Data Privacy week: insights for businesses
#CyberDivision #Cybersecurity #infosec #fraud
Respecting the privacy of your customers, staff, and all other stakeholders is critical for inspiring trust and enhancing reputation. According to the Pew Research Center, 79% of U.S. adults report being concerned about the way their
data is being used by companies. By being open about how you use data and respecting privacy, you can stand out from your competition.
Be transparent about how you collect, use, and share consumers’ personal information. Think about how the consumer may expect their data to be used. Design settings to protect their information by default. Communicate clearly and concisely to the public what privacy means to your organization, as well as the steps you take to achieve and maintain privacy.
Here are a few steps toward building a culture of respecting data at your organization:
1. CONDUCT AN ASSESSMENT
Assess your data collection practices. Understand which privacy laws apply to your business, and remember you will have to think about local, national, and global regulations.
> Generate and follow security measures to keep individuals’ personal information safe from unauthorized access
> Make sure the personal data you collect is processed in a fair manner and only collected for relevant and legitimate purposes
> Don’t forget to maintain oversight of partners and vendors as well -- if another organization provides services on your behalf, you are also responsible for how they collect and use your consumers’ personal information
2. ADOPT A PRIVACY FRAMEWORK
Research how a privacy framework can work for you. A privacy framework can help you manage risk and create a culture of privacy in your organization. It is a way to build privacy into your organization's foundation. Get started by checking out the following frameworks:
> NIST Privacy Framework
> AICPA Privacy Management Framework
> ISO/IEC 27701 - International Standard for Privacy Information Management
3. EDUCATE EMPLOYEES
Your employees are the frontlines toward protecting all the data your organization collects. Create a culture of privacy in your organization by educating your employees of their and your organization’s obligations to protecting personal information:
> Create a privacy policy for your company and ensure your employees know it
> Teach new employees about their role in your privacy culture during the onboarding process.
> Engage staff by asking them to consider how privacy and data security applies to the work they do on a daily basis. Better security and privacy behaviors at home will translate to better security and privacy practices at work.
> Remind employees to update their privacy and security settings on work and personal accounts.
Facts and Research
As you conduct data privacy activities in your organization and educate your audiences, reference the following reports and stats to help you make the case for privacy:
REPORTS AND SURVEYS
> Cisco 2022 Data Privacy Benchmark Study
> Consumer Reports: 2022 Consumer Cyber Readiness Report
> Cisco 2022 Consumer Data Privacy Survey
> KPMG Corporate data responsibility: Bridging the consumer trust gap
> Data Grail: The Great Privacy Awakening Report 2022
> ISACA: Privacy in Practice 2022
> Bloomberg Law: Outlook on Privacy & Data Security 2022
> Forgerock: 2022 Consumer Identity Breach Report
> Domo: Data Never Sleeps
FAST FACTS
THE BUSINESS CASE FOR PRIVACY
> 70% of business leaders say their company increased collection of consumer data over the last year but 62% say their company should do more to strengthen data protection measures (KPMG)
> Personal customer information (such as name, email, and password) is included in 44% of data breaches. (IBM)
> 33% of users have terminated relationships with companies over data privacy lapses, including social media platforms, retailers, credit card providers, ISPs and banks or financial institutions. (Cisco)
> 48% of internet users have stopped shopping with a company because of privacy concerns.(Tableau)
> 81% of users say the potential risks they face from companies collecting data outweigh the benefits. (Pew Research Center)
> 75% of the consumers said they want greater transparency about how their data is used. (KPMG) Facts and Research
FAST FACTS
CONSUMER SENTIMENT
> 89% of people say they care about data privacy (Cisco)
> 79% of people say that it’s too hard for them to know and understand how companies are using their data. (Cisco)
> 43% of people said they are unable to protect their data effectively. (Cisco)
> 48% of consumers are not confident that their personal data, such as social security numbers, health history and financial information, is private and not distributed without their knowledge (Consumer Reports)
> 79% of internet users globally feel they have completely lost control over their personal data (LegalJobsIO)
> Only about 30% of consumers believe that companies are currently using their data responsibly (McKinsey)
> About 80% of US adults say they have little or no control over the data that the government or companies collect about them (Pew Research Center)
> 63% of Internet users believe most companies aren’t transparent about how their data is used (Tableau) Personal customer information (such as name, email, and password) is included in
> 44% of data breaches. (IBM)
> 58% of users said they would be willing to share data to avoid paying for online content. (Statista)
> Only 3% of Americans say they understand how current online privacy laws actually work in America. (Data Prot)
Get Involved
You can help out and teach others about data privacy!
AT WORK, AT SCHOOL AND IN THE COMMUNITY
> Email colleagues, employees, customers and/or your school and community about the week and outline how your organization will be involved. Highlight the theme and messaging. You can use information from the toolkit in the email. See the “Employee Email Template” available to all Champions.
> Attend a Data Privacy Week event. Promote your event on our community calendar or see what Data Privacy Week activities are taking place in your area.
> Build a culture of privacy at work by teaching all employees data privacy. Offer a training or quiz for employees and consider giving away prizes.
> Host a poster or video contest for students in which participants create informative data privacy resources. Display the winning entries at school.
> Work with leadership to issue a proclamation to show your organization’s support of Data Privacy Week and declare what your company does to respect privacy.
> Post the Data Privacy Week logo on your organization’s external or internal website.
> Issue a company promotion related to the week such as a product discount, competition, or giveaways for customers.
> Distribute the sample press release in your toolkit. You can publish it as a traditional media alert or publish it on your website’s blog to share with your online audiences.
Additional Resources
Consumer Reports:
Consumer Reports shares privacy tips, product ratings and news to help consumers protect their privacy.
https://www.consumerreports.org/issue/data-privacy
Federal Trade Commission:
Privacy and security resources for consumers and businesses.
https://www.ftc.gov/tips-advice/business-center/privacy-and- security
Federal Trade Commission En Español:
Información sobre la privacidad en línea, recomendaciones para proteger sus dispositivos contra las amenazas y piratas informáticos y evitar las estafas más comunes en internet.
https://consumidor.ftc.gov/robo-de-identidad-y-seguridad-en-linea/privacidad- y-seguridad-en-linea
Future of Privacy Forum:
The Future of Privacy Forum brings together industry, academics, consumer advocates, and other thought leaders to explore the challenges posed by technological innovation and develop privacy protections, ethical norms, and workable business practices.
https://fpf.org/
International Association of Privacy Professionals:
A resource for professionals who want to develop and advance their careers by helping their organizations successfully manage these risks and protect their data.
https://iapp.org/
Mozilla's "Privacy Not Included":
With this guide, Mozilla helps you shop for safe, secure devices and presents information on the privacy and security of popular products: https://foundation.mozilla.org/en/privacynotincluded/
National Cybersecurity Alliance:
Online Safety and Privacy Basics Resources https://staysafeonline.org/resources/online-safety-privacy-basics/
National Institute of Standards and Technology (NIST):
Online privacy is becoming increasingly important as we move closer to a fully internet- connected world.
https://www.nist.gov/blogs/manufacturing-innovation- blog/maintaining-your-online-privacy
Spread Privacy:
Learn about data privacy from the Official Duck Duck Go blog. https://spreadprivacy.com/