Posted on Monday, February 04, 2019 in CybersecurityBlog written by Rob Swenson
Data Privacy Day probably didn’t create three-day weekends for many Americans, but the Jan. 28 observation brought welcome attention to cyber issues of growing importance in the United States.
Although annual progress still might have to be measured in bits or some other tiny unit of electronic storage, the international observance helps bring attention to the important obligation that businesses and other organizations have to protect data. Data Privacy Day highlights the message that to maintain public trust, organizations have to be honest and transparent in how information is collected, stored and used.
Next up is Safer Internet Day, which is observed internationally on Feb. 5. Like many things related to cyber regulations and practices, Safer Internet Day began in Europe about 15 years ago and has spread throughout the world. The goal of organizers is to raise awareness of emerging internet issues and make the cyber world a better place for everyone, especially children.
In the United States, the highlight of Safer Internet Day for 2019 will be a conference at Google in Seattle hosted by ConnectSafely.org. A live stream of presentations begins at 10 a.m. PST and will be available on this page.
Data Privacy Day addressed more complex, industry-oriented issues with panel discussions hosted by the National Cyber Security Alliance. The publicly accessible discussions, which featured several national experts, was held at LinkedIn in San Francisco. (A replay of the two-hour, 20-minute series of presentations is available at StaySafeOnline.org.)
Speakers noted that a lot has changed over the past five years. GDPR, which is short for the European Union’s updated General Data Protection Regulation, was mentioned several times. The regulation, which took effect in May 2018, imposes new rules on processing and handling personally identifiable information.
California’s new Consumer Privacy Act, which became law in June 2018 but isn’t being enforced yet, also was mentioned multiple times. Some elements of the new law are intended to give consumers in California more control of personal information. But the law is likely to affect large companies from coast to coast.
Those two, relatively recent regulatory developments are increasing calls for the federal government to address privacy concerns with reasonable, uniform standards that can be applied across the 50 states. A hodgepodge of state regulations would be unwieldy, especially for small and midsize businesses that lack compliance staffs.
Speakers at the Data Privacy Day event raised several interesting, potentially significant and sometimes encouraging points. For one, data privacy is no longer a business issue relegated solely to legal officers.
“One of the big shifts we do see across companies is that data privacy has become something that is not just for the lawyers anymore,” she said Kalinda Raina, head of global privacy and senior director for LinkedIn. “It’s something that everybody at the company has to be aware of.”
Creating respect for data privacy is a challenge that seems to be following a course similar to cybersecurity awareness. Initially, cybersecurity was a concern that many business organizations relegated largely to their IT departments. However, as the consequences of cyber intrusions grew, so did companies’ realization that everyone in an organization had a role to play to help keep business networks safe.
Lourdes Turrecha, senior privacy counsel for Palo Alto Networks, said a strong business case for protecting data can be made for three main reasons:
- Customers are demanding more privacy.
- Bad practices can tarnish a company’s brand reputation.
- Privacy violations can be expensive.
Data privacy is no longer just about corporate compliance and avoiding fines. Protecting data privacy is becoming a company value that should be instilled from the top down, said John Gevertz, chief privacy officer for Visa Inc.
“The leadership has to think that privacy is important. There’s no substitute for having that kind of effective tone from the top in any organization,” he said.
The government - particularly the federal government – also has a growing responsibility in this area. But action probably won’t be coming soon. A crisis or two might have to occur first.
SDN Communications is a regional leader in providing broadband connectivity and cybersecurity services to businesses in communities such as Sioux Falls, Rapid City, Worthington and the surrounding areas.