January 28th is Data Privacy Day!
Sometime way back in 1992:
“Marco! Clean this pigsty you call a room up!”
“Moooom! A little privacy please!!!”
A little privacy. Without even really understanding what it was, my teenage self needed and felt entitled to it. Looking back now, I guess I just wanted to be able to do my own thing without constant parental oversight, especially when I was on MY OWN TURF. Having the freedom to talk to my girlfriend (yes, she was real, I SWEAR!) without my mom hearing every word was all I wanted. Little did I know that 30 years later, the privacy I so flippantly asked for, would become a constant pain in the neck for individuals and companies alike.
So here we are, January 28th, 2023, and it’s “Data Privacy Day”. Did you know such a day existed? Believe it or not, this date started being celebrated back in 1981. It’s to commemorate the signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. From then on, privacy was on the map, and to this day, it remains at the forefront of many cybersecurity, legal and commercial conversations, just to name a few. I don’t want to go into the weeds here; you already know all about the GDPRs, HIPAAs and PIPEDAs of this world and their honorable mission of protecting our data from being stolen, leaked, sniffed and whatnot. And I would be remiss for omitting to mention our shiny new data privacy law for us here is Quebec that has more than one company scrambling for compliance! Nevertheless, Law 25 is a major leap forward in our fight for data privacy.
So, in honour of this prestigious day, let me take a few minutes of your time to share my five “go to” questions when dealing with and talking about data privacy. These are particularly useful when privacy-seeking customers ask the age-old question: “Where do I start?”. Here’s what I ask them:
- Do you know what data you want to collect?
- Do you know why you need to collect that data?
- Do you know where you will be storing the collected data?
- Do you have an idea of how you will be protecting that data?
- Do you know how long you’ll need to keep that data stored before disposing of it?
There are obviously many more question that need to be asked, but these serve as a base to quickly clarify and highlight the implications and responsibilities associated to collecting and protecting data. If you have questions of your own, my team and I can assist you in answering them and helping you reach your cybersecurity and data privacy objectives.
Feel free to contact me. In the meantime, wishing you all a wonderful Data Privacy Day (yes, it’s a real day, I SWEAR!!)
Marco Estrela, CISSP, PMP, is Virtual Guardian’s Senior Cybersecurity Advisor and the popular host of Virtual Guardian’s monthly cybersecurity podcast: “Behind the Shield”. To get to know Marco and his expertise, visit virtualguardian.com/event to listen to podcast episodes or subscribe to “Behind the Shield – A Virtual Guardian Podcast” wherever you find your favorite podcasts.
You might also like
Risk and Compliance Governance
For a long time considered as a purely technical domain, we have been observing, for a few years now, a paradigm shift in cybersecurity management.
Identify and prioritize cybersecurity investments
In order to produce the information security action plan, the initiatives should be carried out over a period of time based on various factors that are well known in project portfolio management, such as the company's strategic orientations, the availability of resources, etc.