The International Association of Privacy Professionals (IAPP) has partnered with the National Cybersecurity Alliance to promote International Data Privacy Day 2023 on January 28, an event dedicated to teaching everyone from major enterprises to the average Internet user how to protect their sensitive personal information.
The importance of consumer-level data privacy is reflected in the growing number of laws and regulations being put in place worldwide, with the United States set to put no less than five separate data privacy laws in place in 2023.
In the Asia/Pacific region, the Attorney General of Australia in December 2022 stated that nation’s privacy laws are out of date, and he will recommend an overhaul of Australia’s Privacy Act take place in 2023. Additionally, the New Zealand government is considering potential changes to the notification rules for collecting personal information under the Privacy Act 2020. The proposed changes would broaden the Act’s requirements for an individual to be notified when an agency collects their personal information indirectly through a third party.
Businesses of all sizes must not only be aware of the new regulations coming on the books, but also need to take steps to ensure their data is properly protected.
And there is no better day to set aside some time to review these plans than Data Privacy Day. The IAPP offers classes and certifications to:
- Reduce the risk of a data breach by making privacy a shared business objective
- Improve decision-making among employees who handle data
- Facilitate collaboration and communication across departments
- Demonstrate your commitment to privacy and data protection to customers, partners, regulators and staff.
In addition, the National Cybersecurity Alliance offers a wealth of information on this important subject, and Trustwave has services and solutions that can help your organization with data privacy needs.
- Emphasize employee education. Protecting data starts with empowering your employees, so that they know how to practice good security hygiene and how to protect themselves (and your business) from the most common cyber-attacks, like phishing, business email compromise, and other exploits that specifically target the human element. It’s also important to note that Security Awareness Educationtraining and policies are mandatory for most organizations for compliance reasons. Dive deeper into this subject with this blog post on CISO data solutions, this infographic on essential cybersecurity tips, and this data sheet on cybersecurity education.
- Map out your data storage. Modern organizations, especially enterprise level organizations, are dealing with ever growing data sprawl. As the 2020 Trustwave Data Security Indexshowed, most organizations are moving their data into a hybrid cloud/on-premises storage model, with multiple cloud providers. A special concern exists for organizations that either have or will go through a merger or acquisition, as legacy data concerns frequently occur. Learn more about data risk mitigation, the risks of hosting data in the cloud, and check out this infographic which shows the 5 ways attackers will try to get to your data.
- Recognize the hidden weaknesses. Most organizations don’t realize that partners and vendors typically have no responsibility for protecting your data. A common misconception is that cloud providers share liability for data protection: they do not. Even the major providers, like Google, Azure, and AWS, have no responsibility in the case of a breach – and a common vulnerability that Trustwave SpiderLabs researchers often uncover is from organizations relying on default cloud server settings. Another all-too common hidden vulnerability results from sloppy or slow database patching practices. Learn more about how to recognize your data weak spots with this webinar on patching practices and this infographic on testing your data security.
- Remember that less is more. Since every piece of data you collect adds to your potential risk, the simplest way to mitigate that risk is to only collect data that you absolutely need. Many organizations are also beginning to consider when it’s appropriate to actually destroy unnecessary data – which is also a consideration in certain compliance situations. Additionally, organizations should always adhere to the principle of least privilege,so employees only access the data they need to perform their jobs. Regularly reviewing user privileges is also vital. Dig deeper into this topic with this interview on the changes occurring in data security.
The most important strategies for protecting data is having a program in place to detect and respond to breaches – which is why so many organizations are turning to managed threat detection and response solutions.