Understanding rights and responsibilities for data privacy is critical for businesses and consumers now more than ever. Privacy laws and regulations are being formed and changing. And more people are expressing concerns about privacy and data rights now than ever before. As organizations support remote working environments and cloud-based services and applications, they need to ensure that users understand their critical role in supporting privacy compliance. That’s why we created a new kit to help support businesses with this effort.
National Data Privacy Day 2021 promotes awareness of data privacy issues and challenges. Per the National Cyber Security Alliance (NCSA): “Millions of people are unaware of and uninformed about how their personal information is being used, collected or shared in our digital society. Data Privacy Day aims to inspire dialogue and empower individuals and companies to take action.”
Threat actors continually challenge data privacy; their malicious efforts to steal the personal information of an organization’s customers, partners and employees grew in 2020 and predictions for 2021 show no signs of slowing. User knowledge is key to transforming users from privacy liabilities to privacy defenders.
Proofpoint is providing free tools in our Data Privacy Day Awareness Kit to help organizations educate their users on privacy fundamentals and how to avoid malicious tactics that could lead to the unauthorized access of private and personal data.
Remind users of data protection basics
Data protection is the foundation for data privacy. Threat actors are continually refining their tactics to deceive users. This is a great time to remind your users of the routine practices that will help them avoid the malicious deceptions used by hackers. Ensure all your users understand the following:
- Email is the number one threat vector; users should carefully inspect any link before clicking on it. If the user is not sure if the link is safe, instruct them to use the suspicious email reporting button to have the security professionals check it out.
- Attachments can launch malicious code that may jeopardize the security/privacy of personal information; they should only open attachments from trusted co-workers.
- Only download software that is authorized by the organization.
- Never disclose personal or sensitive information via email.
- Always verify very urgent and or unusual internal requests for personal data of customers, partners or employees.
Familiarize users with data privacy fundamentals
Data privacy best practices go beyond data protection—they include considerations for collection of personal data, consent, data erasure and data sharing. All users should be familiar with these foundations to support data privacy:
- Collection of personal data is limited to data that is required to complete transactions and/or to support the customer’s use of the product or service
- To contact customers for promotional reasons, organizations must obtain explicit consent to send promotional or sales offers
- Customers have the right to know what data has been collected about them and how it is being used
- Customers have the right to have their data erased as long as the erasure does not conflict with other laws or regulations regarding retention
- Personal customer data should not be shared across the organization unless policy explicitly allows the sharing. For instance, developers may want copies of customer data to test new applications or new functions. Depending on their location, the policy may require that they only receive anonymized customer data for testing purposes.