Seven things you should do today to help protect your privacy and seven more for the office

 

We love our national holidays and, with a little help from Twitter, those lesser known, quirky commemoratives like national doughnut day, national left-handers day, and national roller-coaster day are making their way into our collective awareness.

This Saturday, January 28, is Data Privacy Day, which is intended as a day to raise awareness and promote good data privacy practices. While those in positions related to risk, technology, audit, and security, should be preaching and promoting good data privacy habits every day of the year, Data Privacy Day offers a unique opportunity to drive home the best practices message.

Data Privacy Day is sponsored by National Cyber Security Trust Alliance and this year's theme is "Respecting Privacy, Safeguarding Data, and Enabling Trust." Since many of us will not be at work on Saturday, Friday would be a logical day to "celebrate" with some data privacy activities and messaging, and also to make sure we are doing what we can ourselves to keep our data safe.

Let's face it, attempting to safeguard our personally identifiable data and those of others is nothing short of a daunting task. Cyber-crime is on the rise, employee fraud is still a major issue, and people are still stealing bank statements and checks from our mailboxes. So, what can we do to offset this alarming trend?

Seven Tips to Keep Your Data Safe
Well, good data privacy hygiene starts at home! Here is a list of our top seven things you should do to help protect your own privacy today:

  1. If you did not do it earlier this month as part of your year-end activities, change all your banking, email, and social media passwords! 2016 was filled with exploits that compromised the passwords we use on various email and social media sites. Here's a tip: Never use the same password for multiple sites and do not link accounts between social media sites. Log into each site separately.
  2. Check your privacy settings on banking and social media accounts. Make sure to turn on functions that alert you to various actions including purchases and logins.
  3. If you have smart TVs, attached to the internet, go into the "systems" menu, click on "system Information" to ensure you have the latest update. If you do not, there should be a button for "Service Check" to allow you to perform a manual update. (The naming of these field will vary based on manufacture. See your user's setup guide for details). Also, turn off camera and speakers when not in use!
  4. Do you have an Amazon Echo or Dot? Go to the Alexa app on your mobile device or online, go to settings, select device, and go to device details page to check for updates. Updates are automatic when WIFI is on. You can also download updates manually. Don't forget unplug Echo or Dot when not in use. Remember it's always in listening mode if it has power.
  5. Shred any documents you receive in the mail that contains your contact information including offer codes. Dumpster divers still do exist!
  6. Check your credit score regularly. Many banks and credit unions offer free or low-cost credit reports for their customers and members.
  7. Be alert to social engineers and watch out for scammers calling to get you to divulge personal information. The IRS will not call you at of the blue, Microsoft does not know if your home PC has an error message, financial institutions do not leave messages asking you to call them back, and financial institutions only email based on your privacy settings. If you receive a call, do not use the phone number they provide, but instead call the number on the back of your card, on your statement, or from their official website.

Seven Tips to Promote Data Privacy in the Workplace
Good data privacy hygiene in the office is also a must no matter your industry or where you are located around the world! The challenge we have in business is that there are varying definitions of personally identifiable information (PII), protected health information (PHI), and primary account number (PAN), which come with legal protection obligations. Here is a list of our top seven things you should do today to help protect the privacy of your clients, customers, members, fellow employees, and others:

  1. Train everyone with access to your clients' data what constitutes PII and how it should be protected. They need to know what to protect and how. One of my favorite sources of information comes from DLA Piper. Their handbook can be found at https://www.dlapiperdataprotection.com
  2. Conduct a data classification policy review.
    a. Verify that the policy explicitly states what is considered restricted PII, unrestricted PII and persistent identifiers (MAC, IP, Cookies) as well as PHI and PAN if your company deals with health or financial data. This will vary by industry and country.
    b. Review the data classification/data ownership process
    c. Validate that the treatment description stated in the data classification policy is implemented
  3. Conduct a Customer Data Privacy Assessment.
    a. Review the data privacy policy on your consumer facing internet sites.
    b. Make sure your IT department (and end user computing solutions) are collecting, storing, transmitting, and properly destroying data retrieved based on the policy requirements.
  4. Make sure your data privacy policy meets regulatory guidelines as well as the tools you use for data collection. Also be sure to ask your web hosting and lead generating services what tools (and sensing technologies they use... and what safeguards they have in place to reduce Click Fraud.
  5. Of course, these are on top of maintaining an effective application and general controls suite with strong monitoring and reporting processes.
  6. Promote the better data privacy IQ. Encourage those that deal with data in the workplace to keep informed on the best data privacy practices. In the United States, here are a couple excellent free sources to help you learn more:
    Federal Trade Commission's Identity Theft Information
    USA.gov's Identity Theft page
    The Identity Theft Resource Center
  7. Report instances of cyber-crime and data theft and encourage others to report them to the proper company officials and to the authorities. If you are a victim in the United States, here is where you can go to report identify theft.

For those who want to improve their data privacy knowledge and expertise, I will be instructing two MISTI courses on the topic in the upcomming months: The Connection Between Data Governance, Privacy and Information Security, and the Webinar, Data Privacy 2017: Ensuring the Effectiveness of Your Data Privacy Policy.

So don't forget to mark your calendars and, well, happy Data Privacy Day!