Data Privacy Week

Uploaded on 2025-01-27 in NEWS-Cybersecurity News, FREE TO VIEW

First held in  as a day-long event in 2008. Now, more than 50 countries around the world host their own Data Privacy Day. 

The campaign’s importance has grown as the volume of data generated online about people and their activities has multiplied. The decision to expand to a week-long event reflects the perception that data privacy is a defining challenge in the digital age. 

Data Privacy Week is an annual event to spread awareness about online privacy among individuals and organisations and takes place this year from January 27th - 31st.

 “Data Privacy Week highlights an important issue: Organisations and individuals alike face increasing risks from data breaches, misuse and regulatory non-compliance... With so much data shared online, data privacy must be at the core of every interaction, and both businesses and consumers can take important steps to take control of their data,” says Sam Peters, the Chief Product Officer at ISMS.

Data Protection Day is a reminder that privacy isn’t just a policy -  it’s a business imperative.

In the AI-wave, data is increasingly fed into AI systems and models and the need to safeguard individual rights has never been more critical. AI-driven technologies offer immense opportunities but also introduce new risks around data usage, bias, and security. Regulations are evolving to keep pace, and customers and their end-users expect more transparency than ever before.

Accourding to Ellen Benaim, CISO at Templafy "The landscape is shifting. And the businesses that will thrive in this new era are the ones that treat security, compliance and privacy as a competitive advantage, not a burden. Customers trust brands that protect their data. Regulators favour businesses that prioritise security. Privacy isn’t just about avoiding fines. It’s about building trust, reducing risk, and future-proofing your organisation." 

The core challenge is that the speed of technology evolution is outpacing the development and implementation of data governance frameworks and security protocols.   

Ravi Bindra, CISO at SoftwareOne says " The threat landscape grows increasingly complex, equipping malicious actors with advanced tools to compromise confidential data. As threats grow in scale and severity, compliance with new regulations like the EU’s DORA and NIS2 is business critical, but this must be paired with continued investment into AI and more importantly how to use it responsibly

Users often compromise their own privacy by oversharing on social media or neglecting security basics like password hygiene. Taking back control of their data is imperative.  “We encourage consumers to review how and where their personal information is stored, shared and protected. Small changes, like managing permissions or deleting unused accounts, can make a big difference." according to Peters.

Advice For Individual Users

Here are some simple actions  that individual users can take to regain control of their data:

  • Know Your Rights: Understand your rights under regulations like GDPR or CCPA, including the right to access, correct or delete your data. Be proactive in exercising these rights with organisations that handle your information.
  • Take Action on Personal Data Security: Use strong, unique passwords and enable multi-factor authentication wherever possible. Regularly review privacy settings on social media and other platforms to control what's shared publicly.
  • Think Twice Before Sharing: Be mindful of the data you provide online. Is it necessary, and do you trust the organisation collecting it? Avoid oversharing personal details on public platforms.”

Data Privacy Week is an important reminder for businesses to evaluate their privacy practices and assess how they manage personal data.  

Data privacy policies are meaningless if they are not backed by robust systems that ensure accountability at every level. ISO 27701 outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy and provides a global standard for information management and offers an excellent starting point for embedding privacy controls and future-proofing compliance efforts. 

Advice For Organisations

  • Make Privacy a Business Priority: Privacy isn't just a legal requirement, it's a competitive advantage. Businesses prioritising privacy protection build trust, foster customer loyalty and differentiate themselves in the market. ISO 27701 provides a structured framework for privacy management, embedding it into everyday business processes.
  • Empower Your Workforce: Employees are often the first line of defence in protecting sensitive information. Regular training and awareness programs are essential to create a culture of privacy. Make it easy for employees to understand their responsibilities and report concerns.
  • Integrate Privacy with Security: Privacy and security go hand in hand. By adopting a unified approach, such as combining ISO 27001 (information security) with ISO 27701 (privacy), organisations can address risks holistically and ensure compliance with laws like GDPR and CCPA.
  • Leverage Effective Automation for Better Oversight: Manually managing privacy is no longer viable. A platform like ISMS.online can simplify data mapping, streamline risk assessments and ensure your processes are audit-ready, freeing resources to focus on growth and innovation.”

Dan Lattimer,  VP EMEA West at Semperis, advises that businesses must take steps to keep their own and their customers’ data safe. "As a default, they should always use strong encryption and strict rule-based access controls, particularly for highly sensitive data... “In addition, organisations should carry out regular audits to review what data they handle and store, how they manage the data and whether this meets GDPR requirements, as well as being secure". 

Don’t forget third-party suppliers and the vital need to make sure their security controls are robust.

With attackers increasingly using AI to take advantage of organisational weaknesses, such as loosely managed access management, proper oversight on who can access what, when and why, within organisational networks and supply chains, is vital for protecting confidential data from malicious actors. Steve Bradford, SVP EMEA at  SailPoint explains "As AI advances, protecting sensitive data is an increasingly complex task. Security risks associated with an explosion in machine identities... such as software bots and robotic process automation.... human identities...

"Combine this with rising numbers of non-employees, such as freelancers and contractors, and the scope for identity related infiltration widens."

Security should be a fundamental element, embedded from early-stage development to deployment. Key measures include encryption, application firewalls and authorisation controls, along with robust authentication mechanisms such as multi-factor authentication. 

Danny Allan, CTO at Snyk says “Advanced security tools that scan for vulnerabilities throughout the development lifecycle also have a role to play. By taking a proactive approach, we can strengthen application security and protect consumer data from ever-evolving threats.”

This challenge will only grow more complex as the volume, variety and velocity of identities continues to increase.

"Data Privacy Week should prompt organisations to take action and reinforce potential weak spots that could be seen as easy access points for cybercriminals.” SailPoint's Bradford concludes.

StaySafeOnline   |  CybeReady   |    ISMS  

Image: Ideogram

You Might Also Read: 

Safeguarding Enterprises & Individuals In The IoT Era:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« LinkedIn Accused Of Misusing Private Messages To Train AI Models
London Tube Uses AI For Passengers Safety »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cleafy

Cleafy

Cleafy are a team of fraud hunters, cybersecurity experts, data scientists, and software engineers. Our purpose is to make people’s life easier and free from the threats in the digital ecosystem.

Conscia

Conscia

Conscia provides IT infrastructure solutions and 24/7 services in network, data center, security and mobility.

herdProtect

herdProtect

herdProtect is a second line of defense malware scanning platform powered by 68 anti-malware engines in the cloud.

H3C Group

H3C Group

H3C provides a full range of Computer, Storage, Networking and Security solutions.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions creates enterprise mobility and file sharing solutions for companies, teams and freelancers.

Radically Open Security

Radically Open Security

Radically Open Security is the world's first not-for-profit computer security consultancy company.

International Accreditation Forum (IAF)

International Accreditation Forum (IAF)

The IAF is the world association of Conformity Assessment Accreditation Bodies. Its primary function is to develop a single worldwide programme of conformity assessment.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

Hacken

Hacken

Hacken provide a range of cybersecurity services including security assessments, blockchain security audits, and secure software development.

Cloud GRC

Cloud GRC

Cloud GRC is an innovative cybersecurity company with solutions and expertise in Cybersecurity Strategies & Frameworks, Threat & Risk Assessment, Cloud Security, and Regulatory Compliance Requirements

Foretrace

Foretrace

Foretrace aims to prevent, assess, and contain the exposure of customer accounts, domains, and systems to malicious actors.

CWSI

CWSI

CWSI provide a full suite of enterprise mobility, security and productivity solutions to many of Ireland and the UK’s most respected organisations across a wide range of industry and public sectors.

Swiss Cyber Institute (SCI)

Swiss Cyber Institute (SCI)

The Swiss Cyber Institute is a registered cyber security education provider by the State Secretariat for Education, Research, and Innovation SERI.

NexusTek

NexusTek

NexusTek is a managed IT services provider with a comprehensive portfolio comprised of end-user services, cloud, infrastructure, cyber security, and IT consulting.

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.

Neo Auth

Neo Auth

Neo Auth is an identity and access management solution to help organizations optimize their cybersecurity processes.