In light of Data Protection Day on January 28th, it’s essential to be extra aware of how we protect our data. Whether using social media, shopping online, or even browsing the internet, we constantly share information about ourselves. While some of this data is innocuous, other pieces like our addresses, credit card numbers, and health information can be pretty sensitive. So what can we do to keep our data safe?
Data Protection Day is an international holiday that raises awareness about the importance of protecting personal data. It shines a spotlight on individuals, organisations and governments to promote best practices for data protection, increase understanding of data privacy laws, and remind everyone about their rights related to technology and personal information.
To protect our data, we should all abide by the eight principles of Data Protection Day:
1. Respect for privacy: All data processing must be in line with the laws and regulations and any other requirements that apply to protect personal data.
2. Accountability: Organisations must take responsibility for their compliance with relevant data protection obligations and ensure they are adequately enforced.
3. Security: All data must be securely stored and handled using appropriate measures, including encryption, authentication and access control.
4. Transparency: Organisations should be transparent about their data processing activities and provide individuals with clear information about how their personal data is collected and used.
5. Data minimisation: The minimum personal data necessary for the specific purpose should be collected and used.
6. Purpose limitation: Personal data must only be used for the purpose for which it was initially collected and nothing else.
7. Data accuracy: Organisations must ensure that all personal data is accurate, up-to-date, and complete.
8. Data retention: Personal data must only be retained for as long as necessary to fulfil the purpose for which it was collected. By following these principles, we can ensure that our data remains safe and secure.
Things to remember on Data Protection Day & Every Day :
Conclusion
If you are suspicious about how data is being handled, contact the organisation responsible or seek independent legal advice. By understanding the importance of Data Protection Day and following these simple tips, you can help keep yourself safe. Here at Pentest People, we aim to protect businesses from cyber risks and any potential threats. Enquire here about the range of Penetration Testing Services we offer.
Data Protection data is celebrated internationally on January the 28th each year to promote privacy and raise awareness on best practices when it comes to data protection. The day focuses on raising awareness for individuals, businesses and consumers, and how we can protect our data and information in the digital space. I have Omate on today's podcast, talking about this a little bit more. Why is this an important initiative?
First of all, Hi, thanks for having me here. And I just believe that when I when I when I think of data, the first thing that comes to mind is, Do I own it? Do I own my own data? Do people think that they own their own data? So when you when you think about owning something, for example, I can say I own my shoes, I can decide to wear them any day I want. And I can throw them away, or I could buy new ones replace them? So when you think of that, in terms of data, any data that you Project Online? Do you have the ability to edit, delete, and create new, more data, basically?
And the answer to that is?
No, not really. So I can give you an example of this, for example, Fitbit, right? If you read their privacy policies, and I will come back to privacy policies later, but if you if you decide to read the privacy policies, you'll find that most data that they collect, it's now there's so to explain it to explain in a nicer way. So the privacy policy, right, they've got, they've got a statement that says when you when you have data stored on Fitbit, say any health data, if you decide to delete it, it takes about 60 days to actually delete it from their servers. So if you think that you've deleted your data, it's really not. And in those 60 days, if there is a data leak, your potential risk of being exposed online, and nobody likes being exposed. It's literally like leaving your house door unlocked, and your windows open. So you don't really want to expose yourself like this online, you want to stay protected, you want to you want to filter yourself and filter the the data that you provide online. How can you as a consumer become better at protecting your own data? So I can the situation you just said what can what can people do to protect their data a bit more? Right. Um, so let's talk about the filtration process. Every time you try to create an account online, right, you don't, don't just go and fill up every single detail they ask for, try to keep like a temporary email account that that has.
That received emails from like other types of forums, or science magazines, or anything that you're up to. But try to keep a personal one to keep in touch with, with the people you know, so that we are essentially filtering the amount of data that's online, you try to use a different name, try to give an incorrect date of birth. Because all this information, although you think that it's not really harmful, it is in the hands of someone else that your data can always be used to exploit you in some of the other way. For example, if if your details are exposed online, and say your mobile number and your GPS location has been exposed, someone could know exactly where you live, and your mobile number and could potentially initiate a phishing attack. So you are at risk of any type of cyber attacks once just the basic information. So I've been exposed to online. And I'm, as you mentioned phishing. And so whatsoever the dangers of phishing, what is phishing? And how can people avoid phishing attacks? Right, so when it comes to phishing, basically, attackers use the information that they found online about you, whether it be from a leaked data source or just publicly available information. And they use this to get in touch with you either by either by initiating a large scale attack in which they just send emails to multiple people but have the same message body. And then there's something called spearfishing where an attacker knows a lot more about you than you think, and initiates a very specific attack that's catered to you. So he knows a lot about you. And he's going to target those specific things. For example, your geolocation, so say Oh, do you live on so and so's Street? Do you know about this and if you get in touch, we could offer you a coupon or something just pay this or whatever. So yeah, there is a lot you could lose, you could lose
in terms of monetary value, you could you could you could lose your credit card details, you could lose other types of personal information, you could expose the people, you know. So for example, you say, Oh, this is the sounds like a great thing that you're telling me. But, you know, you could really talk to my neighbour and you expose their information you get in touch, you get your neighbour in touch with this attacker. So yes, he sort of like refer Yeah, be raising their plate and refer somebody else that you know, yeah. And the goal of these attacks is to
sort of bring people in, show them something really shiny, show them, oh, you could win a car? Or you could, it's when you hear the term when, you know, you could win this, or here's an Amazon gift voucher, or you enter this draw, and your number has been selected in this special event. Yeah. So. So obviously, nowadays, everybody's on social media, everybody's, everybody knows everything about everybody, just because the landscape we're in. And so what would you recommend people online can do? Because obviously, everybody knows everything about everybody on social media. And like, realistically, people aren't going to stop posting because of
because of people saying, Oh, careful, your data and all that. So what could you recommend to those on social media that they do. And there's only like top tips that come to mind about protecting them as much as possible when they're online.
So right, so when you're online, and you're projecting yourself, and you're expressing yourself, so when it comes to this, my advice would be not to reveal your entire name in your, your account, Id Don't Don't, don't
expose your date of birth, any information that could be tied to you try to keep an alias, you know, still express yourself, you can still upload pictures, you could upload videos, you can have your own opinion online, but try to
keep your personal information to yourself. You can have you can do all the things that you do online. But still, when it comes to your own data, try to try to be very selective in what you show about yourself online. Yeah, so obviously, house numbers, streets, locations, that sort of thing. Obviously, not anything private, like credit cards or anything like that. Absolutely. I mean, there's even features of geotagging locations when you post pictures online. And I mean, people still do it. But it really would be a good idea to not not geotag every single place, or at least accurately pinpoint the location you were at.
So to finish off, then,what's your number one top tip for businesses in terms of handling data, because obviously, businesses have a lot of employees and everybody sort of responsible for themselves, but also play a massive part in that business data. And so that's one key top tip that you can give to businesses for data protection day.
Right. So most businesses use services from other companies. And these services usually come with a privacy policy, I recommend that
that people who are in charge of purchasing these services give a really good read into these privacy policies, because that would reveal a lot more about how data is handled outside this company. So you need to monitor the data coming in and data going out. And when you're bringing in third parties, you need to you need to have a clear understanding of
what position are you in? How much data is in your control? Like I said, How much data do you do you really own? So if this if a business owns a part of
some data, right, and they use a service, like a cloud service, maybe they need to know how much data is still in their control? How much can they edit, what happens when they deleted? Where does it go? Does? Is it still on their servers? Does it reflect somehow immediately. You need to read the privacy policies and a recommendation to companies that do offer services. Make your privacy policies more readable. If you have a privacy policy that's readable people want to read it and interestingly, Deloitte had a survey in 2019 where they said
Wait people around 2000 people and ask them if they actually read privacy policies and terms and conditions before they accepted them. And about 91% said they didn't read a single thing. So this is a huge number we're talking about, it's 91%. And just a whole lot of people that haven't read their own privacy policies. Yeah. So so how would you recommend to make privacy policies more like readable to people?
So you need to know what people want, right? They want to know how they want to know what data has been taken from them. What
how data is managed by them, and how data can be manipulated by the owner, which is which is you? Yeah, so these three key points, you know, make it not in font number five, you know, don't make it so small. And don't make it super long. Make it like it maybe in a collapsible format, if you if you have a really nice big subheading colourful, maybe, yeah, you you open it, and you see everything that's related to that subject. So have it interactive. Yeah. Not just not just a plain page. Yeah.
Well, thank you so much for coming on the podcast today. And I hope it's been very valuable to businesses. All Amy's advice and top tips is given out and just remember to stay safe on data protection day and obviously every other day of the year.
But yeah, thank you so much. Thank you.