Data privacy issues are a key concern for businesses, and not just because data privacy and data security are closely linked. As more and more business is conducted online, consumers are becoming increasingly concerned about how the companies they patronize are using their data. One Pew Research Study found that 81% of consumers feel that the potential risks of companies collecting data about them outweigh the benefits.
Against this backdrop, the National Cybersecurity Alliance has expanded their annual Data Privacy Day campaign into Data Privacy Week for 2022. This international initiative, which will be observed from January 24 through January 28, 2022, aims to increase awareness of data privacy issues, educate consumers on how they can protect their online privacy, and educate businesses on how they can be good data stewards.
Data Privacy vs. Data Security
Many people use the terms “data privacy” and “data security” interchangeably. While good data security is imperative to good data privacy, the two terms describe different areas of focus:
Data security is about the hardware, software, policies, procedures, safeguards and internal controls that organizations have in place to ensure that data can’t be accessed or altered by unauthorized parties.
Data privacy relates to the proper treatment and handling of customer or user data. This includes not only ensuring comprehensive security to protect data from compromise, but also ensuring that the data is collected and used only for legitimate business purposes.
As such, it’s important for organizations to obtain consent before collecting a user or customer’s data, giving them notice about how you’re going to use their data, and meeting regulatory compliance mandates like the GDPR, the California Consumer Privacy Act (CCPA), HIPAA, and other legislation that mandates how that data can be used and who is allowed to access it.
Data Privacy Recommendations for Businesses
Find and get rid of “dark data.” Review your existing data collection practices and policies so that you have a thorough understanding of what user information your organization is collecting. Quite a few companies have large stores of “dark data,” which is data that the company is not using and may not even know exists. In addition to potentially violating data privacy laws, dark data is a security risk. Organizations can’t protect assets that they don’t realize they have.
Don’t be a data hoarder. If your company doesn’t absolutely need a piece of information about a customer, don’t collect it. In addition to being a good data privacy practice, this helps prevent dark data from accumulating.
Educate your employees and customers about key changes in privacy laws. After the GDPR was passed, similar legislation swept the globe. These new laws mean new responsibilities and obligations, and possibly changes to past practices to remain in compliance. Ensure that all employees receive continuous training on cybersecurity and data governance, privacy, and compliance, and be sure to update that training whenever the law changes, as technology evolves, and as your company’s use of user data changes.
Secure your employees’ passwords. Verizon estimates that over 80% of successful breaches are due to weak or compromised passwords, so the biggest thing you can do to secure your data is to secure your employees’ passwords. Mandate the use of strong, unique passwords, a password manager such as Keeper, and Multi-Factor Authentication (MFA) whenever possible.
Find more tips and resources by downloading Keeper’s free Data Privacy Toolkit.
Keeper’s zero-knowledge password management and security platform gives IT administrators complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies across the entire organization, including password complexity requirements, MFA, Role-Based Access Control (RBAC), and other security policies.
Not a Keeper customer yet? Sign up for a 14-day free trial now! Want to find out more about how Keeper can help your organization prevent security breaches? Reach out to our team today.