and standards to protect the confidentiality and security of consumers’ nonpublic personal information. And FISMA requires federal agencies to develop, document and implement an agency-wide program that provides information security.
A #CyberFit strategy for everyone’s data privacy
Looking to 2023 and beyond, a leading strategy in private data security has emerged in the form of comprehensive cyber protection, which helps businesses and individuals in their efforts to become #CyberFit, which in turn will make them resilient in various attempts to compromise their data privacy.
This strategy is certainly more complicated than it was a decade ago, so adapting to new privacy challenges requires a 360-degree approach. Ensuring data privacy is one of the five vectors of cyber protection identified by Acronis, complemented by safety, accessibility, authenticity and security of data, applications and systems.
Designed to address all five of these key vectors, Acronis cyber protection solutions can meet the needs of businesses and individuals, as well as the service providers who deliver critical IT solutions to both groups.
Today’s Data Privacy Day / Data Protection Day serves as an opportunity for us to emphasize the importance of data privacy and the need for transparency in how that data is stored and protected. It’s a moment for us to reevaluate how we’ve been collecting, sharing, and using data – and find new, better pathways toward keeping that valuable data from being exploited, misused, or lost.
As India’s Data Protection Bill nears completion, the new bill offers a mixed bag of privacy provisions, including some requirements for companies to obtain individual “consent,” correct inaccurate personal data, and protect data rights, as well as troubling provisions for government data access. This analysis is not exhaustive, but it highlights some key points in the legislation that would represent a significant advancement in global data regulation.
(The author is Mr. Rustom Hiramaneck, General Manager, India and South Asia, Acronis and the views expressed in this article are his own)