Data Privacy Week

January 22-28, 2023 is Data Privacy Week!

What is Data Privacy Week?

Data Privacy Week is an annual campaign to spread awareness about data privacy and educate individuals on how to secure their personal information. It also works to encourage businesses to respect privacy and be more transparent about how they collect, store and use customer data.

Last year, the National Cybersecurity Alliance (NCSA) expanded the Data Privacy Day campaign into a full week-long initiative. Data Privacy Day began in the United States and Canada in January 2008 as an extension of Data Protection Day in Europe. Data Protection Day commemorates the Jan. 28, 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.

Data Privacy Week 2023 spotlights the following themes to help guide individuals (“Data: The Story of You”) and organizations (“Respect Privacy”) to better data privacy practices.

Why is it important?

Today we conduct much of our lives on the internet and on our connected devices, yet few people understand that enormous amounts of personal information is collected and shared. This data can be stored indefinitely, and our personal information can be used in both beneficial and unwelcome ways. Even seemingly innocuous information – such as your favorite restaurants or items you purchase online – can be used to make inferences about your socioeconomic status, preferences and more.

Many companies have the opportunity to monitor their users and customers’ personal behavior and sell the data for profit. In order to make informed decisions and understand the true value of their data, consumers need to understand how it is collected, used, and shared.

FAST FACTS:

70% of business leaders say their company increased collection of consumer data over the last year but 62% say their company should do more to strengthen data protection measures (KPMG)
Personal customer information (such as name, email, and password) is included in 44% of data breaches. (IBM)
33% of users have terminated relationships with companies over data privacy lapses, including social media platforms, retailers, credit card providers, ISPs and banks or financial institutions. (Cisco)
48% of internet users have stopped shopping with a company because of privacy concerns. (Tableau)
81% of users say the potential risks they face from companies collecting data outweigh the benefits. (Pew Research Center)

Here are this year’s themes for individuals and organizations with simple steps that will help you manage your data privacy and build a culture of respecting data:

FOR INDIVIDUALS

FOR INDIVIDUALS – DATA: THE STORY OF YOU

All your online activity generates a trail of data. Websites, apps, and services collect data on your behaviors, interests, and purchases. Sometimes, this includes personal data, like your Social Security and driver’s license numbers. It can even include data about your physical self, like health data – think about how a smartwatch counts and records how many steps you take.

While it’s true that you cannot control how each byte of data about you and your family is shared and processed, you are not helpless! In many cases, you can control how you share your data with a few simple steps. Remember, your data is precious, and you deserve to be selective about who you share it with!

Here are some simple, easy tips that will help you manage your data privacy:

KNOW THE TRADEOFF BETWEEN PRIVACY AND CONVENIENCE
Nowadays, when you download a new app, open a new online account, or join a new social media platform, you will often be asked for access to your personal information before you can even use it! This data might include your geographic location, contacts, and photos.

For these businesses, this personal information about you is tremendously valuable — and you should think about if the service you get in return is worth the data you must hand over, even if the service is free.

Make informed decisions about sharing your data with businesses or services:

Is the service, app, or game worth the amount or type of personal data they want in return?
Can you control your data privacy and still use the service?
Is the data requested even relevant for the app or service (that is, “why does a Solitaire game need to know all my contacts”)?
If you haven’t used an app, service, or account in several months, is it worth keeping around knowing that it might be collecting and sharing your data?

ADJUST THE SETTINGS TO YOUR COMFORT LEVEL
For every app, account, or device, check the privacy and security settings. These should be easy to find in a Settings section and should take a few moments to change. Set them to your comfort level for personal information sharing; generally, we think it’s wise to lean on the side of sharing less data, not more.

You don’t have to do this for every account at once, start small and over time you’ll make a habit of adjusting all your settings to your comfort. We have indepth, free resources like our Manage Your Privacy Settings page that lets you check the settings of social media accounts, retail stores, apps and more.

PROTECT YOUR DATA
Data privacy and data security go hand-in-hand. Along with managing your data privacy settings, follow some simple cybersecurity tips to keep it safe. We recommend following the Core 4:
- Create long (at least 12 characters), unique passwords for each account and device. Use a password manager to store each password –
  maintaining dozens of passwords securely is now easier than ever.
- Turn on multi-factor authentication (MFA) wherever it is permitted – this keeps your data safe even if your password is compromised.
- Turn on automatic device, software, and browser updates, or make sure you install updates as soon as they are available.
- Learn how to identify phishing messages, which can be sent as emails, texts, or direct messages.

FOR ORGANIZATIONS

FOR ORGANIZATIONS – RESPECT PRIVACY

Respecting the privacy of your customers, staff, and all other stakeholders is critical for inspiring trust and enhancing reputation. According to the Pew Research Center, 79% of U.S. adults report being concerned about the way their data is being used by companies. By being open about how you use data and respecting privacy, you can stand out from your competition.

Be transparent about how you collect, use, and share consumers’ personal information. Think about how the consumer may expect their data to be used.
Design settings to protect their information by default. Communicate clearly and concisely to the public what privacy means to your organization, as well as the steps you take to achieve and maintain privacy.

Here are a few steps toward building a culture of respecting data at your organization:

CONDUCT AN ASSESSMENT
Assess your data collection practices. Understand which privacy laws apply to your business, and remember you will have to think about local, national, and global regulations.

- Generate and follow security measures to keep individuals’ personal information safe from unauthorized access
- Make sure the personal data you collect is processed in a fair manner and only collected for relevant and legitimate purposes
- Don’t forget to maintain oversight of partners and vendors as well — if another organization provides services on your behalf, you are also responsible for how they collect and use your consumers’ personal information

ADOPT A PRIVACY FRAMEWORK
Research how a privacy framework can work for you. A privacy framework can help you manage risk and create a culture of privacy in your organization. It is a way to build privacy into your organization’s foundation. Get started by checking out the following frameworks: NIST Privacy Framework, AICPA Privacy Management Framework and ISO/IEC 27701 – International Standard for Privacy Information Management

EDUCATE EMPLOYEES
Your employees are the frontlines toward protecting all the data your organization collects. Create a culture of privacy in your organization by educating your employees of their and your organization’s obligations to protecting personal information.

Additional Information and Resources on Data Privacy

What is Data Privacy? Infographic, courtesy of Terranova
7 End User Data Privacy Awareness Tips Infographic, courtesy of Terranova
Tips for Parents on Raising Privacy-Savvy Kids, courtesy of NCSA
National Cybersecurity Alliance Online Safety and Privacy Basics Resource
Federal Trade Commission: Privacy and security resources for consumers and businesses.
Consumer Reports: Consumer Reports shares privacy tips, product ratings and news to help consumers protect their privacy.
Mozilla “Privacy Not Included”: With this guide, Mozilla helps you shop for safe, secure devices and presents information on the privacy and security of popular products.

SUNY College of Optometry is

recognized as a Data Privacy Champion!

The Data Privacy Week Champions represent those dedicated to empowering individuals and encouraging businesses to respect privacy, safeguard data and enable trust. Champions include companies and organizations of all sizes, schools and school districts, colleges and universities, nonprofits, government organizations and individuals.