Today we ‘celebrate’ Data Privacy day, held every year on Jan 28 since 2007, a day that reflects international efforts aimed at creating awareness about the importance of safeguarding data, respecting data privacy and enabling trust.
There is still a long way to go. Millions of people still continue to be unaware of and uninformed about how their personal information is being used, collected or shared in our digital society.
Data Privacy day also takes on greater significance this year in the wake of the WhatsApp incident and the issuing of new guidelines for businesses who use the platform.
“Many employees are using unsanctioned social media platforms as an unapproved means of conducting business conversations. Whilst data is encrypted, employees may unwittingly be disclosing information they are not aware of to third parties, said Richard Watson, EY’s Asia Pacific Cybersecurity Risk leader.
“Added to this there is the fact that social media platforms of this nature are often mixed between business and pleasure, increasing the risk of sensitive information being disclosed to the wrong party. Business leaders should be encouraging staff to use corporately sanctioned communication platforms for business chat.”
While the level of data encryption to protect businesses and consumers have increased in the Asia Pacific, companies still face difficulties in deploying encryption.
EY’s Watson said encryption incurs cost and usability roadblocks. While some regulations require encryption of data, other regulations forbid it in certain jurisdictions.
“As with any technology implementation, it is important not to try and ‘boil the ocean’. Identifying the most important data, consolidating where it is stored and then focusing encryption efforts on that is the key to a successful implementation,” Watson added.
Challenges from the pandemic
“This past year marked a pivotal change in how companies conduct business, with most being forced to rapidly shift to a remote work style of operations due to the global COVID-19 pandemic,” said Anurag Kahol, CTO and co-founder of cloud security provider Bitglass.
When it comes to remote working, Kahol said many organisations rely on outdated tools that are designed for predominately on-premises operations and lack the granularity needed today.
To address these challenges, he said that organisations must have an accurate inventory of data. “Companies need to protect access to consumer information as well as the various systems that store it. This can become more challenging for improperly equipped organisations that adopt cloud technologies and other remote work capabilities, as consumer data can then potentially be accessed across numerous applications and on various devices.”
In addition, Kahol added that organisations can require that employees attempting to access consumer data are authenticated via single sign-on (SSO) as well as multi-factor authentication (MFA). This will aid in ensuring that only legitimate, authorised users can handle consumer information.
Organisations also need to have a thorough understanding of data jurisdictions and any security challenges they may present after migrating to the cloud.
Best hygiene practices for businesses
In a guide to businesses on this day, the US Cyber Security and Information Systems Information Analysis Centre recommends the following hygiene practices:
- Conduct an assessment of your data collection practices. Understand which privacy laws and regulations apply to your business. Educate your employees of their and your organization’s obligations to protecting personal information.
- Transparency builds trust. Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer may expect their data to be used and design settings to protect their information by default. Communicate clearly and concisely to the public what privacy means to your organisation and the steps you take to achieve and maintain privacy.
- Maintain oversight of partners and vendors. If someone provides services on your behalf, you are also responsible for how they collect and use your consumers’ personal information.
- If you collect it, protect it.Data breaches can not only lead to great financial loss, but a loss in reputation and customer trust. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorised access. Make sure the personal data you collect is processed in a fair manner and only collected for relevant and legitimate purposes.
- Consider adopting a privacy framework. Build privacy into your business by researching and adopting a privacy framework to help you manage risk and create a culture of privacy in your organisation.