Today, January 28th is celebrated as Data Privacy Day every year in certain countries. It is part of an international effort to create awareness around data privacy. The day was started by the Council of Europe in 2007 when it was known as the European Data Protection Day. It has since spread to the USA, India and Canada. While data privacy is now gaining a lot of attention internationally, we in Barbados have not yet been swept up in the wave. ISSA Barbados would like to be a part of changing that.
What is data privacy anyway? There are many definitions, but a useful one is, “The aspect of information technology (IT) that deals with the ability an organization or individual has to determine what data in a computer system can be shared with third parties.” In other words, data privacy deals with what happens with our private information when it is entered into a computer system, e.g. via social media, a government website, an online banking system, a computer at a medical practitioner’s office, a shopping website, or an educational institution. Data privacy is, therefore, all about protecting people.
Why is it important? In today’s world where everyone is connected to the internet, and where many things are computerized, unethical or greedy persons and organizations realize that there is a large amount of information available for them to exploit for their gain, or to take advantage of persons who they may not be very fond of. Not only criminal organizations do this, but some large technology companies, marketing companies, or even political parties engage in this practice. Some of these organizations may even have a legitimate right to use the data which they collect or obtain.
In recent times we have seen how several people had their personal data stolen from both Marriott Hotels and Air Canada, which likely resulted in identity theft and fraud. We also would have seen how Cambridge Analytica’s theft of millions of people’s data allowed them to manipulate voters in the last US presidential elections.
This month, millions of stolen passwords were made available for cybercriminals to attempt all manner of crimes on endless systems around the world. Also during this month, Google was fined 50 million Euros for failing to adhere to privacy laws.
Data (both stolen, sold, and legally obtained) is often misused for manipulation campaigns to get persons to purchase goods or services, support or oppose certain issues, or to trick them into giving out further information which would then be used to rob them, harass them, or to attack a person or organisation to which they are affiliated. It can also be used to profile persons for the purpose of victimization or oppression.
On this data privacy day, we encourage persons to appreciate that not only is their personal information important and valuable, but once they have it entered into a computer system, without the required laws and security protections, that information can be easily stolen, modified, sold, or misused. What you post on social media, enter when signing up for a service or website, supply to your financial institution, enter into an online survey, or enter as part of fulfilling a government requirement matters. The information belongs to you, and without regulatory and electronic controls, you may not only lose access and control over what is yours, but it can also be used to hurt you, or those closely connected to you.
Barbadians must continue to remind government that we need data protection legislation enacted as a matter of urgency so that we are given rights to our data, and so that organizations which store or process our data are required to put at least basic security controls in place to protect that data.
Data protection legislation is standard in the vast majority of countries in the world and is a key element for any country which is interested in protecting its citizens or which values doing business (including tourism) with the rest of the world. Without data protection legislation, organizations which deal with people’s data (which is almost all modern organizations) will have no legal requirement to spend the time and money to properly protect your data.
Barbadians must also be made aware of the value of data. We must not let outside countries or large technology companies (which realize the great wealth held in data) purchase it for the equivalent of glass trinkets (or worse, just take it). We also need to be aware that the Europeans and North Americans value their personal data and our local laws need to accommodate the recently enacted EU General Data Protection Regulation (GDPR) law which requires that countries everywhere (including Barbados) are required to protect the personal data of EU citizens. This law came into effect on the same day that we welcomed a new government administration – May 25 2018. There are also similar international privacy laws coming on stream which will likely impact our nation.
Being aware of the importance of our private data also means that Barbadians must be careful about what information they post on social media, in emails and on other messaging platforms. They also need to be careful of surveys and application forms requesting too much personal information. When you must enter information into a website, you should first read its privacy policy to see exactly what they are allowed to do with your data.
Children must also be warned about what type of information they reveal in online chats or on social media. We have even seen a free online training course structured in such a way that it encourages you to provide a large set of your personal data, including biometric data! We, as a country, need to develop a culture where we see our data as having a dollar value attached to it and we do not freely put it where strangers and people we don’t trust can easily access it.
ISSA Barbados encourages all Barbadians, including the private sector, government, and private citizens to realize that personal data is important and needs to be protected by technical methods, legislation, and basic practices. We all, therefore, need to do our part when it comes to data privacy.
About ISSA Barbados
ISSA Barbados is a chapter of the International Systems Security Association (ISSA), a non-profit association of information security professions and information security practitioners. ISSA is dedicated to the promotion of safe data practices. One of its goals is to serve as a respected and trusted source and advisor on information security related technology, education, standards, and legislation. ISSA Barbados participates in various educational events and initiatives to promote safe information security practices in this fair land.
