How Data Privacy is Good for Business
January 28th is Data Privacy Day. It began in Europe in 2007 and has been celebrated on the same day every year in the US since 2008. Data Privacy Day is an annual reminder—led by the National Cyber Security Alliance (NCSA)—to evaluate our ‘cyber hygiene’ as individuals and to recognize how proper privacy practices are good for business.
As a company dedicated to both educating and protecting our community, it’s only natural that Infinity, Inc. would be a Champion for this annual event. And we’re here to share how data privacy can help your business, as well as some tips for you personally.
What is Data Privacy?
In a nutshell, data privacy is the proper handling of personal information. It covers individual behaviors such as sharing, access, and control, and it encompasses how businesses collect, notify, store, and share information. That’s a simple way to say quite a lot, so we’ll break it down.
Data Privacy for Individuals
From the moment you’re born in the US and receive a birth certificate, you have personal information. This information helps to identify you as your unique self, and it only increases as you grow up. From your birthday and social security number to the hospital where you were born and your home address, pieces of data collect about you as you attend schools and get jobs, register different addresses and phone numbers, and do things like open bank accounts and vote.
Not all of these bits of information are personally identifying on their own. Obviously lots of people attend Harvard University. But when we talk about data privacy, we need to consider all the information that exists about us out in the world so we can begin to comprehend where we do (and do not) have control. And even these more-or-less ‘public’ facts about us can play into having our identity compromised.
According to the NCSA, “Millions of people are unaware of and uninformed about how their personal information is being used, collected or shared in our digital society. Data Privacy Day aims to inspire dialogue and empower individuals and companies to take action.”
Click on the image to read real-world examples of how bits of information about you can be used to exploit you, your loved ones, and your business, and find actionable ways to combat your own data leakages below.
Data Privacy Tips for Individuals
There are many things you can do to begin controlling how much information you share. Getting a handle on what might already be out there though can take time. So the first step is to run your own personal audit. Start easy and build on your successes.
- Go through the settings on your phone. See which apps have Location sharing activated and which ones have access to your Photos, Microphone, and Bluetooth, for example. Determine whether they need it at all or if you can limit the access. Also look for apps you no longer use and delete them entirely.
- Check the settings on your computer, tablet, or laptop. See if the wi-fi is configured to automatically connect and whether it needs to. Check the Bluetooth settings, and look for any file-sharing or automatic storage settings. If the machine is shared with any other people, have them go through this, too. And make sure you keep the updates current. Out of date software makes you more vulnerable to hackers.
You may find everything is exactly how you want it. That’s fine. The goal is to know your own privacy levels and control them to your comfort level. And if you’d like help finding some of those settings, click here to access the NCSA’s links for many of the most common devices and online services. - Perform a password audit. First things first, each account should have its own unique password. If that’s not the case for your most critical accounts like banking, HR or benefits sites, and email, change them all. Yes, this is a pain, but do it anyway. Make sure you’re not saving some file named ‘passwords’ on your computer. And writing them on sticky notes that you keep under the keyboard isn’t recommended either. Consider taking this opportunity to sign up for a password manager; there are reputable free ones. For more on passwords, click here.
- Scrub your social media accounts. If you’re active on any social sites (Facebook, LinkedIn, Reddit, Instagram, etc.), or even if you signed up “but never log on,” set some time to take a look at them. If you haven’t changed your passwords in a while, do that. If you have a profile, see how much is public and whether you want any of it filled out. Check the default sharing settings, such as who can see your posts – everyone (public), friends only, friends and friends of friends, etc. For that matter, look at the friends you have on there. Are they real people you know and want to keep in touch with? If you don’t actively use the site, simply delete your profile. Why? Because you most likely had to sign up with an email address, which can be compromised and cause a lot of trouble for being tied to an account you don’t even use.
Bonus tip: Stop taking those online quizzes that ask random questions about your childhood, tattoos, marriages, children, pets, and favorite foods. Yes, it’s fun to know which Star Wars or Game of Thrones character you’d be, but the answers you give can be used to build a profile of you. (Again, read the article linked above.) Similar warning about apps that use selfies or other photos to age you or create other fun effects. No, they’re not all evil. But almost all of them require some kind of access or permission from you, and you could be agreeing to way more than you intended. - Online or offline, keep regular tabs on your financials. Some bank accounts offer an app or notifications for your convenience. Or you may still receive a monthly statement in the mail. Whatever the format, regularly checking your bank, credit card, and other types of accounts can give you early warning if there has been questionable activity.
By following those 5 steps, you’ll be able to rest easy knowing you are actively controlling your own data privacy. Yes, the steps will take a hefty chunk of time and effort to complete at first. But once you’ve gone through all the steps once, your regular checkups will be quick and easy. So pick a friend to keep you accountable and/or get your family involved. Next we’ll focus on your business.
Data Privacy for Businesses
One of the goals of Data Privacy Day is to encourage businesses to respect privacy, safeguard data, and enable trust. The NCSA believes that “all organizations share the responsibility of being conscientious stewards of personal information,” and the various ways we’re all digitally connected now make a strong case for that. They also believe—as we do—that data privacy isn’t just an individual issue. It’s good business. That may seem counter-intuitive considering the costs and time needed to capture, store, and analyze data. But consider this:
No matter what product or service you offer as a business, there is one thing you’re truly selling…
Trust.
In order to have repeat business, your customers have to trust you. You have to follow through on what you offer. And when it comes to data, your customers need to believe you are only tracking the information you need, that you’re storing it securely, and that you are being open with them about how it will be used and who it might be shared with.
If they don’t trust you with their data, they won’t do business with you. And they’ll most likely tell others. So Data Privacy Day is a good reminder to audit your customer information systems. This includes the ways you capture information, how and where you keep it, who can access it, and how long you’ll have it.
Data Privacy Tips for Businesses
Similar to the tips for individuals above, the first step to better information hygiene is conducting an audit to figure out where you currently stand. This should be a company-wide effort as different departments may want or use different types of data. We’d also recommend bringing your legal and IT partners into the discussion. From a technical standpoint, there may be easier ways to accomplish what you’re trying to do, and legally you can ensure you’re in compliance with any pertinent regulations.
- Find out who is tracking what, and why. Depending on the number of different systems and programs you use throughout your business, you may find customer information in a variety of places. Sales may use a database…and they may also have separate lists or Excel sheets with names, phones numbers, and emails. Operations may have addresses in a program as well as on printed shipping slips. Customer Service and Finance may have payment information with contact details in a backend system, plus printed invoices. And Marketing may have birthdays and anniversaries in another program. There’s nothing wrong with having any of it. You just need to make sure you know who has what data and where/how they keep it
- Decide what data you need. After talking with all departments, you may discover you have information you don’t do anything with, and, conversely, you may want to start collecting some different types of information. As you figure this out, be sure to discuss how long you’ll need each kind of information as well as how long you are legally allowed – or required – to keep it.
- Determine access control. Once you know what data you need, how and where and how long it will be stored, you can limit access to only those who need it. Access control helps you limit the potential for breaches, but it shouldn’t be used as a way to make anyone’s job more difficult. Proper access control can clear up workflow blockages that arise from permission requests or approval delays. For more on ways to improve your business processes, click here.
- Make a privacy policy. Now that you know what information you’re going to collect and how you’re going to handle it, write it down. Once it’s in clear black-and-white, you can include it in your employee training, use it as a resource for questions that come up later, and you can share it with your clients or at least let them know it is available to them.
- Review and refresh. Going through these steps can be a big initial undertaking. But once you have your policy and procedures, reviewing it will be a breeze. Set a regular schedule of every 1 or 2 years, and sit down with your department heads to see if anything has changed. Again, we recommend including your partners in this discussion as laws and software updates can change over time.
As always, the team at Infinity is willing and available to help if you have questions about any of this. You can also find more resources by clicking on the tags under this post. And we’ll leave you with a final word from our CEO about Data Privacy Day:
“Infinity is proud to support this far-reaching online safety awareness and educational initiative,” says CEO Chuck Brown. “Data privacy is critical on both the individual level and the business level. By participating as a Champion, we further acknowledge our commitment to the community as a leading industry provider in cybersecurity awareness and prevention.”