Data Privacy Day

The National Cyber Security Alliance (NCSA) on Friday is celebrating Data Privacy Day. The day serves as a reminder that safeguarding personal information needs to remain a top priority throughout 2022.

Joseph Carson is chief security scientist and advisory CISO at ThycoticCentrify.

“The notion of real privacy is perhaps something that no longer truly exists,” he said. “Internet-connected device usage has exploded in recent years, bringing huge changes to our society. But this has come with risks as we’re all tracked and monitored 24/7. It means we need to consider not just data privacy, but the safeguards that govern how data is collected and processed.”

Thanks to stricter regulations, the public now has greater say in how their data is used, Carson said. However, regulatory bodies need to continue to pressure companies and governments to maintain good cybersecurity practices, incorporating the principle of least privilege to protect collected data and provide users with transparent access to such data.

“Our personal data is becoming more and more profitable,” he said. “And many will begin to ask how citizens will be incentivized, or perhaps paid, for their data. What will the future hold for personal data ‘renting?'”

Luke Kenny is lead security principal at Trustwave.

“Data privacy isn’t just about day-to-day data protection and compliance anymore,” he said. “Organizations need to approach data privacy with an assume-breach mindset. How swiftly and effectively an organization can respond to a crisis like a data breach greatly affects short-term and long-term data privacy efficacy. Companies need to be conducting regular crisis simulations across their entire organization, not just IT and security disciplines, to ensure they can effectively respond to an incident and mitigate impact.”

Keith Neilson is technical evangelist at CloudSphere.

“In the United States alone, there are several disparate federal and state laws, some of which only regulate specific types of data like credit or health data, or specific populations like children,” he said. “Combine these regulations with the many different international laws that aim to ensure data privacy, such as General Data Protection Regulation (GDPR), and compliance for companies with global operations becomes an extremely complex undertaking. Data Privacy Day serves as a reminder that cyber asset management should be a top priority for every organization. Enterprises cannot ensure compliance and data security unless all assets are properly known, tagged and mapped in the cloud.”

To avoid jeopardizing sensitive company or customer data, organizations must take the first step of cyber asset management to secure visibility of all cyber assets in their IT environment and understand connections between business services, Neilson said. This includes identifying misconfigurations and automatically prioritizing risks to improve overall security, allowing for real-time visibility and management of all sensitive data.