The aim of Data Privacy Day is to help people around the world understand how their personal information is being collected and used – in addition to understanding how they can keep their data safe from cybercrime. Data Privacy Day commemorates the 1981 signing of Convention 108, the first legally binding international treaty related to data protection and privacy; it was first initiated in Europe in 2007 and was adopted in the US and Canada in 2008.
The NCSA is the official champion of Data Privacy Day, and it develops its yearly campaigns with assistance of an Advisory Committee of distinguished privacy professionals to ensure that its activities align with the most current issues. For organizations, today’s data management and privacy stakes are higher than ever before.
For security leaders, this looks somewhat like a “cause and effect” scenario: lack of security awareness training and risky end-user behaviors can have major financial consequences and other business impacts, including non-compliance implications. There is a bright side, however: organizations can protect their data and avoid costly fines by better managing end-user risks related to phishing and ransomware attacks.
Looking ahead: How to Break the Cycle
Some organizations may think that the implications of non-compliance do not apply to them, be it because of their industry or their geolocation. But there are also clear business implications outside of regulatory requirements (which, frankly, are sure to impact every organization at some point in the near or distant future). Even if a breach doesn’t yet carry a fine, a victimized organization is likely to bear the burden of loss of trade secrets, downtime for operations and/or employees, and damage to their reputation (just to name a few). For organizations that also face penalties of non-compliance, it’s a “salt in the wound” compounding pain.
This Data Privacy Day, we encourage you to learn about your end users’ understanding of threats such as phishing and ransomware, and identify areas of susceptibility in your data governance plan. We also urge you to elevate the cybersecurity discussion and make it an end-to-end pursuit for all members of your organization. Employees need to know about your compliance strategy, but they also need to know how to apply best practice for data protection. Equip your end users with the tools and guidance they need to do their job in a way that meets compliance standards and/or protects your organization from suffering a data breach.
No matter how deep your organization’s pockets might be — and even if you’re not required to comply with GDPR or other current or upcoming mandates — you simply cannot afford to ignore the importance of data privacy and the role of end users in ensuring data is adequately protected.