Feb 11, 2023

Data Privacy Day: A day perhaps to also spread awareness on how everyone can contribute to data protection

During the early part of every new year, most information security practitioners across the globe look forward to celebrating a significant event — the Data Privacy Day! However, in my view, it is also a day that every ordinary person should consider celebrating as well. 

Let me explain the rationale behind my opinion by quoting author Newton Lee, “As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.” In other words, every person on this planet is responsible, one way or the other, for ensuring the security of cyberspace. 

With Data Privacy being one of the critical aspects of cybersecurity that impacts each of us directly, it is surprising that many of us may still be unaware of the importance of Data Privacy Day. This article is primarily an endeavour to shed some light, create awareness on the same, and to perhaps even help readers reflect on how each of us could contribute to data protection. 

Why should an ordinary person be aware of Data Privacy Day?

Data Privacy Day (also known in Europe as Data Protection Day) is an event that occurs on January 28, every year. First held in the year 2007 as the European Data Protection Day, it was soon recognized by the US House of Representatives, which declared January 28 as the National Data Privacy Day. Since then, Data Privacy Day has turned into an international event that is used to raise awareness around data privacy issues and data protection best practices. In India, the Data Security Council of India, a premier industry body set up by National Association of Software and Service Companies (NASSCOM) to promote cyber security and privacy, is one of the participating organizations that celebrate Data Privacy Day, every year.

Why is this day relevant for each one of us? The answer to the question lies in observing the evolution of the Internet, a phenomenon that has engulfed each of us into its fold. Today, many people use the Internet in different ways and means to serve different purposes. And yet, the Internet only had a very humble beginning. During the initial phase of the Internet, it was seen as the data communication network helpful in exchanging content or information amongst the privileged few. 

The first generation of the World Wide Web (or the WWW) emphasized and enabled this aspect of the Internet, making it the Internet of Content. From then until now, the Internet has continued to evolve and has seen many generations of changes. With the introduction of e-commerce/e-productivity applications and innovative IT platforms, the Internet soon became a critical way to offer and consume e-services. This was quickly followed by the introduction of social media platforms, which revolutionized the Internet, primarily with the ever-growing adoption of smartphones. The social media boom completely changed who connected to the Internet and from where. 

The Internet is no longer the medium only for tech-savvy folks with computers. Every commoner with a smartphone and a social media profile started to use the Internet to connect over cyberspace. But the Internet story did not end there. Today, the Internet connects billions of smart devices globally, making it the Internet of Things (or IoT, as some people know it!). Smart connected cars, smart televisions, and intelligent machines connect to the Internet to communicate and enable innovative applications. The list of such smart applications is endless and growing.

Why is Internet evolution journey highly relevant in the context of data privacy?

Well, as more and more of humanity uses the Internet to connect, we can see ourselves living in two worlds — the physical world and the cyber world. Today, we connect to cyberspace using more devices than one – the computer, the smartphone, and intelligent devices like televisions, cars, etc. While this evolution has enabled many innovative applications that have simplified our lives, the one casualty in this evolution has been data privacy. Our personal information is no longer private. It is available and shared via social media platforms. It is also exchanged via intelligent devices to cloud servers. 

For example, connected cars track and record our travel information on cloud servers. Our fitness bands collect our health information and store those on cloud servers. Even a simple, smart device like the television can record our viewing preferences and share them with backend cloud servers, which use it for building recommendation systems. It seems like our book of life has suddenly been opened up for others to read and perhaps, even manipulate.

So, should we disconnect ourselves and our devices from cyberspace?

An obvious question is: “Should we discontinue using technology to simplify our lives?” 

The answer is a definite “No.” We wish to go forward and not backward. We want to continue to utilize the fruits of technological advancements and simplify our lives. 

But, should we be concerned and take some constructive measures? 

The answer is a definite “Yes.” And the focus must be on creating “Awareness.” We must know what constitutes private data, how best to protect it from falling into the wrong hands, and the issues and challenges in implementing data privacy measures. Especially, as Newton Lee hinted, each of us has a role to play in protecting our data and ensuring data privacy.

What steps can an ordinary person take towards data protection? 

As we celebrate Data Privacy Day, we do realize that a lot still needs to be done. The level of awareness towards information security and data privacy is still limited and patchy. So, the first step towards data protection for any ordinary person is about knowing how the data could be used or misused. Most of the responsible service providers on the Internet do seek consent before using personal or private data. However, quite often, many of us ignore going through the fine print. We consent to the terms and conditions describing the use of personal data, without even reading through them. This is a mistake. 

It is essential to be aware of how your collected personal information will be used and whether or not you are comfortable with such use of your data. For example, personal information collected by service providers can be used for providing targeted ads, for analysis by social scientists and research firms, or to help in connecting one to like-minded friends and professionals. Further, the collected information may be of different types. It could include your biographic and demographic information, your service history, and others. As individuals, we must only agree to share information, which we are comfortable about sharing for a purpose that we find essential. Also, it is crucial to understand and identify sensitive data, which must never be shared at any cost. Sharing sensitive personal data could potentially lead to even cyber-crimes, such as identity thefts, financial fraud, and other severe losses.

Many other steps can be taken towards data protection, especially by more tech-savvy folks. For instance, various further steps, such as securing account access via advanced authentication techniques, securing communication channels, and securing storage can also be undertaken. After all, data has its lifecycle; therefore, it can be stolen from anywhere in this cycle. Accordingly, data protection involves multiple aspects, including protecting data at rest, in transit, and in use.

How can ICT professionals contribute to Data Privacy?

In an endeavour to improve information security and data privacy even further, ICT professionals need to gain and/or constantly update their knowledge, especially on how various preventive data protections measures can be taken up. There exists significant gaps between the desired skills and the skills possessed by some of the ICT professionals. In other words, there are palpable gaps in skills imparted to them by academia and what is expected by the industry. 

So, what should be done to overcome such gaps? As an educator, I regularly emphasize two key things that we must do. At first, we need to design different platforms to enable industry and academia to connect. The two should always be encouraged to work in collaboration. Academic curriculums must be overhauled to align with the latest trends and technologies. Practice-driven experiential learning must be the focus of teaching in academia, with a curriculum that includes industry-driven and technology-driven courses. 

Secondly, ICT professionals must also develop a sense of continuous learning. While on-the-job learning is one of the best ways to learn, ICT professionals must also enroll in impactful certificate or higher degree programmes, especially those focusing on key futuristic areas like Security, Cloud Computing, AI/ML, etc. Many recognized and well-known institutions in the academic sector today offer such programmes for working professionals. The only caveat is that the focus must be more on experiential learning. Thus, the ICT professionals must differentiate between regular run-of-the-mill programmes from the ones that provide more immersive experiential learning, and consider enrolling for the latter.