Data Privacy Day: Privacy is also an individual responsibility.

The protection of your own privacy can be daunting, but we heard from some industry experts who offered some advice for the perplexed.

There’s also an individual responsibility for data privacy.

Paul Bischoff, privacy advocate at Comparitech, sees a role for individual action on privacy (and that action’s not that difficult, he says):

“Individuals should take steps to minimize our digital footprint and stay safe online. The basics are easy: don't reuse passwords. Don't click on links or attachments in unsolicited messages. Block ads and trackers in your web browser. Don't overshare on social media. Support end-to-end encryption.”

Geoff Bibby, SVP of Small and Medium-sized Business and Consumer Strategy at OpenText urges that individuals as well as organizations take a look at how they’re handling their data:

“With data breaches becoming more frequent, Data Privacy Day is an excellent time for individuals and businesses to reflect on their current privacy practices and ensure they are building the safest habits to protect themselves and their company from cybercriminals. And because remote work is here to stay, it also serves as a reminder for businesses and employees to evaluate how they share sensitive data online.

“Understanding how your data is being used is the first step, but actively securing your data is the most important step. Organizations and users should evaluate their current authentication practices to ensure they are building the safest habits to protect themselves and sensitive data from bad actors. It is critical that authentication controls are not only in place, but that organizations take it a step further by deploying two-factor authentication (2FA). Implementing 2FA provides an extra layer of security by making users confirm their identity, most often via a unique code sent to the user's device, email address or through an authenticator app, after entering their username and password. 

Josh Rickard, Security Automation Architect at Swimlane, calls for attention to the data lifecycle. Threats to privacy can arise at many points:

“Data Privacy Day serves as an important yearly reminder for organizations to evaluate cybersecurity best practices. All too often, we see IT teams focus their efforts on simple password protections, firewalls, scanning and multi-factor authentication, but fail to go beyond the basics and centralize their routine processes with low-code security automation. 

 “To be successful, companies must first understand their data throughout its lifecycle, system classification for those environments that interact with the data, and what third parties are involved in order to create a documented understanding of their data and systems. Once they have visibility, it's time to focus on how to eliminate human error where possible. To do this effectively, organizations must implement all-encompassing security platforms that centralize detection, response and investigation efforts into a single program. These platforms allow for full visibility into IT environments and the ability to counter and thwart dangerous threats in real time. 

“SOCs and IT departments already have a lot on their plates. By leveraging the power of low-code security automation, organizations can avoid placing an undue burden on their SOC and IT teams by building workflows that handle most, if not all, of these processes without the need for human actions.” 

Michael Primeaux, chief architect, Umo, Cubic Transportation Systems, sees new challenges in the way we as individuals increasingly lead lives both online and on-the-move;

“In this digital age where people are more mobile and distributed than ever before, data privacy and the protection of their personal information are of paramount importance. In the mobility space, in particular, forward-thinking transit agencies are leaning on mobile applications to modernize and simplify their riders’ fare payment and reward earning capabilities. With consumer payment data cycling through these applications, it is essential that transit agencies and the technology providers involved protect that information to prevent potential fraud. 

“Rewards programs through transit mobile applications offer a unique challenge in that the riders have to relinquish some of their data in order to benefit from the perks. Umo Rewards, for instance, delivers real-time incentives, fare discounts, and loyalty rewards through the complementary mobility app. If riders embrace these programs, they will get an overall better travel experience, whether it be a smoother transit journey, discounts on goods or even money to use towards future trips.  

“To gain and keep rider trust, as we have at Cubic, we recommend that organizations handling transit rider data refine their agility and focus on adversarial threat analysis across every part of their business in order to detect and mitigate security events at a rapid pace. Often, transit agencies work with several technology partners to keep their fare payment systems and rider apps moving. Thus, supply chain security should be a key area of focus at all times. We hope this advice helps transit agencies and the technology partners that support them this Data Privacy Day and beyond.”

And finally, Justyn Hornor, Chief Product Officer at Seeking, which describes itself as "the world’s largest upscale dating website," has suggestions for those of you–you know who you are–who’re looking for love:

"On Data Privacy Day and every day, online daters must prioritize their personal safety and the security of their online data. Before you hop onto a dating website, vet the security precautions in place. Is the dating platform verifying identities? Is it drawing from data and concrete evidence to strengthen the security of the platform? Is the newest technology, such as AI and bots, being tapped to monitor profiles and identify any potential concerns? Does the company block profiles that engage in unlawful activities? If the answer is no to any of these questions, find a better site.”