As today is Data Privacy Day, it is only fitting that we discuss your data and understand the rights you have when sharing that information. How many of you have used Google? Apple? Facebook? Amazon? Within the last day? Did you know what you were agreeing to when you quickly scrolled down to the accept their terms of service boxes? How about when you accept the numerous cookies that pop up on seemingly every website that you visit? Do you know what these “accept” actions have given companies permission to do?
Let’s go back to before the Internet age—actually, we don’t need to go that far back. How about 15 years ago. Before you accepted terms online, those terms were on paper and you needed to sign them to signify that you understood what your personal information was being used for. Many of us (if not all) have walked into an Urgent Care Center, visited our doctor, and opened up a checking account. All those forms (if you actually read them) included the rights of the entity collecting the data and what could be done with it. Was it going to be used for marketing purposes? Research purposes? Perhaps a third party required them to provide business analytics to said company or others in the same industry.
If you were a customer of some of the five worst offenders to data governance due diligence, here’s what happened after you signed those forms: Your information was being shared without you knowing it. Companies ended up being breached and apologizing for the “inconvenience,” with the thought process that “we’re sorry” would be a lot less costly than creating a proper Data Privacy program within their company. These offenders included:
So, what can you do about all this, you may be asking? You really can’t do much (unless you are prepared to say “no” to a lot of things we take for granted today) without truly understanding the contract you are signing. However, rest assured you are not fighting this alone.
Privacy Acts have been around since the beginning of the “personal information collection” era. The Privacy Act of 1974, a United States federal law, establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies. The pressure to increase Governance and Due Diligence within companies increased with the GDPR (General Data Protection Regulation) act, formed in the European Union. It then elevated the penalties and fines when the CCPA (California Consumer Protection Act)—the first of its kind in the US—was released in January of 2020. These acts, and many others to follow, have put more pressure on companies to act ethically about the data that they collect, share, and destroy, as per agreed upon actions. Companies are now taking note, as fear is a great motivator.
Now, you may be thinking: I can’t do much about this, but what are companies doing? Well, let’s understand the three actors that are involved in Data Privacy. We have the following:
You should prioritize building a cyber-aware culture within your organization for areas like data privacy and proactively follow a number of steps to keep your information and people protected from cyber-attacks. Download this ConvergeOne white paper to receive all 21 cyber tips to get your organization started.