Sunday 28 January is international Data Privacy Day (also known in Europe as Data Protection Day). First initiated by the Council of Europe back in 2007 and passed in the US House of Representatives two years later, it has become an established point in the calendar at which to focus on improving awareness and protection of data, writes Peter Barker.
This year it feels particularly relevant, with the advent of the European Union’s General Data Protection Regulation (GDPR) in May. Regardless of the UK’s future position in Europe post-Brexit, the GDPR will most definitely affect businesses in this country. High-profile data breaches also throw the spotlight on this topic. I’d argue that awareness isn’t really the problem anymore, but rather knowing what to do about instigating better data privacy and protection Best Practice.
We’re also at an interesting stage in terms of our digital culture. Automation is everywhere, augmented by the growth of the Internet of Things and cashless payments, with other digital technology trends set to expand in 2018. Our digital footprints are multi-faceted and increasingly interconnected.
Confidential information that once was locked away in company vaults and personal safes and tucked neatly into zipped wallets is often now on our mobile devices or laptops. We carry around virtual offices and huge amounts of personal data every time we leave home. Indeed, according to Strategy Analytics, 38.8% of the global workforce was mobile in 2016.*
Of course, digitisation has huge benefits and is an unstoppable force. On that basis, I’m taking Data Privacy Day as my cue to consider some ‘New Year’s resolutions’ that could apply to most of us. Much of it doesn’t depend on advanced software, either.
Greater focus on protection
First, we need more focus on protecting what we carry around. We wouldn’t leave the office door wide open, so we need to apply the same safeguards to our ‘mobile offices’. Avoid carrying around sensitive or confidential documents and make sure that mobile devices are robustly protected with log-in codes, biometrics and security software.
Security risks don’t stop when we enter what may feel like the safety of the office walls. Of course, most organisations now have security policies and software in place that’s well-established and, as those policies evolve, they potentially offer even more protection. However, it’s all-too-easy to forget that security risks don’t just arise from the Internet. Are the credentials of visitors and contractors routinely checked? If they were in part of the building or looking at a document left on a table, or a screen left unattended, would they be challenged on a routine basis?
While a culture of friendliness and politeness is good for any organisation, employees shouldn’t feel inhibited to challenge something – or someone – that doesn’t look right. This was underlined by the Global Visual Hacking Experiment conducted in 2016 on behalf of 3M by The Ponemon Institute. The White Hat Hacker who actually conducted the trials was only confronted in less than a third of visual hacking attempts (of which, on average, 91% were successful worldwide).
We also need to make sure that our screens are not visible to prying eyes. In addition to a variety of research and studies about ‘visual hacks’ over the years, the recent Twitter feed by film director Barry Jenkins shows how easy it is to view someone’s screen in public. Of course, his running commentary on Twitter over the shoulder of a fellow aircraft passenger who was watching the film Notting Hill was harmless, but other scenarios that are not are easy to imagine. For instance, someone dishonest taking a smart phone image of confidential data on someone’s laptop and selling that information is a distinct possibility.
We should angle screens where they are not easily visible (especially in public), use automatic screensavers and log-ins after a couple of minutes of inactivity and also fit privacy filters over the screens of office and mobile devices (including smart phones) so that on-screen information is only visible to the user and not to someone taking a sideways glance or looking over a shoulder.
Reducing the use of paper
Many organisations already have policies in place to reduce the unnecessary use of paper. Aside from the environmental considerations, less printing or copying of material reduces the potential risk of someone seeing or picking up sensitive information.
The Global Visual Hacking Experiment also found that 56% of sensitive data was obtained from printed documents (as opposed to 44% from on-screen information).** Make sure documents are removed swiftly from printers and copiers and routinely shred anything that contains sensitive information.
Protecting data is a multi-faceted task, but there’s much that we can do, both as businesses and as individuals – quickly, simply and relatively inexpensively – to better protect our own, our customers’ and our businesses’ valuable information. Let’s determine to make this a priority for 2018.
Peter Barker is Market Development Manager (EMEA) for the Display Materials and Systems Division at 3M
Data Privacy Day’s educational initiative originally focused on raising awareness among businesses as well as users about the importance of protecting the privacy of their personal information online, and particularly so in the context of social networking. The educational focus has expanded over the past four years to include families, consumers and businesses. In addition to its educational initiative, Data Privacy Day promotes events and activities that stimulate the development of technology tools designed to promote individual control over personally identifiable information, encourage compliance with privacy laws and regulations and create dialogues among stakeholders interested in advancing data protection and privacy. The day offers many opportunities for collaboration among Governments, industry, academia, non-profits, privacy professionals and educators alike