This post is part of our 2023 Data Privacy Week series. Data privacy is essential for maintaining trust in institutions that collect and use personal information. Without strong data privacy protections in place, individuals may not feel comfortable sharing their information, which can harm innovation and progress. Data Privacy Week raises awareness about the importance of data privacy and the protection of personal information. During this week, individuals, organizations, and governments come together to promote education and best practices for protecting personal data. We heard from data privacy experts from across the industry on how data privacy has evolved, what we're missing, and what could be on the horizon.
Eve Maler, CTO, ForgeRock
This Data Privacy Week, it’s critical to pay close attention to the increased use of artificial intelligence (AI) in the age of social media. Consumer-accessible AI is increasingly making its way into popular social media sharing applications. For instance, enhancing self portraits with AI to then share with followers on social media is the latest trend in photo editing applications. However, in doing so, consumers are handing over biometrically-significant data – a dozen or more photos of your face – to an unknown third party. The service’s privacy policy, security protections, AI model particularities, and trustworthiness gain new importance in light of the need to share so much data.
Biometrics have special requirements when it comes to keeping personal data safe and secure. Service providers need to make ethical management of biometric data a guiding principle. Pay special attention to meaningful user consent and to oversight of data management. Performing facial recognition also exposes the service to a wealth of derivable personal data, such as age, gender, ethnicity, and health. Decentralized device-based storage of biometric data is always safest.
Julian Zottl, Chief Technology Officer - Cyber Protection Solutions, Raytheon Intelligence & Space
There have been many breaches of consumer and personal information in recent years from hackers and ransomware cybercriminals attacking government, businesses and organizations looking for whatever data they can find to make money, protest, or prove themselves. What can the average person do?
Be a knowledgeable consumer. Know when you opt into things that you are trusting your information to that business or organization. Always ask if you would want that information made public.
Only provide the minimum information necessary.
Create long unique passwords for each account. At least 12 characters preferably 20. Use passphrases instead of passwords to make it easier to remember.
Use a password manager to create strong passwords and store them for you. Understand this can be breached as well.
Turn on multi-factor authentication. Use an authentication app, and not text messages which can be more vulnerable, on your phone.
Keep your phone, computer, tablets, browsers, etc. up to date with the latest software updates.
Be a savvy user and be mindful of phishing attempts in every form of communication you have.
Be wary of any devices that you bring in to your home and what information they might be sharing.
Alfredo Hickman, Head of Information Security, Obsidian Security
This year’s Data Privacy Week themes are about coming together on both an organizational and individual level to ethically leverage, store, and secure sensitive data. For organizations, this means acting transparently and in good faith when managing customer data, and respecting the vulnerable nature of the information if accessed by a malicious actor. It’s also important for companies to comply with regulatory oversight as most of the traction in improving data security, privacy, and ethics comes from regulation rather than market forces.
Individuals can do their part by providing the least amount of information required to engage with a business or service while taking the time to learn what is actually done with that information. Many don’t realize that their data is often shared with third-parties outside the direct control of the organization. In the future, I’m hopeful that states like California—who are adopting more stringent privacy regulations than others—will compel the federal government to follow their lead to avoid the growing Balkanized data privacy landscape we’re seeing in the US today. In the meantime, however, individuals must remain vigilant in understanding their data privacy rights and reading the fine print when choosing the organizations with which they are willing to share their story.
Mark Ailsworth, VP of Partnerships, Opaque Systems
This Data Privacy Week it is important to remember that privacy is more than just a set of rules AdTech must abide by -- It has become a critical part of AdTech's commitment to consumer safety, and is now woven into corporate mission statements, as it should be. But more must be done to regulate and mitigate data mishandling and malfeasance. Via the GDPR, Europe has maintained a strong approach to such regulatory needs, but the US market has a very long way to go. For example, just look at the massive fines that Meta faces for violating consumer control standards. T