Contrary to all the high hopes that typically accompany a new year, 2020 had an inauspicious start with raging wildfires, deadly crashes, social unrest, and of course, COVID-19. COVID-19 impacted more areas of our lives than we ever could have imagined. For example, it introduced a whole new set of cybersecurity and data privacy risks to businesses and individuals. The rapid deployment of a massive remote workforce coupled with the growth in the use of personal devices and insecure networks created an opportunity for malicious actors to exploit weaknesses on a scale never experienced before. Throw into the mix the ramped-up use of social engineering tactics to trick users into opening up corona-themed messages infected with malware and well… you know what happened… a cyber pandemic on top of a biological pandemic. Indeed, COVID-19 is now classified as the largest ever cybersecurity threat.
Understanding the new data privacy landscape
In the midst of all this, businesses have had to face not only rising cyber threats and the pandemic’s impact on their bottom line but also a very different data privacy landscape. This new landscape addresses important questions about the collection and disclosure of personal and sensitive data. It also raises concerns about whether personal privacy will become another victim of COVID-19. And we’re right to be concerned. After all, privacy is foundational to democracies and must be protected.
On the other hand, due to COVID-19, we are more reliant than ever on online services to conduct our daily personal and professional lives, and those online services, such as Amazon, Zoom, telemedicine, and telehealth, depend on massive amounts of personal data for their business operations and growth. Data, therefore, has become an increasingly valuable asset in and of itself causing a race between technology and security professionals, who are trying to respond as quickly as they can to the changing cyber landscape, and bad actors, who are trying as quickly as they can to exploit it.
Governments around the world are responding to all of this by issuing guidelines for navigating new data privacy issues and mitigating cybersecurity risks. In the US, for example, numerous state and federal agencies have released industry letters, alerts, and tips on issues of data privacy, security, requirements, and compliance in the wake of COVID-19. Even the United Nations issued a statement noting that data privacy should be prioritized as part of the effort to fight the pandemic.
Data privacy more relevant than ever
This environment makes Data Privacy Day, which takes place every January 28, more important than ever. Data Privacy Day is part of a concerted international effort to raise awareness and encourage discourse about the importance of, you guessed it, data privacy. Established in the US and Canada in 2008 as an extension of Europe’s Data Protection Day, Data Privacy Day commemorates the January 28, 1981 signing of Convention 108, which was the first legally binding international treaty dealing with the protection of data and privacy. Little did we know at that time how complex and enormous the issue of data privacy would eventually become, especially since COVID-19.
Making progress
This year, the theme of Data Privacy Day is the value of information, which cannot be overstated. Data Privacy Day is about motivating individuals to take more responsibility for their online privacy and helping them understand the value of their personal data, why it is collected, and how it is used. It’s also about encouraging businesses to better protect their employee and customer data and to understand that they must act as the guardians of that data.
Advice for businesses
To accommodate this new privacy landscape, organizations, both private and public, will need to rethink their security policies and strategies. They will have to learn how to implement effective data privacy measures while concomitantly demonstrating to shareholders that those measures don’t stifle the needs of the organization, and to consumers, that their privacy is being protected. They need to implement robust endpoint protection, practice transparency about how data is collected and used, conduct due diligence on their service providers to ensure their partners are also cyber secure, and provide employees with cybersecurity awareness training.
It’s all good
And all of this is good for individuals and businesses. It’s good for individuals because it gives them more control over their data and therefore their privacy and it’s good for businesses because confident, trusting, and loyal customers help businesses grow. After all, at the end of the day, data privacy is everyone’s concern.