January 28th is celebrated as Data Privacy Day every year in certain countries. It is part of an international effort to create awareness around data privacy. The day was started by the Council of Europe back in 2007, when it was known as the European Data Protection Day. It has since spread to the USA, India and Canada. While data privacy is gaining a lot of attention internationally at the moment, we here in Barbados have not yet been swept up in the wave. ISSA Barbados would like to be a part of changing that.
What is data privacy anyway? There are many definitions, but a useful one is “the aspect of information technology (IT) that deals with the ability an organization or individual has to determine what data in a computer system can be shared with third parties.” In other words, data privacy deals with what happens with our private information when it is entered into a computer system, e.g. via social media, a government website, an online banking system, a computer at a medical practitioner’s office, a shopping website, or an educational institution. Data privacy is therefore all about protecting people.
Why is it important? In today’s world where everyone is connected to the internet, and where many things are computerized, unethical or greedy persons and organisations realise that there is a large amount of information available for them to exploit for their gain, or to disadvantage persons who they may not be very fond of. Not only criminal organisations do this, but some large technology companies, marketing companies, or even political parties. Some of these organisations may even have a legitimate right to use the data which they collect or obtain.
In recent times we have seen how several people had the personal data stolen from both Marriott Hotels and Air Canada, which likely resulted in identity theft and fraud. We also would have seen how stealing millions of people’s data by Cambridge Analytica allowed them to manipulate voters in the last US presidential elections. This month millions of stolen passwords were made available for cyber criminals to attempt all manner of crimes on endless systems around the world. Also during this month Google was fined 50 million Euros for failing to adhere to privacy laws. Data (both stolen, sold, and legally obtained) is often misused for manipulation campaigns to get persons to purchase goods or services, support or oppose certain issues, or to trick them into giving out further information which would then be used to rob them, harass them, or attack a person or organisation to which they are affiliated. It can also be used to profile persons for the purpose of victimization or oppression.
On this data privacy day, we would like to encourage persons to appreciate that not only is their personal information important and valuable, but once they have it entered onto a computer system, without the required laws and security protections, that information can be easily stolen, modified, sold, or misused. What you post on social media, enter when signing up for a service or website, supply to your financial institution, enter into an online survey, or enter as part of fulfilling a government requirement matters. The information belongs to you, and without regulatory and electronic controls, you may not only lose access and control over what it yours, but it can also be used to hurt you, or those closely connected to you.
Barbadians must continue to remind government that we need data protection legislation enacted as a matter of urgency so that we are given rights to our data, and so that organisations which store or process our data are required to put at least a basic security controls in place to protect that data. Data protection legislation is standard in the vast majority of countries in the world, and is a key element for any country which is interested in protecting its citizens, or which values doing business (including tourism) with the rest of the world. Without data protection legislation, organisations which deal with people’s data (which is almost all modern organisations) will have no legal requirement to spend the time and money to properly protect your data.
Barbadians must also be made aware of the value of data. We must not let outside countries or large technology companies (which realise the great wealth held in data) to purchase it for the equivalent of glass trinkets (or worse, just take it). We also need to be aware that the Europeans and North Americans value their personal data, and our local laws need to accommodate the recently enacted EU General Data Protection Regulation (GDPR) law which requires that countries everywhere (including Barbados) are required to protect the personal data of EU citizens. This law came into effect on the same day that we welcomed a new government administration – May 25th 2018. There are also similar international privacy laws coming on stream which will likely impact our nation.
ISSA Barbados would like to encourage all Barbadians, including the private sector, government, and private citizens to realise that personal data is important and needs to be protected by technical methods, legislation, and basic practices. We therefore need as Barbadians to each do our part when it comes to data privacy.
About ISSA Barbados
ISSA Barbados is a chapter of the International Systems Security Association (ISSA), a non-profit association of information security professions and information security practitioners. ISSA is dedicated to the promotion of safe data practices. One of its goals is to serve as a respected and trusted source and advisor on information security related technology, education, standards, and legislation. ISSA Barbados participates in various educational events and initiatives to promote safe information security practices in this fair land.