Why Data Privacy Is About More Than Just Security

eWEEK DATA POINTS: Data Privacy Day 2019 is here, providing an opportunity for organizations and end users alike to revisit and improve data privacy.

data privacy

Jan. 28 is Data Privacy Day—a day to raise awareness about how the things and services we interact with online and in person collect data and what organizations and end users can do to limit risks.

Data Privacy Day is not a new event, but incidents that occurred in the past year have perhaps made the need for better data privacy even more pronounced. In 2018, the Facebook scandal involving data misuse by Cambridge Analytica broke, revealing that the information from millions of user profiles was used by a third party without user consent. Also in 2018, a reported breach from Marriott Hotels’ Starwood division impacted the data privacy of hundreds of millions more users. Beyond data breaches, 2018 was also the year in which the European Union's General Data Protection Regulation (GDPR) went in effect, providing a set of compliance regulations that organizations need to follow to help protect user privacy. 

In the spirit of Data Privacy Day, eWEEK presents data points and tips on things that both end users and organizations can do to help keep data private.

Data Point #1: Privacy is not the same thing as security.

While there is a relationship between data privacy and security, the two terms are not synonymous.

Security can be used to help protect data privacy, with technologies such as data encryption, but privacy is about more than just securing data. Data privacy is about end users and individuals having a say and some control over their own data, how it is shared and how it is used.

Data Point #2: Passwords are often a key to data security. 

Many of the sites and services that end users access every day require the use of some form of authentication, typically a password, to gain access. Passwords in that respect are not just an access tool, but are quite literally the keys to data privacy. In many data breaches, attackers are able to steal large troves of passwords, which are then used in what are known as credential stuffing attacks. In a credential stuffing attack, hackers attempt to use the stolen passwords on other sites and services, which often results in some success due to the fact that many users reuse passwords.

Don't use the same passwords on multiple sites and always make use multifactor authentication options when possible. With multifactor authentication, even if hackers get access to a password, they still need the second factor to gain access.

Data Point #3: Review social media settings and be aware of how data is shared.

Social media sites provide a great way to share information with friends, family and colleagues, but not all that information should be shared with anyone.

When installing social media apps, games, plugins, tools and surveys, review what permissions and access are being requested. When posting personal information, review the access settings and make sure that private material is set to private. For the most sensitive types of information, like credit card information and Social Security numbers, there is never a need to publicly post that or share pictures of that information. 

Data Point #4: Don't opt in to all things.

When signing up for services online on in-person, consumers are often asked to opt in to different mailing lists. Those lists collect user information, which can then be used, shared and resold in countless ways.

While there may be use cases where it make sense to opt in to a mailing list and share your information, remember the term is "opt-in"—it's up to you to decide if you want, or need, to share your information.

Data Point #5: Consider privacy mode browsers.

Websites often use different mechanisms including cookies and other forms of trackers to track user activity. What you do online, where you go and what you click on is a form data collection, and there are times when users want or need to keep that information private for different reasons. 

There are several ways to limit the risk of data exposure to online trackers. Among the easiest approaches is to simply use the privacy mode in a web browser. All the major web browsers have a privacy mode now, which at the very least doesn't track user history and doesn't store cookies beyond the browser session.

Data Point #6: Use a VPN, when appropriate.

Public WiFi access points are convenient, but they can also be a problem for user security. With an open public WiFi access point, data can be easily intercepted, putting privacy at risk. 

With the use of a VPN (virtual private network), users can tunnel and encrypt data, even when running over an open public WiFi network, which can help to minimize risk.

Data Point #7: If you don't need it, don't collect it.

Data privacy isn't just about end users; it’s also a topic organizations must concern themselves with, since it is companies that collect the data. In recent years, with the emergence of big data and advanced analytics, there has been a trend for organizations to collect as much information as they can, but that might not be the right approach. Collecting personal information also now brings increasing compliance challenges with rules like the GDPR and other privacy regulations around the world.

In a recent interview with eWEEK, Michelle Dennedy, chief privacy officer at Cisco, said that organizations should have a plan about data collection before collecting data haphazardly.

"I still advise people, if you don't need it, don't collect it," she said.

Data Point #8: Remain vigilant—data privacy isn't an end state, it's a continuous journey.

On the occasion of Data Privacy Day 2016, eWEEK wrote that data privacy isn't just about encryption and tracking; it's about individual users. Vigilance is key. The same holds true even more so in 2019.

Being aware of how data is collected, shared and used on an active basis is the basis of data privacy. In the final analysis, that's truly what Data Privacy Day is all about, isn't it? Raising awareness and reminding us all that data privacy is an active task that should be considered not just at one point in time, but always.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.