The National Cybersecurity Alliance (NCA) announced earlier this year that they have expanded the Data Privacy Day campaign into Data Privacy Week, a full week-long initiative. Data Privacy Day began in the United States and Canada in January 2008 as an extension of Data Protection Day in Europe. Data Protection Day commemorates the January 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.
The goal of Data Privacy Week, celebrated between January 24 – 28, is to spread awareness about online privacy and educate citizens on how to manage their personal information and keep it secure. Data Privacy Week also encourages businesses to respect data and be more transparent about how they collect and use customer data.
Why does it matter?
During the past two years we have witnessed a massive migration of data, applications, and services to the cloud. This accelerated shift affects not only businesses but all citizens. It is important to understand that nowadays almost all our data – including our personal data, like banking information, medical records, and personal emails – are stored and processed in the cloud. This trend is demonstrated in the latest Thales Data Threat Report 2021; 55% of the survey respondents reported that more than 40% of their data now resides in a cloud platform.
However, with technology innovation comes new risks, security challenges and threats. Cyber criminals are also evolving with technology to satisfy their nefarious goals. Attacks are increasing in volume and sophistication and are becoming costlier for all businesses. The IBM Cost of Data Breach 2021 report indicates that data breaches have become more expensive by 10% compared to 2020, amounting to $4.24 million on average. According to Thales, in the US more than half (56%) of businesses have reported experiencing a breach, 47% in the last 12 months.
Humans are found at the heart of this cyber-pandemic. The Verizon Data Breach Investigations Report 2021 indicates that 85% of breaches involve a human element, while 61% of the reported security incidents start with compromised or stolen user credentials. While humans do make errors that attackers are quick to exploit, the main path to our personal data seems to be social engineering – advanced techniques and tactics designed to lure people, which take advantage of a lack of awareness and poor security controls. And when a breach does happen, then our personal data is the main target.
Data privacy and security: a delicate balance
Humans are not only the main target of attackers; they are also the most important part of the security and privacy chain. It is therefore important that we empower people to become the strongest line of defense against cyber-attacks. And here’s the tricky part. What is the correct way to do that? Is simply raising awareness enough?
Raising awareness and training citizens, our employees, our friends, our children to consider how privacy and data security applies to the work they do daily is not enough. Merely suggesting using multi-factor authentication (MFA) or encrypting everywhere is not enough. If we fail to provide them with the means to implement our advice and best practices, then we have made a hole in the barrel. Human empowerment is also about investing in the technology that will help citizens apply MFA and other security controls in a frictionless way for security to become an enabler rather than a barrier to data privacy.
Here’s where privacy and security must balance. Without security, data privacy is threatened. With too much (“broad brush”) security, individual privacy is harmed. It all comes down to people, processes, technology, and culture. This is what Data Privacy Week is about – building the foundations for a safer digital tomorrow. It is about respecting our employees, our customers, our partners, our friends. It is also about protecting ourselves and our families.
Happy Data Privacy Week. Every week of 2022.