Musings on Data Privacy Day

As always, the phrase makes you think. Data privacy has a day, for people to focus on it and think about the betterment of privacy.  Should we call this something more relatable to people? Privacy is all about a person. Data doesn’t need privacy. People and what is important to every one of them needs privacy: their identity, their lives, and their information. That is the core, but what is happening around privacy today?

This year we have three things to keep an eye on when it comes to data privacy (however misnamed).  These are Brexit, Breaches, and NIST Privacy Framework version 1.0. Uncertainty, fear, and hope.  An interesting twist to see at the beginning of a year, but that is how 2021 will go down in history.

Brexit leaves a quandary, how will Europe’s GDPR deal with one who has left them?  You see there is a problem many see with the GDPR.  Many privacy professionals wonder if the scrutiny being given to foreign nations such as the USA is scrutiny they could face as the EU.  Here you have a separating nation, with the same privacy laws leaving the membership of the EU.  This year we will see some of how Europe deals with a nation that was Europe… and now isn’t.  This will help pave the path for future treaties that protect everyone’s privacy to be built in the future.  Or so many of us hope.  It does however leave a feeling of uncertainty.

The massive number of breaches of 2020 was eye-watering.  However, is this just the tip of the iceberg?  Were there any that haven’t even been found yet? With the changes in society over the last year, many companies have still not learned some basics: securing privileged accounts (privileged account management), nor have they learned of least privilege management, otherwise known as, you can only breach things you have access to.  Many CISOs and CIOs are concerned that there are breaches that they don’t know about, that have happened simply because the staff isn’t there working in the office and neither are the rest of the staff.  Ireland even passed a law about being given work from home.  This is something companies simply are still playing catch-up on. This is still causing some fear to permeate the industry.

However, there is hope.  One of the problems with privacy programs is that you don’t know what you don’t know until you start doing it.  Well, using the new NIST Privacy Framework version 1.0 a company can start by simply going through what is a glorified checklist.  A checklist that can help someone build real, honest goodness, privacy program. Having walked people through it, it is simply easy to understand and gets people thinking the right way. This brings hope.

Starting a year off with the hope that all those companies arguing that they don’t have funds for a privacy program, or that it would simply be bad optics for them to be prosecuted, you have an out now.  Take some time with a free resource and start making real headway towards having your company’s privacy program.

This year, let’s focus on hope and protecting people and their personal data.


Article Rating