Data Privacy Day in 2021

Data Privacy Day is an international effort that occurs annually on January 28^th to raise security awareness and promote data protection best practices. LogRhythm’s CSO, James Carder, sheds light on why this day is so influential:

“Data Privacy Day serves as an important reminder for organization leaders to acknowledge their shared responsibility for cybersecurity and effective data protection across the entire business.”

Movements like these spark conversations that spread cybersecurity awareness to the general public and organization leaders across the globe. It is also the circumstances like COVID-19 remote work cybersecurity concerns and recent high-profile nation-state attacks, that act as a catalyst for the desire, need, and demand for more actions to be taken in order to safeguard sensitive information.

Is There a Data Protection Act in the U.S.?

We can all agree on one thing…if our information is online, it is indeed vulnerable, but there are measures that individuals, companies, and the government can take to increase data protection efforts. You may find yourself wondering what data privacy laws exist or who is held accountable for protecting consumer data in the United States.

There is not currently an overarching and comprehensive federal data privacy law in the U.S. that compares to the European Union’s General Data Protection Regulation (GDPR); however, the U.S. does have vertically focused and sector-specific privacy laws that address regulations for industries such as healthcare, finance, telecommunications, and more (e.g., HIPAA, COPPA, GLBA).

Statutory laws also govern and address privacy issues for their residents. For example, revisions to the California Consumer Privacy Act (CCPA) give consumers more control over personal information that businesses collect about them. According to Office of the California Attorney General, this landmark law secures privacy rights to California consumers such as:

• The right to know about the personal information a business collects about them and how it is used and shared
• The right to delete personal information collected from them (with some exceptions)
• The right to opt-out of the sale of their personal information
• The right to non-discrimination for exercising their CCPA rights

After CCPA led the way in 2018, momentum for state-level privacy bills is at an all-time high as more states continue to invest in regulation on data privacy; however, there is still a ton of legislation to be passed. James Carder predicts we can expect to see more states step up to lead change in privacy policy in 2021 and eventually influence federal privacy laws.

Consumers Are Feeling Less Control Over Their Personal Data

From apps and social media to online shopping and every-day transactions, the average citizen provides sensitive information to a ton of companies to comply with the digital demand of our society and economy — and increasingly, are feeling less control over their personal data because of it.

Take for example the recent privacy policy updates from WhatsApp: Users are upset with the new terms and conditions which state that the company reserves the right to share consumer data such as phone numbers, IP addresses, and payments made through the app with Facebook and other Facebook-owned platforms. Those who do not agree to the terms, will be locked out of WhatsApp on Feb. 8, 2021, leaving users with essentially no choice other than accepting the terms or seeking an alternative service.

It begs the question whether or not the average consumer truly understands the implications when they press the accept button to comply with policy updates from any company. Consumers need to develop a better understanding of how companies are using their data and how they access that information. With more and more companies experiencing breaches and increased sharing of our personal information, team members from LogRhythm Labs conducted interesting research to learn if the average citizen can gain access to their personal information that organizations keep records of. Do you have rights to your data? Here are the research results to help you answer that question.

Data Privacy Tips for Individuals

Are you one of those people who are feeling a lack of control with their privacy online? Well, there is no better time than Data Privacy Day to take action and make habitual changes to improve protecting your personal data moving forward. Here is a list of privacy and data security tips for a more secure digital life:

1. Use security software such as ani-virus software and a firewall: In order to truly protect yourself from potential threats, viruses, and other malware on your computer, it’s important take extra measures by installing security software. Antivirus software can help you keep up to date with the latest “bugs” on the internet and protect your devices from damaging viruses that allow hackers to do things such as spamming your email account. Firewall is a computer hardware or software that also helps to block hackers from accessing your computer by filtering unauthorized traffic to access private data in your network.
2. Keep your software up to date: Sometimes software updates can feel like a giant pain for users, but it is a necessary step to take when recommended by your device’s manufacturer or operating system provider. Updates may contain security patches that protect your computer after a vulnerability was discovered.
3. Create strong passwords: We hear this direction all too often, but not enough people take it seriously, putting their sign-in credentials at risk. Make sure you are creating passwords that contain uppercase and lower-case letters, numbers, and special characters. Never use similar information that could be found on any public profiles or social media accounts such as birthdates or your favorite sports team. Create long passwords and change them on a regular basis. Also, do not use the same password for every account. If hackers are able to get into one account such as your email, then they can discover other sensitive accounts that you use (such as hacking your bank information) and target those next.
4. Avoid phishing scams: Average-working citizens are being targeted every day by phishing attacks which is a type of social engineering It’s important to be very aware and conscious of your email because falling for a link scam can lead to a hacker downloading malware on your computer or hacking your personal information (e.g., names, addresses, SSN). Avoid clicking on an email that seems suspicious, provides a sense of fear and urgency to manipulate a response, or comes from an unknown sender. Hackers are getting more sophisticated with their tactics and it requires you to be attentive and alert. Even if you believe an email is coming from a known sender, be cautious and make sure to check their email address and hover over images and links to confirm because cybercriminals can change a minor detail in the email or a URL to manipulate targets into thinking they are credible.
5. Enable multi-factor or two-step authentication: Be sure to add an extra layer of security in case your password is stolen. Although a multi-step verification process may seem tedious in the moment, it can save you from a lot of headache in the long run. Taking an extra step to login each time is worth it over being hacked.
6. Don’t use public Wi-Fi without a VPN: A public Wi-Fi network can make you an easier target for hackers and put your information at risk because it is an open connection and is often unsecured leaving you vulnerable if they are able to exploit a security flaw in the network to intercept data. It’s best to use a virtual private network to secure your connection by encrypting your data. Also, avoid logging into password-protected websites on public Wi-Fi. If not, hackers can observe things like your browsing activities, logins, and transactions which open the window to breach more sensitive information.
7. Limit your public information online: A major step to achieving data privacy is living a more private life online and avoid posting sensitive information that hackers can take advantage of. Limit the amount of information you put out there on social media sites because cybercriminals will take advantage of social media profiling by gathering clues about your connections, interests, and more which can make you an easier target.
8. Always review privacy policy on third-party applications: It’s critical to understand what rights you are giving away when you accept the terms and conditions of a company’s privacy policy. Policy can often be lengthy and filled with terminology that overwhelms users to the point where they simply blindly accept the terms for convenience sake. This leads to users having a lack of understanding about who can access their data and how they are using it. Foster better habits by truly understanding what you are signing yourself up for. Do your research and see what other people are saying about a policy to help guide you if you are not sure what something means. Always remember that once you accept the conditions, it’s harder to go back and reverse the information and data that is out there.

Spread Data Privacy Awareness

From executives to the average individual, all of us at LogRhythm celebrate Data Privacy Day in order to foster awareness and promote education on how to live a more secure digital life. What steps are you taking in your personal and professional life to get involved with the data privacy movement? Join the cause by commenting your thoughts, ideas, or tips below!