With the looming Investigatory Powers Act and threats from across the pond that the US may not consider privacy all that important to those who aren't American, this year's Data Protection Day is as timely as ever.
Also known as Data Privacy Day, the awareness-raising effort commemorates the signing of Convention 108 the first international treaty dealing with data protection.
To celebrate, we heard from tech and security experts about what they'd like to see companies and indivduals do to improve data privacy in 2017.
Speak up
Not happy with government surveillance or the Investigatory Powers Act, recently signed into play by the government? Then it's time to speak up and take action.
Lee Munson, security researcher at Comparitech.com, said that "privacy for UK citizens is eroding very quickly," thanks to laws that require comms companies to hoover up personal data such as browsing history.
"If there are ways for the good' guys to access this information at will, you can bet the bad guys aren't far behind," he said. "People have the right to know what information is being stored on them and what steps are being used to secure that information."
To do so, he advises Brits to speak up against the law by writing to your local MP and signing a petition against it, and to take the time to find out what data is held on them. That can be done via a subject access request to your ISP or phone company, which means they'll have to provide all the data they hold on you.
"The hope is that, with enough people showing concern for their privacy, the government will have to consider it. It's not just about names on a list that can be easily ignored these requests will require action," said Munson.
Time for transparency
How can people feel confident about data privacy if they don't know how their data is being held? That question was raised by Emma Butler, data protection officer at Yoti.
"YouGov recently reported that 87% of people are worried, to some extent, about the security of their personal data online," she said. "It's clear that the issue is on the radar of more individuals than ever before."
"This year, I'm especially keen to see the technology industry encourage an environment where transparency and engagement with consumers come first," she added. "With the explosion of digital technologies, organisations are sweeping up vast quantities of data about consumers' activities, often without them being fully aware. Gaining consumers' trust and confidence in the use of their data will increasingly become a vital source of competitive advantage for companies".
Get encrypted
You can't keep customers' data private if your company isn't properly secured take that responsibility seriously, said Jason Hart, CTO for data protection at Gemalto.
"Consumers expect that their data will only be accessed by internally authorised individuals, and be completely secure from external threats," he said.
Because of that, companies should implement encryption as well as two-factor authentication, he advised. "By encrypting the data, and managing the encryption keys properly, the data is useless to the hacker, as well as any unauthorised personnel within the organisation," Hart added. "This means that, even if a breach takes place, consumer data remains private."
Update your devices
Anyone reading this site is surely aware of the necessity of updating their Windows machines and other computers, but don't forget your other connected gadgets particularly smart home and Interet of Things devices.
Robert Miller, head of operational technology at MWR InfoSecurity, cited a recent Ubuntu survey that found 31% of consumers with connected devices fail to update them in a timely fashion and 40% have never knowingly updated them. "As such, consumers are unintentionally leaving themselves exposed to attack, from Distributed Denial of Service (DDoS) attacks to invasions of personal privacy or theft of personal data," he argued, calling on manufacturers to do a better job keeping their users safe and building in privacy and security protections.
In terms of privacy, he said IoT or connected cameras were the biggest risk. "However, recently industrial control systems were shown to allow an attacker to remotely read and write memory, in essence creating a remote file share," he added. "If a similar attack could be designed for IoT, then a user's home could end up sharing files and data on behalf of an attacker."
Get ahead of the curve
The General Data Protection Regulation is looming don't wait for its May 2018 arrival to get your company ready, notes Robert Guice, senior vice president at Shred-it. "This Data Protection Day, we urge businesses to get ahead of the curve and prepare for the requirements stipulated by the incoming GDPR," he said. "These range from stricter rules around securing consent for the use of personal information to, in some cases, the introduction of a designated data protection officer within the workplace."
He added: "Ensuring your organisation is fully compliant with the forthcoming regulations protects your business and employees against the possibility of a damaging data breach, safeguarding against potentially damaging financial penalties that will be issued if a company is not in line with the law. Above all, acting now will reassure customers, partners and employees that you take their data protection seriously."
Investigatory Powers 'will cost UK £1 billion' General Data Protection Regulation (GDPR)
