Data Privacy Day slipped right past me yesterday. Gov. Chris Gregoire signed a proclamation declaring Jan. 28 as Data Privacy Day in Washington. A number of other important folks, including the U.S. House of Representatives, signed similar declarations and industry leaders through the country and abroad held seminars in conjunction with the campaign. As the name suggests, the goal is to educate people about data privacy.
The timing certainly is right. Last week week, payment processor Heartland Payment Systems reported what might be the biggest data-loss incident of all time. Monster.com also had a scary breach and is imposing a mandatory password change for users of its employment site.
A few paragraphs from a SC Magazine report:
The day puts a spotlight on the fact that both individuals and corporations can share in the responsibility to protect data being stored in an organization, Christopher Burgess, senior security adviser at Cisco, told SC Magazine on Wednesday. Companies have the obligation to show customers and employees what they are doing with personal data -- and the customers and employees have an obligation to ask, Burgess said.
It is an individual's responsibility to keep his home internet connection safe and web browsers up to date, and become educated about privacy issues, he said. Organizations, meanwhile, should be conducting security and awareness training that involves the whole business.
The Authentication and Online Trust Alliance, a membership group that promotes online security, released on Wednesday a Top 10 list of privacy principles and business practices. The suggestions include establishing procedures for data collection, transfer and retention, and committing to third-party or self-audits for compliance.
The Federal Trade Commission publishes a helpful guide for businesses, which we strongly endorse.
Washington consumers have the option to freeze their credit files to help prevent identity thieves from opening new accounts using their information.