Once again, Data Privacy Day is coming up on January 28 and a weeklong commemoration is underway, known as Data Privacy Week.
Data Privacy Day began in the European Union, which, after a horrific first half or the 20th century, now recognizes privacy as a fundamental human right. Data Privacy Day commemorates the signing of the first of a series of data protection laws on January 29, 1981. These laws have now been replaced by the General Data Protection Regulation (GDPR) which is the model for many of the recently enacted state laws in the United States. In 2009, the United States House of Representatives officially recognized National Data Privacy Day. It took another five years for the U.S. Senate to get onboard, but that’s a story for another day. (Perhaps, election day.)
All week, employees of many companies will receive privacy awareness reminders addressing topics such as phishing, identity theft, public Wi-Fi, multi-factor authentication, online safety, social media, managing privacy settings, reporting incidents, and proper use of company accounts and devices, etc. (Those recently laid off in the tech world may instead be wondering who is going through all their personal emails and browsing history that should never have been on their work accounts or devices in the first place. Lesson learned!)
My email and LinkedIn feed are filled with reminders as well, in large part due to the use of my data and LinkedIn algorithms because I frequently engage on privacy-related topics.
But yet, when I meet new people, including attorneys, business owners, and social contacts, and tell them that I consult on privacy matters, they ask me what that means. So, allow me to briefly explain:
The International Association of Privacy Professionals broadly defines privacy as “the right to be let alone, or freedom from interference or intrusion.” Information or data privacy involves the right to control how your personal information is collected and used. Bodily privacy focuses on a person’s wellbeing and any invasion of the body. Under these general principals are wide-ranging, overlapping, and sometimes inconsistent laws and regulations promulgated on global, national, local, and industry-specific levels.
Clients engage me to help them wade through privacy and privacy-related issues when they are exploring new business relationships, to facilitate and grow ongoing engagements, build trust with their customers, and comply with applicable law as good corporate citizens. I may:
• Review the types of data my clients collect, disclose, and manage;
• Assess the current state of their compliance with legal and contractual requirements;
• Develop or revise policies and procedures to comply, and assist with operational implementation;
• Review and develop website privacy notices to meet legal requirements and visitor expectations;
• Negotiate contracts with customers, partner, and subcontractors;
• Train staff;
• Investigate and remediate privacy breaches; and
• Respond to day-day questions.
More questions? Please feel free to reach out (privately, of course.)