Today is data privacy day…a lot more work to do beyond reminding people of the need to keep data private and secure

January 28, 2021 |

Thursday 28 January 2021 is Data Privacy Day. It is also the 40th anniversary of Convention 108 and the 15th edition of the Data Protection Day.

The National CyberSecurity Alliance aptly describes what the day is about where it states:

Data Privacy Day is a global effort — taking place annually on January 28th — that generates awareness about the importance of privacy, highlights easy ways to protect personal information and reminds organizations that privacy is good for business. Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is observed annually on Jan. 28.

Data Privacy Day is the signature event in a greater privacy awareness and education effort. Year-round, NCSA educates consumers on how they can own their online presence and shows organizations how privacy is good for business.

In 2021, NCSA is encouraging individuals to “Own Your Privacy” by learning more about how to protect your valuable data online, and encouraging businesses to “Respect Privacy”, which advocates for holding organizations responsible for keeping individuals’ personal information safe from unauthorized access and ensuring fair, relevant and legitimate data collection and processing. These themes are encouraged through the below messaging and calls to action:

The Victorian Information Commissioner marked the day by putting out a media release which is quite practical, which is a turn for the better for the Information Commisioner stating:

Data Privacy Day is celebrated across the world on January 28 to highlight the importance of respecting individuals information privacy.

To mark International Data Privacy Day 2020, we’ve put together some helpful tips for organisations to protect individuals privacy.

If you don’t need it, don’t collect it
Only collect the personal information you need to perform your organisation’s functions and activities.

Have a clear and accessible privacy policy
Be transparent about how you handle personal information. Make sure your organisation has a clear and accessible privacy policy that outlines the kind of personal information it collects and what it does with it. Provide a collection notice when you collect personal information from an individual so they know who collected their information, why it was collected, and if and how it will be shared.

Consider why the information was collected, before using it
Think about the original purpose of collecting the information. What would the individual expect? For more information on using and disclosing personal information, check out OVIC’s pocket guide to Information Privacy Principle 2 (Use and Disclosure).

Build privacy into your everyday work
Understand your role in protecting privacy and build privacy into your everyday work. Take a privacy by design approach to projects, by preparing a privacy impact assessment (PIA) to identify privacy risks. For more information on PIAs, check out OVIC’s PIA template and guide.

Understand privacy risks with new technology
Before using new technology in your organisation, understand how it works and identify any privacy risks. Create a plan to outline how any privacy risks will be mitigated. Consider whether the technology is still appropriate given the nature of the privacy risks.

Talk to your organisation’s privacy officer
Privacy officers are a great resource. Talk to your privacy officer to understand your privacy obligations and use them to help address potential privacy concerns.

Not wanting to miss out the Australian Information Commissioner published, a few days ago, her own thoughts on the Data Protection Day titled 28 January is Data Protection Day — are your digital accounts data-tight?  providing:

28 January 2017 is the 11th annual Data Protection Day — to mark the occasion, check the security of your digital accounts, and encourage others to do the same.

When you shop online, share pictures or updates on social media, or sign-up to an app, you are sharing your personal information. This can include details such as your name, contact information and location. Some Internet of Things devices, such as wearable fitness trackers, can also collect health information.

It’s important to recognise what information you share online, and take steps to improve the security of your devices and digital accounts. So take privacy into your own hands today with the following six tips:

    1. Check the privacy settings on your devices and apps and change them to suit your privacy preferences
    2. Read privacy policies before you sign–up to, or use, an online service
    3. Check whether a website is secure before sharing your personal information (secure websites begin with ‘https’)
    4. Learn to recognise phishing attacks and avoid clicking on links in emails when you don’t recognise the sender
    5. Update your anti-malware and security software if it’s out of date
    6. Create strong, unique passwords for your devices and digital accounts. According to a study on 2016’s most common passwords, nearly 17% of people used ‘123456’ as a password — a password this simple is easy to crack!

All of this is welcome but marking and celebrating the day is not the same as doing something about it.  And there lies the rub.

Leave a Reply