In an age where data is omnipresent, being privacy conscious has never been more important. Whether viewing the topic as a consumer or business, there’s no denying the need for greater awareness on the topic of data privacy going in to 2023.

So, where do we start?

Data privacy is founded on the “premise that personal identifiable information (PII) belongs to an individual and that they should be able to determine what, how, when and to whom their information is shared or communicated (Shoback, 2023)”. The Department of Homeland Security defines PII as “any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual.” They also go on to define a subcategory, Sensitive PII, which includes information such as Social Security Numbers, driver’s license numbers, financial and medical records, biometrics and more (Department of Homeland Security, 2021).

Businesses will be especially affected by data privacy this year with states such as California, Colorado, Connecticut, Utah and Virginia enacting new laws and regulations on the topic to focus on a rights-based philosophical framework modeled after the European Union’s General Data Protection Regulation (Bellamy, 2023). That’s not to say that data privacy hasn’t already been top of mind as far as long-term strategies and compliance spending are concerned. In fact, it was reported in 2022 that for the first time in five years, Financial Services was outranked by Manufacturing as the top target for cyber-attacks, suggesting that Financial Services has already made data protection a high priority (IBM, 2022). Some of these priorities include, but are not limited to:

• Creating processes to ensure that systems are always up to date on the latest software updates and patches.
  
• Improving employee training in the areas of physical security, email security and web security.
  
• Following established security best practices such as those found in NIST 800-53 and the CIS.

With upcoming regulations, companies can expect principals such as data efficiency, transparency, informed consent, employee training and more to come into play. Simply being compliant with the law is no longer enough; it will be expected that companies respect consumers data and privacy on an individual level. Failure to do so could result in long-term negative impacts including financial losses and brand reputation hits. Being aware of current and upcoming regulations, reviewing what data you’re collecting, why you need it and how it’s being stored, fostering a privacy conscious company culture and prioritizing data security can all help your company lead the way as the landscape evolves. 

Consumers may feel as though they have little to no control over the data or information that companies, or their governments collect – but is that true? Fortunately, there are actions consumers can take to identify and control their personal information. After all, knowledge is power.

• Keep track of your credit:
  • Visit AnnualCreditReport.com to sign up to get your free credit report. Through December 2023, everyone can get a free copy of their report each week from each of the three credit bureaus.
  • Review your report to ensure that the information is accurate, complete, and up to date.
  • Report any mistakes and check for signs of identity theft.
  • Work directly with the credit bureaus to set up credit alerts and freezes.
    
• Stay up to date on cybersecurity news and best practices. This includes having strong passwords, using different passwords for different sites and signing out of sites when you’re done. Check your security and account settings, utilize multi-factor authentication and private browsing. Finally, educate yourself on the latest security attacks and scams on sites such as the Microsoft Security Blog, Security Intelligence or Google’s Safety and Security Blog. 
  
• Read the fine print. It’s easy these days to skim through the terms and conditions or privacy policies of companies as you go about your day-to-day life. These policies often include key information on how the company plans to handle your PII, so make sure to take your time.

With the ever-changing economic and social landscape, it’s never been more important to be privacy conscious. Businesses and consumers alike can navigate data privacy by staying up to date on new laws, regulations and industry best practices.  What will you be doing to boost your data privacy in 2023?

Consumer Resources:

• Security blog series – Microsoft Security Blog
• Security Intelligence – Cybersecurity Analysis & Insight
• Safety & Security | Google Blog
• Scams | Consumer Advice (ftc.gov)
• Identity Theft | Consumer Advice (ftc.gov)

Cites and References:

Shoback, J. (2023, January 9). Data Privacy Vs. Data Security: Four Implications For Business Leaders. Forbes. https://www.forbes.com/sites/forbesbusinesscouncil/2023/01/09/data-privacy-vs-data-security-four-implications-for-business-leaders/?sh=38cd70576afa

Department of Homeland Security. (2021, December 8). What is Personally Identifiable Information? https://www.dhs.gov/privacy-training/what-personally-identifiable-information

Bellamy, F. D. (2023, January 12). U.S. data privacy laws to enter new era in 2023. Reuters. https://www.reuters.com/legal/legalindustry/us-data-privacy-laws-enter-new-era-2023-2023-01-12/

IBM. (2022). IBM Security X-Force Threat Intelligence Index. https://www.ibm.com/reports/threat-intelligence/