Industry experts comment on Data Privacy Day

Author: Simon Rowley

With today (28 January) marking Data Privacy Day – an annual event seeking to raise awareness and promote privacy and data protection best practices – industry experts have marked the occasion by presenting a range of views on the latest trends and challenges that have arisen since last year’s occasion.

– Dr Ellison Anne Williams, Founder and CEO of Enveil, comments, “Data Privacy Day serves as a crucial reminder to safeguard sensitive information in an era where data dominates. As we navigate an increasingly interconnected world and transformative technologies such as AI grow their foothold in the digital economy, finding ways to protect data privacy and mitigate risk will be essential.

“Privacy Enhancing Technologies (PETs) enable, enhance, and preserve data privacy throughout its lifecycle, securing data usage and allowing users to capitalise on the power of AI without sacrificing privacy or security. Organisations that truly prioritise data will incorporate PETs as a foundational, business-enabling tool that will fortify data-driven capabilities and enable data to be leveraged securely across silos and boundaries.

“This year’s Data Privacy Day theme is ‘Take control of your data’, but that sentiment should not be limited to our personal data footprint. Businesses need to be proactive in their approach to data protection and commit to a future where PETs are woven into the very fabric of digital strategy. This will empower users to responsibly and securely harness innovative tools, such as AI and Machine Learning, in line with global regulations and compliance requirements.”

– Edwin Weijdema, Field CTO EMEA & Cybersecurity Lead at Veeam, adds, “This year, Data Privacy Day seems a little different. With significant cyber security regulations coming into force around the world, most notably NIS2 and DORA, it feels like a lot has changed since we marked this day just 12 months ago.

“And it has. We’ve seen corporate accountability given increasing weight when it comes to data resilience thanks to NIS2. It’s no longer a case of passing the buck – responsibility ultimately sits with the C-suite. Simultaneously, data resilience is shifting from a ‘cyber security requirement’ to a tangible business differentiator. At the moment, breaches and ransomware are still a ‘when’, not an ‘if’ – and I don’t see this changing. As C-suites become ever more aware, they’ll be demanding to see evidence of their organisation’s data resilience, from their internal teams and any third-party partners.

“Data Privacy Day is a good chance to reflect on how much can change in a year. After all, organisations can’t rely on markers like this to nudge them on the importance of data resilience – it needs to be a priority 365 days a year.”

– James Blake, VP Global Cyber Resiliency Strategy at Cohesity, comments, “On Data Privacy Day, it’s crucial to recognise that focusing solely on compliance will only lead to companies tying themselves in knots reacting to the swarm of active or planned regulatory requirements, as well as data legislation coming into force across multiple national and state jurisdictions. If we look at Germany alone as an example, there are 17 state laws on top of national and EU requirements. The most effective way to ensure data privacy compliance is by building robust and repeatable operational capabilities. This involves programmatically conducting comprehensive data audits to identify, categorise, and secure sensitive information.

Implementing robust encryption protocols, including migrating to encryption methods resilient to emerging quantum computing attacks, is essential. Additionally, consider working with technology companies who can offer immutable data that can provide an extra layer of security, ensuring data cannot be altered or deleted, thus protecting against ransomware attacks, data breaches and the unnecessary financial loss accrued because of downtime. Appointing security champions in each business unit to educate their peers on tailored data privacy processes based on data classification levels is an important step. By embedding these practices, compliance with varying regulatory requirements will naturally follow.”

– Adrianus Warmenhoven, a cyber security expert at NordVPN, comments: “As debates continue over whether data, oil, or land holds the greatest value, in cyber security, the answer is unequivocal: data. Personal data, unlike physical assets, can be copied, stolen, or sold without leaving visible traces, creating significant financial and reputational risks.

“Apps are a major culprit, often exposing sensitive information through excessive permissions, missed updates, or unauthorised data sharing. Keeping software current is not just a personal safeguard; it also helps protect your network of contacts from phishing attacks through outdated systems. The good news is that while it may seem like an uphill battle to get on top of your data privacy, it’s never been easier to manage how much you share.”

To protect people’s privacy on apps, Adrianus offers these preventive measures:

1. Always download apps from official stores – Unofficial apps may not check how safe it is before it is available to download, increasing the risk of modifications by criminals.
2. Familiarise yourself with the data permissions required by apps – Head to your settings and review and adjust these permissions as necessary, particularly sensitive ones like access to your camera, microphone, storage, location, and contact list.
3. Before downloading any app, read its privacy policy – Understand what information it will track and share with third parties. If the privacy level is unsatisfactory, consider an alternative. You can usually find this in the description on your mobile device’s app store.
4. Limit location access only when using the app – It is difficult to justify why some apps need to know your location at all times, so do not give it to them. Avoid using social media accounts to log in, because doing so can allow unnecessary data exchange.
5. Delete any apps you no longer use – This helps to prevent them from collecting data in the background.

For more on data privacy, click here.