Enterprises are trusted with protecting the personal data of both employees and customers, who expect their information to be protected.
But even with these expectations, data breaches continue to occur. In fact, just like week, payment processor Heartland Payment Systems suffered what may turn out to be the biggest reported data-loss incident of all time.
Perhaps now is the perfect time to raise awareness around data privacy.
Companies around the globe on Wednesday did just that when they celebrated the second annual Data Privacy Day, which featured seminars and other events aimed at educating users and generating discussions around the topic. The U.S. House of Representatives on Monday approved a resolution to declare Jan. 28 Data Privacy Day.
Five states — including California, which was the first state to pass a data breach notification law — also recognize the day, according to a news release from Rep. David Price, D-N.C., who sponsored the resolution.
“Data Privacy Day is about industry and government coming together to ensure that consumers truly understand the concept of online privacy and evolving threats to online safety,” Peter Cullen, chief privacy strategist at Microsoft, said.
Organizations in the United States, Canada, and 27 European countries will be participating in activities this year. The U.S. Justice and Homeland Security departments and the European Commission have recognized the importance of the day, along with a host of other government entities, education institutions and businesses around the world, according to Intel Corporation’s Data Privacy Day website, which provides a listing of events, activities and resources to honor the day.
The day puts a spotlight on the fact that both individuals and corporations can share in the responsibility to protect data being stored in an organization, Christopher Burgess, senior security adviser at Cisco, told SCMagazineUS.com Wednesday. Companies have the obligation to show customers and employees what they are doing with personal data — and the customers and employees have an obligation to ask, Burgess said.
It is an individual’s responsibility to keep his home internet connection safe and web browsers up to date, and become educated about privacy issues, he said. Organizations, meanwhile, should be conducting security and awareness training that involves the whole business.
In preparation for an event being held Wednesday with speakers from MySpace, the Center for Democracy and Technology, Intel and the California Office of Privacy Protection, host Microsoft recently commissioned research to determine which privacy issues are most important to consumers.
Consumers are concerned about their privacy online but many do not fully understand the threats, Microsoft found. They take precautions to install anti-virus software but are unsure of what this technology does. People also are worried about the threats that social networking and online finance sites pose.
“What these findings tell us is that we must do more to educate consumers,” Cullen said.
The Authentication and Online Trust Alliance, a membership group that promotes online security, released on Wednesday a Top 10 list of privacy principles and business practices, in recognition of Data Privacy Day.
The suggestions include ensuring all privacy policies are discoverable, transparent, and written, in addition to providing users with the company policy so that they can regularly review it, especially after it has been changed.