Data Privacy Week

Uploaded on 2025-01-27 in NEWS-Cybersecurity News, FREE TO VIEW

First held in  as a day-long event in 2008. Now, more than 50 countries around the world host their own Data Privacy Day. 

The campaign’s importance has grown as the volume of data generated online about people and their activities has multiplied. The decision to expand to a week-long event reflects the perception that data privacy is a defining challenge in the digital age. 

Data Privacy Week is an annual event to spread awareness about online privacy among individuals and organisations and takes place this year from January 27th - 31st.

 “Data Privacy Week highlights an important issue: Organisations and individuals alike face increasing risks from data breaches, misuse and regulatory non-compliance... With so much data shared online, data privacy must be at the core of every interaction, and both businesses and consumers can take important steps to take control of their data,” says Sam Peters, the Chief Product Officer at ISMS.

Data Protection Day is a reminder that privacy isn’t just a policy -  it’s a business imperative.

In the AI-wave, data is increasingly fed into AI systems and models and the need to safeguard individual rights has never been more critical. AI-driven technologies offer immense opportunities but also introduce new risks around data usage, bias, and security. Regulations are evolving to keep pace, and customers and their end-users expect more transparency than ever before.

Accourding to Ellen Benaim, CISO at Templafy "The landscape is shifting. And the businesses that will thrive in this new era are the ones that treat security, compliance and privacy as a competitive advantage, not a burden. Customers trust brands that protect their data. Regulators favour businesses that prioritise security. Privacy isn’t just about avoiding fines. It’s about building trust, reducing risk, and future-proofing your organisation." 

The core challenge is that the speed of technology evolution is outpacing the development and implementation of data governance frameworks and security protocols.   

Ravi Bindra, CISO at SoftwareOne says " The threat landscape grows increasingly complex, equipping malicious actors with advanced tools to compromise confidential data. As threats grow in scale and severity, compliance with new regulations like the EU’s DORA and NIS2 is business critical, but this must be paired with continued investment into AI and more importantly how to use it responsibly

Users often compromise their own privacy by oversharing on social media or neglecting security basics like password hygiene. Taking back control of their data is imperative.  “We encourage consumers to review how and where their personal information is stored, shared and protected. Small changes, like managing permissions or deleting unused accounts, can make a big difference." according to Peters.

Advice For Individual Users

Here are some simple actions  that individual users can take to regain control of their data:

  • Know Your Rights: Understand your rights under regulations like GDPR or CCPA, including the right to access, correct or delete your data. Be proactive in exercising these rights with organisations that handle your information.
  • Take Action on Personal Data Security: Use strong, unique passwords and enable multi-factor authentication wherever possible. Regularly review privacy settings on social media and other platforms to control what's shared publicly.
  • Think Twice Before Sharing: Be mindful of the data you provide online. Is it necessary, and do you trust the organisation collecting it? Avoid oversharing personal details on public platforms.”

Data Privacy Week is an important reminder for businesses to evaluate their privacy practices and assess how they manage personal data.  

Data privacy policies are meaningless if they are not backed by robust systems that ensure accountability at every level. ISO 27701 outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy and provides a global standard for information management and offers an excellent starting point for embedding privacy controls and future-proofing compliance efforts. 

Advice For Organisations

  • Make Privacy a Business Priority: Privacy isn't just a legal requirement, it's a competitive advantage. Businesses prioritising privacy protection build trust, foster customer loyalty and differentiate themselves in the market. ISO 27701 provides a structured framework for privacy management, embedding it into everyday business processes.
  • Empower Your Workforce: Employees are often the first line of defence in protecting sensitive information. Regular training and awareness programs are essential to create a culture of privacy. Make it easy for employees to understand their responsibilities and report concerns.
  • Integrate Privacy with Security: Privacy and security go hand in hand. By adopting a unified approach, such as combining ISO 27001 (information security) with ISO 27701 (privacy), organisations can address risks holistically and ensure compliance with laws like GDPR and CCPA.
  • Leverage Effective Automation for Better Oversight: Manually managing privacy is no longer viable. A platform like ISMS.online can simplify data mapping, streamline risk assessments and ensure your processes are audit-ready, freeing resources to focus on growth and innovation.”

Dan Lattimer,  VP EMEA West at Semperis, advises that businesses must take steps to keep their own and their customers’ data safe. "As a default, they should always use strong encryption and strict rule-based access controls, particularly for highly sensitive data... “In addition, organisations should carry out regular audits to review what data they handle and store, how they manage the data and whether this meets GDPR requirements, as well as being secure". 

Don’t forget third-party suppliers and the vital need to make sure their security controls are robust.

With attackers increasingly using AI to take advantage of organisational weaknesses, such as loosely managed access management, proper oversight on who can access what, when and why, within organisational networks and supply chains, is vital for protecting confidential data from malicious actors. Steve Bradford, SVP EMEA at  SailPoint explains "As AI advances, protecting sensitive data is an increasingly complex task. Security risks associated with an explosion in machine identities... such as software bots and robotic process automation.... human identities...

"Combine this with rising numbers of non-employees, such as freelancers and contractors, and the scope for identity related infiltration widens."

Security should be a fundamental element, embedded from early-stage development to deployment. Key measures include encryption, application firewalls and authorisation controls, along with robust authentication mechanisms such as multi-factor authentication. 

Danny Allan, CTO at Snyk says “Advanced security tools that scan for vulnerabilities throughout the development lifecycle also have a role to play. By taking a proactive approach, we can strengthen application security and protect consumer data from ever-evolving threats.”

This challenge will only grow more complex as the volume, variety and velocity of identities continues to increase.

"Data Privacy Week should prompt organisations to take action and reinforce potential weak spots that could be seen as easy access points for cybercriminals.” SailPoint's Bradford concludes.

StaySafeOnline   |  CybeReady   |    ISMS  

Image: Ideogram

You Might Also Read: 

Safeguarding Enterprises & Individuals In The IoT Era:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« LinkedIn Accused Of Misusing Private Messages To Train AI Models
London Tube Uses AI For Passengers Safety »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

European Cybercrime Training and Education Group (ECTEG)

European Cybercrime Training and Education Group (ECTEG)

The primary aim of ECTEG is to enhance the coordination of cybercrime training, by identifying opportunities to build the capacity of countries to combat cybercrime

Luxar Tech

Luxar Tech

Luxar's network visibility products enable enterprises and service providers to monitor network traffic, improve security and optimize efficiency.

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

CyberSec.sk

CyberSec.sk

CyberSec.sk is the Slovak portal bringing the latest cyber security news, politics, tips and instructions on how to protect the internet.

CyberStream

CyberStream

CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.

Euro-Recycling

Euro-Recycling

Euro-Recycling is a leading UK provider of Secure On-Site Data Media Destruction Services.

Charities Security Forum (CSF)

Charities Security Forum (CSF)

The Charities Security Forum is the premier membership group for information security people working for charities and not-for-profits in the UK.

BullGuard

BullGuard

BullGuard is an award-winning cybersecurity company focused on providing the consumer and small business markets with the confidence to use the internet in absolute safety.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

Limes Security

Limes Security

Limes Security GmbH is the leading OT Security expert in the German-speaking region of Europe.

Seraphic Security

Seraphic Security

Seraphic Security provides attack protection to enable safe browsing for employees or contractors, as well as advanced governance controls to enforce enterprise policies across devices.

Epic Machines

Epic Machines

Epic Machines is a Value Added Reseller and Managed Security Services provider offering Security Transformation using Cloud-native solutions to commercial and government markets.

InnovateHer

InnovateHer

At InnovateHer, our vision is to make the tech sector more equitable, by increasing diversity across the spectrum and creating more inclusive workplaces.

Securitybricks

Securitybricks

Securitybricks specialize in cloud security and compliance. Our mission is to automate regulatory compliance backed by human validation.