BSI recognises the importance of data privacy on both an individual and organizational level. As Data Privacy Week 2022, hosted by the National Cybersecurity Alliance, kicks off, we have become a champion because we use standards to support data privacy.
Data privacy week originated from Data protection day 28th January 1981, where Convention 108, the first international treaty that focused on privacy and data protection, was signed. In today’s world, we depend heavily on the internet to navigate various aspects of our lives, with the multitude of smart devices available to an individual, key personal information must be shared to maximise the convenient benefits. Regrettably, the organizations that collect this personal information do not always exercise the due diligence expected when it comes to retaining and storing your data.
Data Privacy Week 2022 has a two-pronged approach, focussing on advice for both the individual and organisations. The key messages are:
Advice for individuals: Keep it private
1. Understand the privacy/convenience trade-off
Prior to sharing your information with an organization, it is important to determine whether or not it is necessary to do so and if it is detrimental to the relationship that you have with an organization. If a downloaded mobile app is unused, you could remove your details and delete it.
2. Manage your privacy
After you have created a new account or downloaded a new mobile app, it is a good idea to review the privacy and security settings and select a level that does not expose too much personal data.
3. Protect your data
It is critical that your data is kept secure, potential recommended ways you could do this include
- Generating long and unique passwords with a combination of letters, numbers and symbols
- Performing software and browser updates when notified to do so
- Setting up multi-factor authentication wherever possible
Advice for organizations: Respect privacy
1. Conduct an assessment
Organizations that operate globally need to adhere to the respective privacy laws in place within relevant countries/regions, common approaches include:
- Rational security measures should be adopted when retaining personal information and keeping it restricted
- The data collected should be for relevant purposes
- Ensure that the relationship is managed effectively once the data is shared with 3rd parties or vendors
2. Adopt a privacy framework
BS EN ISO/IEC 27701 can help you develop an effective privacy framework for your organization.
3. Educate Employees
- Review your company privacy policy and share it with your employees
- Include the company privacy policy as part of the onboarding process for new starters
For further information about data privacy for your organization, download the Little Book of Cyber Security