top of page
Search

Celebrating Data Privacy Day 2023

  • Writer: Melissa Thornton
    Melissa Thornton
  • Jan 28, 2023
  • 4 min read


Introduction


Despite efforts to manage data and protect it from breaches, security vulnerabilities remain widespread.


The average cost of a data breach increased to US$4.35 million in 2022, according to an IBM and Ponemon Institute study. The researchers arrived at this figure by taking several cost factors into account, including legal and regulatory activities; loss of brand equity; customer turnover; and drain on employee productivity.


The true cost of a breach or fine for non-compliance is likely to be much higher than financial losses, as any such incident has the potential to erode stakeholder trust and inflict irreparable damage on an organization’s reputation.


For many of us in the cybersecurity community, January 28th is a crucial day: Data Privacy Day. Originating as an awareness campaign for companies to remind their employees about privacy issues, this international effort now raises awareness among individuals and businesses alike.


Data privacy should be a priority for every business, and Data Privacy Day is a great chance to remind people about that.


What is Data Privacy Day?


Data Privacy Day is an international effort to raise awareness of data privacy issues and to promote data privacy best practices. The day was first celebrated in 2000, following the passage of the EU's Data Protection Directive (Directive 95/46/EC). Since then, it has been observed on January 28 each year--though not as a national holiday.

Data Privacy Day reminds companies to respect and protect the data of their customers, employees and users; it also serves as a good opportunity for individuals to learn about data privacy issues so they can make better decisions online.


In celebration of Privacy Day 2023 Here are some industry trends to follow in the year ahead:


More Privacy In Tech


As consumer concerns about online privacy increase, the market will see a growth in technology that prioritizes privacy. This includes secure messaging apps, browsers, VPNs, and encrypted email services. However, it's important to note that while these tools can enhance privacy, they are not a complete solution. Organizations must still be vigilant and take proactive measures to protect their data.


Greater Emphasis on Privacy By Design


A "Privacy by design" approach will become more prevalent: In the past, privacy was often considered an afterthought during the development of new products and services. However, companies are now recognizing that incorporating privacy into their products and services from the start not only aligns with ethical standards but can also be a valuable asset in the market. As a result, it is expected that in 2023, companies will adopt a "privacy by design" approach where user privacy is prioritized throughout the entire development process.


More Regulations


Governments worldwide are recognizing the need for national data protection regulations. Since the implementation of the General Data Protection Regulation (GDPR) across the EU in 2018, there has been a growing trend of similar legislation being introduced globally. This trend is expected to continue, with more countries implementing their own data privacy laws. The United States, for instance, is currently considering passing a federal data privacy law similar to the GDPR. Canada, Australia, Japan, and India are also in the process of introducing new data privacy regulations. As a result, companies will need to implement stricter data privacy policies and procedures to comply with these regulations and safeguard their customers' personal information.


Increased transparency


As awareness of the importance of protecting personal information grows, organizations are becoming more accountable for their data collection and usage practices. In 2023, organizations will be more transparent by giving individuals more control over their data, including the ability to access, correct, or delete personal information, and the ability to opt-out of certain data collection. This benefits both consumers and businesses by fostering trust and increasing transparency and accountability.


New Privacy state laws in 2023


Here is a list of state data privacy laws that went into effect on January 1, 2023 or are scheduled to take effect soon.


(1) Most of the provisions of the California Privacy Rights Act (CPRA) become effective on Jan. 1, 2023. CPRA amended the California Consumer Privacy Act (CCPA), which had already created a number of individual rights modeled after the GDPR. CPRA created a new state agency, similar to data protection agencies in the EU countries charged with enforcing the GDPR.


(2) The Colorado Privacy Act (CPA) becomes effective on July 1, 2023. In addition to creating rights patterned after the individual rights under GDPR, CPA requires data security and contract provisions for vendors and assessments for "high-risk" processing.


(3) The Connecticut Data Privacy Act (CDPA), like Colorado's new privacy law, goes into effect on July 1, 2023. CDPA likewise creates a suite of GDPR-like individual rights, and requires data minimization, security, and assessments for "high risk" processing.


(4) The Utah Consumer Privacy Act (UCPA) becomes effective on Dec. 31, 2023. It provides for certain GDPR-like individual rights, and also requires data security and contract provisions. But UCPA does not include expressly required risk assessments.


(5) The Virginia Consumer Data Privacy Act (VCDPA) becomes effective Jan. 1, 2023. It provides for certain GDPR-like individual rights. But in 2022, the "right-to-delete" was replaced with a right to opt out from certain processing.


Conclusion


Data Privacy Day is a reminder that we need to protect our data and remain vigilant when it comes to privacy. All of us should take this day as an opportunity learn more about the importance of protecting your personal information, as well as what steps are necessary for doing so.



About the Author: Melissa Thornton, CISSP

Melissa Thornton is a principal security consultant for Cybersecurity Advisory Group, where she specializes in providing SMBs and startup companies with cyber risk management advisory. As a former CEO with over 20 years of technology, business operations, and security experience, Melissa understands the unique challenges of running a business. As a trusted advisor, Melissa works with clients to develop clear strategies and implement best practices across the board. She's skilled at spotting risks—large or small—and ensuring they never become problems.


If your business is looking for a knowledgeable and collaborative cybersecurity partner, we would love the opportunity to work with you. Visit us online at: https://www.cyberadvisor.tech/


 
 
bottom of page