The 28th of January is International Data Privacy Day, held every year, an international effort highlighting “Respecting Privacy, Safeguarding Data and Enabling Trust.” PDEC celebrates Data Privacy Day in honor of our members.
Data Protection Day was inaugurated in 2006 by the Council of Europe to highlight the groundbreaking work that the EU had completed to secure that the protection of personal data is safeguarded as a fundamental human right. Much of the world has followed Europe’s lead, in part owing to growing issues and developments in privacy concerns.
The day is known as “Data Privacy Day” outside of the EU. The focus has largely shifted to individuals and companies being encouraged to be proactive and keep their data secure, as opposed to relying on citizens’ privacy merely being protected by legislative control and enforcement.
Privacy in 2017 is an issue of greater concern than ever. The US and the UK have both seen their governments relax privacy restrictions.
In November of 2016 the UK signed into law the Investigatory Powers Act, which was nicknamed the “Snooper’s Charter.” The law extended the reach of UK state surveillance. A month later the EU’s highest court ruled that the “General and indiscriminate retention” of emails and electronic communications by governments is illegal, challenging the Act. At issue was whether the EU data retention standards need to be respected by member states (the UK’s, in this case) via their domestic legislation. How this will play out, which is part of the Brexit issue and the UK leaving the EU, remains to be seen.
In the US a similar bill was passed in December of last year. The Cybersecurity Information Sharing Act (CISA), seeks to allow companies to hand over data of various sorts, including personal data, to federal agencies. This gives companies the freedom to share information with the Department of Defense and the NSA without facing reparations or being subject to lawsuits.
These, of course, are matters of major concern to PDEC.
Adoption of the EU’s GDPR is around the corner, taking place in May of 2018. This will affect companies worldwide, as every organization that does business with an EU company must comply with the GDPR. Those that do not comply will face fines up to 4% of their global revenue. What this does is protect an individual’s personal data. It gives the individual control over how companies may use their personal data; how and with whom (or what entities) it may be shared. The individual has the right to select which data, and to change their mind about various data points as they so choose. The GDPR calls for informing individuals about breaches. That has been standard for years in the US, but is new to the EU.
Each year on its website the Council of Europe reviews the progress of Data Protection Day, now known as Data Privacy Day. Here’s the 2017 version.
ISACA, formerly known as the Information Systems Audit and Control Association, has a good summary and history of Data Privacy Day on its website.
Express VPN also has a history, plus resources for learning and getting involved in Data Privacy Day on its website.
Global Knowledge suggests how to do your part on Data Privacy Day.
Women in Security and Privacy is proud to be an official Data Privacy Day 2017 Champion.
On Twitter there’s @DataPrivacyDay with its own account and feed.
The National Cyber Security Alliance (NCSA) assumed leadership of Data Privacy Day in August 2011. It’s Data Privacy Day web page offers a video and lots of resources about privacy and security.
And to conclude on a spirited note, the website timeanddate.com lists January 28 as Fun Holiday – Data Privacy Day