The 1st of January, the 25th of December, and the 28th of January- the three biggest dates in the calendar each year for being New Years Day, Christmas Day and of course, Data Privacy Day.

Today, you can even ask your Amazon Alexa “Alexa, how do you protect my privacy?”, and she’ll provide you with an answer.

First celebrated in 2007, Data Privacy Day aims to raise awareness and spend some time to focus on the practices we all must engage in to ensure that the private data we hold as organisations are protected and treated in a manner that is in line with the legislation that governs the use of such data. Now, whilst it's true that the only way we can truly ensure data is fully protected is if we act as if every day is Data Privacy Day, we thought it would be a good chance to provide some top tips from experts in the field for 2022 and beyond.

An article by TechRepublic, which can be found in its entirety here, provides some comments from various experts with tips of what is, in their opinion, some of the most important practices we should engage in to help protect the privacy of our data. Encryption is increasingly becoming a key tool in fighting cyberattacks, as well as multi-factor authentication. Similarly, ensuring data is transferred only between company-owned systems is important, to prevent the loss or theft of that data, whether that be accidental (through human error for example), or by more malicious means.

The first industry expert providing their insight is Rajesh Ganesan, who is the vice president of product management at ManageEngine. He recommended that organisations use on-premises applications that can facilitate the storage of sensitive data within geographical boundaries to allow more control. He also outlined the importance of implementing data protection in the design stages of all services and operations. Rajesh also provided an important quote which I’ll leave in its entirety, as I think it perfectly sums up the approach we should take to ensure data security is implemented by employees most effectively:

"Moreover, data protection should be present as a strong, invisible layer; it shouldn't hamper operations, nor should it require big changes or specialized training. It's best to educate employees on the do's and don'ts of data protection in a way that is contextually integrated into their work, as opposed to relying solely on periodic trainings. To do this, leaders should implement alerts in the system that pop up and inform users about any violations to data protection policies the users' actions are causing. Such alerts help employees learn contextually, and ultimately, this training results in fewer data management errors,"

Next up is Rob Price, a principal expert solution consultant at Snow Software, who outlines the importance of understanding your obligations when it comes to data retention. Once a data retention period has passed, you should ensure that you are removing any data you no longer need, not only because you no longer have a legal basis for holding that data, but also because it cuts down on costs and avoids any problems that may arise should a data breach occur. You can read more about data retention and destruction in our article here.

Cyber security is more important in 2022 than it has ever been before, with cyber attacks the highest they’ve ever been, in particular in the education sector, which has seen the highest increase in cyber attacks since 2020.  Bojan Cimic, CEO and CTC of MFA cybersecurity company HYPR similarly echoes the necessity for organisations to take cyber security seriously, and advises that in the event of a ransomware attack, affected devices should be disconnected from the network to prevent the malware from spreading and minimise the amount of data that has been impacted. He also highlights the requirement for organisations to work with their IT departments to investigate any cyber attacks, successful or unsuccessful, in order to remediate the attack.

The last industry expert whose comments we’ll look at is Lewis Carr, who is the senior director of product marketing at Actian. Lewis also speaks about cyber security, and discusses ransomware trends for the coming year. In response to the worrying increase in cyber attacks we saw in 2020 and 2021, whilst Carr only sees the number of attacks increasing further, he also predicts that organisations will take a more serious approach in combating the threat, and a data security first approach will become adopted by a greater number of organisations than in the past. He also envisages the implementation of higher levels of control when it comes to personal information and data sharing options. On this theme, he also sees that companies may have greater “visibility” into how our data is shared between organisations without our participation.

The article by TechRepublic goes over a total of 8 industry experts and their comments, so please do check out the full article if you’d like more insight into the tips and tricks for data protection in 2022. Whilst Data Privacy Day can be a great day to remind people about the importance of data protection and ensuring the personal data we are responsible for is as secure and safe as we can make it, the best way to ensure this is done is by making every day Data Privacy Day.