DATA PRIVACY WEEK 2024

In celebration of Data Privacy Week 2024, we have put together an invaluable article to help individuals, businesses, and organizations take charge of their digital footprint and maintain safety while online.

Privacy Policies 

Most websites collect personal data through cookies, making a privacy policy non-negotiable. But fear not; understanding and navigating these policies doesn’t have to be a daunting task.

Privacy policies are like a digital handshake; they set the tone for your online interaction. Here’s how to decode them effectively:

Tips on how to read and understand privacy policies.

The purpose of a privacy policy is to comply with privacy regulation requirements, to inform users how you’ll handle their personal data, what rights they have and how to exercise them. 

It needs to provide up-to-date information about the tools or services you use to collect personal data. 

It should be specific, clear, and simple enough for users to understand so they can make an informed decision about whether to share their data and how to assert their user rights, if they want to.

Contents of privacy policies 

1. Start with the Summary: Many privacy policies include a summary or highlight section. Begin here to get a general idea of the policy’s main points.
2. Identify Data Collection Practices: Look for sections that explain what types of personal data the company collects. This can include information you provide directly or data collected automatically (like browsing history). 
3. Understand Data Usage: Find out how the collected data will be used. Does the company use it for improving services, advertising, or sharing with third parties? 
4. Check Data Sharing Policies: Pay attention to whether and how the company shares data with third parties. This is crucial for understanding who else can access your information.
5. Look for User Rights and Choices: Seek information on what rights you have regarding your data, such as accessing, updating, or deleting your data, and how to exercise these rights. 
6. Review Data Security Measures: Understand how the company protects your data. Look for mentions of encryption, data breach protocols, and other security practices. 
7. Notice Changes and Updates: Check how the company will notify you about changes to the privacy policy. Some policies might change without direct notification. 
8. Understand Data Retention: Find out how long your data will be kept. Good privacy policies clearly state the duration or criteria used to determine this period. 
9. Opt-Out Options: Look for options to opt-out of certain data collections or uses, especially in relation to advertising and marketing. 
10. Contact Information: Ensure there’s a way to contact the company for privacy concerns. A good privacy policy should provide contact details for privacy-related inquiries. 
11. Use External Resources: If you’re struggling, use online tools or browser extensions that summarize or rate the privacy policies for ease of understanding. 
12. Consult the FAQs: Sometimes, privacy policies have an accompanying FAQ section that can clarify complex points in simpler terms. 
13. Legal Jargon: Be aware of legal terms. If you don’t understand something, look it up or seek professional advice. 
14. Cross-Border Data Transfers: If applicable, check how the policy addresses international data transfers, as different countries have different privacy standards. 
15. Be Skeptical of Vague Language: Vague statements can be a red flag. Policies should be clear and specific about how they handle your data.
16. Be Skeptical of Vague Language

Personally Identifiable Information (PII)

Personally identifiable information (PII) is data that, either on its own or when combined with other relevant information, can identify a specific individual.

Personally Identifiable Information (PII) is the key to confirming an individual’s identity, making its protection paramount.

Why it’s crucial to protect them.

• Personally identifiable information (PII) uses data to confirm an individual’s identity.
• Sensitive personally identifiable information can include your full name, Social Security Number, driver’s license, financial information, and medical records.
• Non-sensitive personally identifiable information is easily accessible from public sources and can include your zip code, race, gender, and date of birth.
• Passports contain personally identifiable information.
• Social media sites may be considered non-sensitive personally identifiable information.

Tips on how to minimize the sharing of PII online.

• Lock your mailbox regularly
• Remove personal identification from junk mail and other documents 
• Avoid carrying more PII than you need—there’s no reason to keep more than one ID cards in your wallet.
• Use a different, complex password for each online account. 
• Always encrypt your important data, and use a password for each phone or device.
• Reformat your hard drive whenever you sell or donate a computer.

Controlling Access To Personal Data

Taking control of who accesses your personal data is crucial in the digital age. Here are some tips for navigating privacy settings on social media platforms:

Tips on adjusting privacy settings on social media platforms.

• Review Your Current Privacy Settings.
• Check Who Can See Your Posts. 
• Check What Others See on Your Profile. 
• Update Your Friend List.
• Restrict Access From Third-Party Apps. 
• Scrutinize Your Location-Sharing Settings. 
• Consider What’s in Your Profile and What You Share.
• Regularly review and update their access controls.

Data Control and Data Processing by Third Parties

Third-party involvement can pose risks to data privacy, and it’s crucial to manage and mitigate these potential threats.

Compliance—risks can arise from the failure of a third party to put security controls in place, resulting in data loss. This can lead to data privacy breaches, liability and compliance penalties for large enterprises.

How to identify and manage third-party access to personal data.

• Vetting Third-Party Vendors
• Vendor Risk Management (VRM) is the process of managing and monitoring security risks resulting from third-party vendors, IT suppliers, and cloud solutions.
• Establishing Risk Tolerance and Minimum Security Requirements
• Regular Auditing and Monitoring
• Data Encryption and Anonymization
• Staff Training

Tools and resources that help users control third-party data processing.

• Securing Your Data with a Vendor Risk Management Program
• Protect Your Data with UpGuard

Data Subject Rights

Do you know your rights as a data subject? 

As a data subject, knowing your rights is empowering. Familiarize yourself with these rights and how to exercise them:

• Right of access: Data subjects have the right to contact any organisation processing their personal information to request basic information.
• Right to erasure: This right entails that a data subject can ask an organisation to have data about them erased from their system.
• Right to rectification of data: The right to rectification means that a data subject can send a request to an organisation to have their data corrected or updated in situations where the information has changed.
• Right to restrict processing: This means that data subjects have the right to request that an organisation stop processing their data for a particular purpose.
• Right to object to processing: The NDPA provides data subjects with the right to object to the processing of personal data.
• Right to lodge a complaint: Where a data subject is dissatisfied with the decision, action, or inaction of a data controller or data processor, they have the right to lodge a complaint with the Data Protection Authority for remedial action
• Right to object to processing: By exercising this right, when it has been confirmed that the controller processes the personal data of a data subject, you can proceed to object to any further processing.

In conclusion, arming yourself with knowledge is the first step to maintaining control over your digital presence. As we celebrate Data Privacy Week 2024, let’s embark on a journey of digital empowerment, making informed decisions and ensuring our online safety. Stay informed, stay secure!