Data Protection Day: Shot in the Arm or a Waste of Time?

It’s Data Protection Day next Thursday if you hadn’t noticed, and you’re forgiven for not doing so. I only remembered about it after researching an analysis piece today for Infosecurity Magazine.

The idea is to raise awareness among consumers to think twice about leaving a bigger digital footprint online than they already have, and to try and get businesses to take data privacy more seriously.

On both counts it’s a challenging prospect, according to many of the experts I spoke to.

David Gibson, vice president of strategy at Varonis, told me that improving privacy protection all comes down to better monitoring of fraud abuses.

“The proof that traditional methods don’t work is in the increasing frequency and magnitude of data breaches related to unstructured data,” he argued.

“Not only is there more data to worry about, but it’s containing more sensitive and valuable information and it’s getting easier for attackers to exfiltrate that data since it’s typically not monitored. If what you’re trying to steal isn’t being watched, you have a much better chance of getting away.”

Rackspace senior director of legal, Lillian Pang, admitted that firms still don’t prioritise data privacy at a board level, and this needs to change if things are to get better for consumers.

“Only then will firms start taking it seriously and filter down the privacy compliance needs to the ground level of its business. In some respects, you could say that privacy needs to be led from the top level of any business and administered from the ground level,” she told me.

“Many firms pay lip service to the importance of data privacy but few really understand or recognise that a robust data privacy program in a firm solidifies its information security and helps to further safeguard the firm’s business.”

The EU General Data Protection Regulation could be the push that many firms need to start taking the issue seriously, according to Gemalto data protection CTO, Jason Hart.

“The EU Data Protection Regulation is set to be finalised later this year, but companies need to start taking the steps to change how they protect their data now, otherwise they could find themselves subject to compliance penalties, and also put their reputation and consumer confidence at risk,” he warned.

“As the reporting requirements of the new EU regulation make data breaches more visible, we can expect the economic and business consequences of a breach to continue to escalate, so businesses need to start taking steps to ensure they are prepared for when new regulation comes into force.”

So are awareness raising exercises like Data Protection Day even worth the effort? Well the general consensus is that anything like this is probably a bonus, although the jury’s out on how effective it can be.

“Although Data Privacy Day is a great opportunity to raise awareness of the issue, understanding the importance of protecting data needs to be an all year round initiative,” said Hart. “Businesses need to realise the importance of the data they hold in their systems and how the loss of this can impact their customers.”

Data Protection Day (Data Privacy Day in the US) is on 28 January.