Some more information and ideas for Data Privacy Day, January 28

Last Thursday I posted about how tomorrow (1/28) is International Data Privacy Day.
I was delighfully surprised to receive an email in response to my blog post from Leonardo Cervera, the coordinator of Data Privacy Day 2008! Be sure to check out his site to find comprehensive information about all the activities being done for Data Privacy Day, as well as seeing the world-wide support Data Privacy Day is being given…it is good to see government agencies and large corporations acknowledging the importance of preserving privacy.


Another site that is good to track every day for information about privacy incidents that occur daily is pogowasright.org.
I get really tired of reading from news articles and hearing others’ opinions about how we don’t have any privacy anymore, that there is nothing we can do with it, and that everyone should just accept it.
HOGWASH!
The ongoing popular argument for this statement is always a reference to how people will post their information to social networking sites, or how people will give unknown employees at stores their credit card numbers to make purchases. This is quickly always followed up by, “See, people don’t care about their privacy. They do this all on their own.”
It is important to recognize that there are basically two ways in which people lose privacy:
1. They give it away by doing something silly, by not thinking things through before taking an action, by making a mistake, by being unaware of the consequences, or by being suckered by a criminal.
2. They *HAVE IT TAKEN AWAY* by an organization to whom they have entrusted their personally identifiable information (PII), such as a doctor, accountant, insurance company, government agency, and an infinite list of other organizations and businesses, because the organizations and businesses had poor safeguards for the PII, they made mistakes, or they valued profit over the cost of implementing safeguards and were willing to put PII…and privacy…at risk.
Number 1 above must be addressed with better awareness and understanding of the risks involved with transferring, storing and posting PII. There will always be people who will be their own worst privacy enemies, or who believe the untruths that their trusted professionals tell them about privacy, but we must continue trying to raise awareness.
Number 2 must be addressed with a number of actions, including the passage of comprehensive, understandable, effective and consistently enforced privacy laws, by asking our employers what they do to protect privacy, by asking the companies we do business with what they do to protect privacy, by reporting data protection and privacy law noncompliance to government oversight and enforcement agencies, and by telling organizations that they are responsible for taking the actions necessary for protecting PII. Privacy is not dead if you demand that it be addressed.
So, here are a few more ideas for you, personally, to do for Data Privacy Day:
1. Notice if your employer is doing anything tomorrow for Data Privacy Day.
a) If they are doing nothing, call your information security officer, privacy officer, CEO, and any other CxO, and tell them that it is Data Privacy Day! Tell them some of the communications and activities that other organizations and government agencies are doing to highlight the importance of privacy. Make them aware of the day; if you don’t, who will?
b) If they are doing something, participate! Provide feedback. Get involved.
2. Call and ask your banker/insurance provider/school/doctor/lawyer/credit reporting agency/etc. what they are doing to protect PII. Ask them any or all of the following…
a) I would like to view my PII; how can I do this?
b) I would like to correct some errors within my PII; how can I do this?
c) Do you have a documented and tested privacy breach prevention and response plan?
d) With what other organizations do you share PII?
e) Do you provide regular information security and privacy training and ongoing awareness communications to your employees, your contracted staff, and your outsourced vendors?
f) When was the last time you experienced a privacy breach? What did you do, as a result, to ensure it does not happen again?
You will not have privacy if you give it away and allow others to take it from you. To keep organizations from saying there is nothing they can do, continue to ask your employers, and organizations you give business to, what they are doing to protect PII.
Go make it a great day! Raise some awareness, and let us know what you did to promote privacy. Let Leonardo Cervera know, and he might put your activity on his website. Let me know and I definitely will put you on this website! 🙂

Tags: , , , , , , , , , , ,

Leave a Reply

Some more information and ideas for Data Privacy Day, January 28

Last Thursday I posted about how tomorrow (1/28) is International Data Privacy Day.
I was delighfully surprised to receive an email in response to my blog post from Leonardo Cervera, the coordinator of Data Privacy Day 2008! Be sure to check out his site to find comprehensive information about all the activities being done for Data Privacy Day, as well as seeing the world-wide support Data Privacy Day is being given…it is good to see government agencies and large corporations acknowledging the importance of preserving privacy.

Read the rest of this entry »

Tags: , , , , , , , , , , ,

Leave a Reply