On January 19th, 2023, cellphone provider T-Mobile disclosed that they’d been hacked (again) and the personal data of over 30 million customers had been stolen. They’re not alone— three other large organizations (Twitter, Chick-fil-A, and PayPal) recently disclosed similar data breaches.
With the rise of big data and the Internet of Things, the amount of personal information being collected and stored is growing at an unprecedented rate. Couple that with an increasing frequency of cyberattacks, and it’s more important than ever for records management professionals to have a robust privacy program in place.
With January 28th being Global Privacy Day, now is the time to ensure your organization’s privacy program is built to withstand cyberattacks.
Global Privacy Day, sometimes called Data Privacy Day, is an annual event that takes place on January 28th. Like last year, the day has been expanded to an entire week of observance. After all, the importance of data privacy is one we should be thinking about every day.
It was first established in 2007 by the Council of Europe and the US National Cyber Security Alliance (NCSA) to raise awareness about the importance of protecting personal information and promoting privacy rights.
As technology continues to advance and more personal information is stored in the cloud or shared online, the need for strong privacy protections has never been greater.
For records management professionals, this day serves as a reminder of the critical role they play in ensuring the privacy and security of sensitive information.
In 2022, the United States has met a rather ignominious record of having the most expensive data breach cost— for the twelfth time in a row. IBM reports the United States has “the highest cost of a data breach, at USD $5.09M”.
Mitigating the risk of data breaches means it’s essential that records management professionals stay informed about the latest privacy laws and regulations, as well as best practices for protecting personal data. This means not only protecting against external threats but also ensuring that internal policies and procedures are designed to safeguard personal information.
The best way to recognize Global Privacy Day is by reviewing your own privacy initiatives in place at your organization.
Here are 5 questions that can help kickstart that review:
Regularly reviewing and assessing the types of personal data that your organization collects, stores, and processes is essential for identifying any potential vulnerabilities or areas for improvement.
Implementing robust security measures such as encryption, firewalls, and intrusion detection systems can help protect personal data from cyberattacks.
Organizations should provide regular training and education to employees on data privacy best practices, company policies and procedures, and any relevant regulations and laws.
Ensure that only authorized individuals have access to personal data and that access is granted on a need-to-know basis. This includes ensuring that all employees understand their role in protecting personal data and that they’re aware of the consequences of non-compliance.
Having a plan in place for responding to a data breach quickly and effectively can help minimize the damage they cause. This includes identifying key stakeholders, outlining specific actions to be taken, and having a communication plan in place.
Every year, Verizon releases the Data Breach Investigations Report.
Almost every year since its inception, human error has been the leading factor behind most data breaches.
This means education and awareness are the best defenses against data breaches in your organization.
If you’re looking to strengthen your privacy program, check out our tip sheet, Developing a Privacy Program that Works, for help navigating the sometimes confusing waters of privacy compliance.
Share