The National Cybersecurity Alliance (NCA) announced its program for this year’s Data Privacy Week 2022, which began Monday.
Expanding into a week-long initiative for the first time, NCA highlighted Data Privacy Week will help spread awareness about digital privacy — including educating citizens on how to manage their personal information and keep it secure — and encouraging businesses to respect data and be more transparent about how they collect and use customer data.
“With so much noise surrounding cybersecurity, people and businesses are often left with the dangerous misperception that there is nothing they can do on their own to manage their digital privacy or that it is an ‘all-or-nothing proposition,’ but the reality is quite different,” said Lisa Plaggemier, interim executive director of the National Cybersecurity Alliance.
“With just a little bit of clear guidance and tips, individuals and businesses can take back control of their digital lives, identify the most trustworthy partners and strike the perfect balance between privacy and convenience,” Plaggemier continued in a news release. “That’s why we have expanded Data Privacy Day into a full week-long initiative so that we can provide a huge slate of content and events that individuals and businesses can tap into so that they can take back control of their digital lives.”
This year’s Data Privacy Week content and events are centered around two key themes:
• Theme No. 1: Keep it private: A guidebook for consumers — everything you do online generates data
NCA acknowledged there’s data about your activities, behaviors, and interests. The organization said there’s your personal data, like your Social Security and driver’s license numbers. And there’s data about the physical you, like health data.
“It’s easy to feel a lack of control over the information collected about you,” the alliance said. “However, there are steps you can take to learn about the types of data you’re generating online, and how it’s collected, shared and used. And with that, this year’s Data Privacy Week will provide in-depth guides, tips and insights that can help individuals better navigate the digital world and encourage others to do the same.”
• Theme No. 2: Respect privacy: Tips for Businesses
According to the Pew Research Center, 79% of U.S. adults report being concerned about the way their data is being used by companies.
“Respecting consumers’ privacy is a smart strategy for inspiring trust and enhancing reputation and growth in your business,” NCA said.
To help promote this position, the National Cybersecurity Alliance and its partners will be diving into the best ways for businesses to build a culture that prioritizes digital privacy throughout the week.
In addition to a host of educational materials, key events scheduled for Data Privacy Week include:
• CyberSecure My Business Webinar: Respecting Privacy and Managing Data. On Tuesday, experts will discuss the importance of responsibly managing the personal information you collect and establishing data privacy and security practices in your organization. Register here.
• The Data Privacy Balancing Act. On Wednesday, the National Cybersecurity Alliance and LinkedIn will convene data privacy experts from industry, government, academia and non-profit for an afternoon of discussions on hot topics in privacy, including online tracking, adding privacy to awareness trainings, data collection for D&I initiatives and more.
• Twitter chat: #DataPrivacyChat. On Thursday, tune into a data privacy discussion on Twitter. Contact jennifer@staysafeonline.org to receive the twitter chat questions in advance.
“As a global leader in cyber safety, NortonLifeLock is proud to be the lead sponsor of this year’s Data Privacy Week,” said Petros Efstathopoulos, global head of Research for NortonLifeLock. “Consumers continue to spend more time online than ever before, and this week exemplifies the increasing interest and need to protect online privacy.
“Understanding privacy in the physical world is second nature — closing doors and keeping personal information out of sight — but protecting digital footprints from companies and websites that track online activity and collect personal data can be less intuitive,” Efstathopoulos continued in the news release. “We are proud to be the digital ally for consumers, empowering them with the knowledge and tools needed to live their digital lives safely.”
This year’s event is sponsored by NortonLifeLock, Terranova Security, OneTrust, Skyflow and FormAssembly.
NCA mentioned that Data Privacy Week is designed to build on the success of Data Privacy Day, which began in the United States and Canada in January 2008 as an extension of Data Protection Day in Europe.
Data Protection Day commemorates the Jan, 28, 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.
For more information, visit the event website.
Another relationship came to fruition Wednesday with the goal of keeping customer information secure but still accessible for permitted users.
Envestnet | Yodlee, a leading data aggregation and analytics platform powering dynamic, cloud-based innovation for digital financial services, and Navy Federal Credit Union (NFCU) announced a data access agreement.
The organizations said this partnership will provide the framework for the credit union’s members to improve their overall financial wellness through more securely and effectively sharing their financial data with digital apps and experiences.
Under the agreement, Navy Federal members can more securely connect to and send their financial information to the more than 1,400 third-party applications on the Envestnet | Yodlee financial data aggregation platform.
With their consent, the organizations highlighted that these consumers will experience faster, more reliable access to these applications through a direct and secure connection to the credit union’s application program interface (API) using a token-based approach.
Executives explained in a news release that Envestnet | Yodlee powered services can help Navy Federal members better manage their spending, budgeting, savings, and investments to help improve their overall financial wellness.
They added that this agreement also can enable Navy Federal members to use these popular financial applications supported by Envestnet | Yodlee to make better financial decisions while benefitting from even stronger security, along with improved data connectivity and reliability.
“This agreement is a win-win for members affiliated with Navy Federal Credit Union, as their experience with financial wellness apps will improve through greater data connectivity and reliability,” said Brad Nightengale, senior director of the data strategy group at Envestnet | Yodlee.
“We’re excited about our relationship with Navy Federal because we are empowering their members to seamlessly make better financial decisions,” Nightengale continued in the news release. “The financial services industry is moving toward an increasingly API-connected environment, so these data access agreements are vital to ensure consumers have the most optimal digital banking capabilities.”
And Navy Federal vice president of omni-channel strategy and innovation Ryan Fairley added, “At Navy Federal, we take pride in understanding the unique needs of all our members and identifying solutions to support them and advance their financial goals.
“Moreover, it is our utmost priority to keep members’ data and finances safe and secure. This partnership with Envestnet | Yodlee will empower our members to make the decisions to achieve their financial goals all while ensuring their personal information is secure,” Fairley went on to say.
Privacy4Cars is looking to make its solutions as robust as the complexities that come with keeping consumers’ information protected.
Last week, the 2021 Emerging 8 honoree and tech company focused on creating privacy and compliance solutions for vehicles announced a suite of new tools. Privacy4Cars highlighted the products further the company’s mission of driving privacy and protecting owners and drivers from the dangers of leaving personal information behind in vehicles.
Now available, Privacy4Cars said its proprietary Identity Theft Protection Program is the first program designed for the automotive industry that offers consumer protections against vehicle-related cyber threats.
The company also launched its new Laws by Geography interactive map feature that serves as a free tool that consumers, legislators and lawyers alike to access to easily identify and understand each state’s local vehicle privacy laws.
“Privacy4Cars is leading industry innovation by creating accessible tools that are specific to vehicle privacy, safety, security and compliance,” Privacy4Cars founder and cybersecurity and privacy expert Andrea Amico said in a news release. “With the introduction of these new tools, we aim to help protect auto businesses and the consumers they serve at all stages of the vehicle privacy cycle.
“We are excited to be the first in the industry to bring these two groundbreaking concepts to life and look forward to releasing additional tools to further benefit our customers in the coming months,” Amico continued.
Privacy4Cars explained its new Identity Theft Protection Program is a way for auto businesses — including dealerships, finance companies, insurers, fleet operators and rental-car companies — to offer privacy and ID theft protection to vehicle users. Amico detailed how much privacy is getting consumers’ attention.
“A Privacy4Cars poll of over 500 consumers who purchased a vehicle in recent years revealed that 83% were willing to purchase a service where they get a certificate of data deletion and a protection of their identity and personal information when buying, selling or leasing cars — so that’s what we engineered,” Amico said.
The service exists in both a basic offering for drivers (bundled with Privacy4Cars’ deletion certificates) and a more advanced multi-year protection for the entire household that can be sold in the F&I department.
The company said both can be purchased at the dealership or the rental counter and can be activated and managed by the Privacy4Cars platform.
The service can also be purchased directly through Privacy4Cars on the app (currently available in the App Store and on Google Play).
To round out its new offering, Privacy4Cars also released a free interactive map tool, Laws by Geography, that can help consumers, legislators and lawyers quickly see what laws regulate the protection of data collected by vehicles on a state-by-state level.
By simply clicking on a state, site visitors can review a list of existing laws and pending statutes on data security, data breach, data disposal, biometric, cybersecurity, and privacy laws. Each offers a concise summary of the legal implications for auto businesses and directly links to the statutes.
“Whenever we talk to companies, sooner or later there is a legal risk review,” Amico said. “By making this Laws by Geography tool free to use and easy to access, we hope to make it easier to understand and verify how leaving this data behind is concerning for both the vehicle users and the businesses who have the title of the vehicle.”
The Laws by Geography tool is available on the Privacy4Cars website under its growing legal resources section.
For more information about Privacy4Cars, and its new suite of vehicle privacy tools, visit http://privacy4cars.com.
TransUnion is trying to show the industry just how focused on information security and consumer privacy the company really is.
The company said its latest example of commitment to build and invest in technology to help businesses and consumers transact in an increasingly digital marketplace arrived recently with a preferred equity investment and strategic cooperation agreement with Spring Labs, an advanced cryptography and blockchain based financial technology firm transforming the exchange of sensitive data.
According to a news release, the companies are collaborating to increase access to Spring Labs’ data exchange network and products, while enabling TransUnion to expand protection of sensitive consumer data and promote transformative technology in its business.
“Spring Labs built a state-of-the-art technology protocol that cryptographically transforms and anonymizes data to unlock new data and products,” said Steve Chaouki, president of U.S. markets at TransUnion, who is joining the Spring Labs board of directors.
“The ability to securely exchange information without revealing the underlying data and identity of network participants creates opportunities for our customers and the consumers they serve through sharing of historically siloed data,” Chaouki continued in the news release
TransUnion highlighted that Spring Labs is “revolutionizing” the way consumer financial data is stored and shared among financial services institutions with a network foundation known as the Spring Protocol.
This privacy-preserving information exchange can return control and value to data owners, unlocking new data sources and enabling competitively sensitive parties to collaborate for the common good.
Spring Labs’ advanced cryptography can allow strict control of information visibility, and its permissioned blockchain can provide a time-stamped, immutable record and audit trail. The company explained this approach can offer a “rare” combination of transparency and privacy, uniquely suited to data exchanges in instances where participants may be concerned about sharing with competitors.
For example, finance companies and lenders can exchange information to identify fraud or verify identities without disclosing underlying data.
“We are thrilled to announce TransUnion’s investment and related cooperation agreement. With tens of thousands of customers, TransUnion is the ideal partner for Spring Labs as a respected global information and insights company that shares our commitment to stewarding sensitive data. We see multiple avenues for collaboration, including the extension of our products, services and network to TransUnion’s customers,” said Adam Jiwan, co-founder of Spring Labs.
“Additionally, by joining our board, Steve will help drive continued growth for Spring Labs through his deep understanding of the business, data and analytics needs of financial services and other industries,” Jiwan added.
At the core of this relationship, TransUnion will help expand existing Spring Labs’ networks to new organizations, as well as develop new networks based on customer needs and interests.
“Our core promise is to make trust possible between businesses and consumers,” said Marko Ivanov, senior vice president at TransUnion and Spring Labs partnership lead. “Spring Labs resolves the challenge of information sharing among competitors without inhibiting competition while providing regulatory transparency and protecting consumer privacy.
“In addition, the flexibility and ease of integration of the Spring Protocol will enable rapid design and deployment of new networks in numerous industries across multiple use cases including credit risk, fraud and marketing. We are excited about the possibilities,” Ivanov went on to say.
Spring Labs recently demonstrated the potential of its technology by deploying a network for data sharing among Property Assessed Clean Energy (PACE) financing providers, launched in the fourth quarter.
Network participants estimate it could save up to $10 million in fraud or 1% of total industry loan transactions.
Shred-it discovered noticeable jumps since 2017 in both corporate executives and small-business owners reporting that they experienced a data breach.
The information security service provided by Stericycle announced the findings when Shred-it released its 10th anniversary edition of the Data Protection Report, which outlines data security risks threatening U.S. enterprises and small businesses.
According to the report, nearly half of C-suite executives — 43% to be exact — and 12% of small business owners have experienced a data breach. Shred-it indicated those readings represent a 21% rise from 2017 among those executives and a 7% climb for those small business owners.
While companies are getting better at protecting their customers’ personal and sensitive information, Shred-it determined their focus on security training and protocols has declined in the last year. The firm cautioned that this decline could pose issues for businesses, as 83% of consumers say they prefer to do business with companies who prioritize protecting their physical and digital data.
Formerly known as The Security Tracker: State of the Industry Report, the findings are based on a survey conducted by Ipsos, shedding light on trends in data protection practices and the risks American businesses, organizations and consumers face related to keeping their data secure.
Shred-it said the findings reinforce the need for business owners to have data protection policies in place as threats to data security, both physical (including paper documents, laptop computers or external hard drives) and digital (including malware, ransomware and phishing scams), have outpaced efforts and investments to combat them.
Shred-it also noted that its report — which was completed prior to the COVID-19 pandemic starting — showed that more focus is needed around information security in the home, where executives and small business owners feel the risk of a data breach is higher.
While advancements in technology have allowed businesses to move their information to the cloud, Shred-it discovered only 7% of top executives and 18% of small-business owners operate in a paperless environment.
“Businesses still consume vast amounts of paper, dispelling the myth of offices going digital and signaling a need for oversight of physical information and data security,” Shred-it said.
Both top executives and small-business owners indicated external threats from vendors or contractors and physical loss or theft of sensitive information are the top information security threats facing their business, according to the report.
Yet, Shred-it said the number of organizations with a known and understood policy for storing and disposing of confidential paper documents adhered to by all employees has declined 13% for those companies with top executives and 11% for those small-business owners.
In addition, the report mentioned 49% of small-business owners have no policy in place for disposing of confidential information on end-of-life electronic devices.
While the work-from-home trend has risen over the years, the COVID-19 pandemic abruptly launched employees into work-from-home status, many without supporting policies.
According to the report, the majority of top executives (77%) and small-business owners (53%) had employees who regularly or periodically work off-site. Despite this trend, just 53% top executives and 41% of small-business owners have remote work policies in place that are strictly adhered to by employees working remotely.
“As we adjust to our new normal in the workplace, or at home, it’s crucial that policies are adapted to align with these changes and protect sensitive information,” said Cindy Miller, president and chief executive officer for Stericycle, the provider of Shred-it information security services.
“As information security threats grow, it’s more important than ever that we help businesses and communities protect valuable documents and data from the risks of an information breach,” Miller continued in a news release.
When it comes to training, 24% of top executives and 54% of small-business owners reported having no regular employee training on information security procedures or policies, according to the report.
Additionally, Shred-it mentioned the number of organizations that regularly train employees on how to identify common cyber-attack tactics, such as phishing, ransomware or other malicious software, declined 6% for top executives and 7% for small-business owners.
“As a society, we are facing new information security challenges every day, from the rise of remote working to increased consumer concern,” said Michael Borromeo, vice president of data protection for Stericycle.
“To protect businesses now and for the long haul, it’s instrumental that leaders reevaluate information security training and protocols to adjust to our changing world and maintain consumer trust,” Borromeo went on to say.
To learn how organizations can better protect their business against data breaches and receive additional survey findings, download Shred-it’s 2020 Data Protection Report by going to this website.
Separate consumer surveys by KPMG and by Ponemon Institute sponsored by ID Experts uncovered the growing concern consumers have about their personal data and privacy as more technology is leveraged.
According to the survey from KPMG, 56% of Americans reported wanting more control over their personal data, and insisted that both corporations and government must play an active role in protecting consumer data.
Meanwhile, research from the Ponemon Institute also pointed to a privacy gap between the consumer data protection individuals want and what industry and regulators provide.
KPMG discovered 97% of American consumers indicated that data privacy is important to them, with 87% going so far as to characterize it as a human right. However, KPMG also found consumers are deeply suspicious of what companies are doing with their data based on these two findings:
— 68% don’t trust companies to ethically sell personal data
— 54% don’t trust companies to use personal data in an ethical way.
“With consumers indicating that they see data privacy as a human right, and new legislation expected in the years ahead, it is critical that companies begin to mature privacy programs and policies,” said Orson Lucas, principal of KPMG Cyber Security Services.
“Consumer demands for the ethical use of data and increased control over their own data must be a core consideration in developing data privacy policies and practices,” Lucas continued in a news release about findings contained in a report, New Imperative for Corporate Data Responsibility, which is based on the results from a survey of 1,000 respondents in the U.S.
KPMG mentioned the sample was balanced to reflect national representation of age, race, gender and region. The online survey was fielded between May 19 and May 21.
Even though respondents indicated that data privacy is important to them, KPMG determined that most Americans still engage in online behaviors they consider risky. The survey found that:
— About 75% of Americans say they consider it risky to use the same password for multiple accounts, use public Wi-Fi or save a card to a website or online store. Yet, more than 40% engage in those behaviors.
— While 65% of Americans reported avoiding opening email attachments from unknown senders, only 31% install mobile device security software and 20% use their own virtual private network (VPN) when possible.
“Part of the challenge for corporations will be getting employees and customers to do their part in protecting their own data,” said Steve Stein, another principal at KPMG Cyber Security Services. “Developing defensible notices with understandable language and data protection controls that guide employees and consumers have to be embedded in the data security agenda.”
While most survey respondents indicated that consumers themselves have a responsibility to protect consumer data, even more want the government and companies to play a role. KPMG found that:
— Nine in 10 Americans insist companies (91%) and the government (90%) have a responsibility to protect consumer data.
— Almost all (91%) agree the following data privacy rights of the California Consumer Privacy Act should be extended to all U.S. citizens, including the right to delete personal data and the right to know how their data is being used.
— More than nine in 10 Americans say companies should put data privacy guidelines and policies in place, be held responsible for corporate data breaches, take corporate data responsibility seriously and take the lead in establishing corporate data responsibility.
To be able to provide consumers with increased control over their data, KPMG suggested that businesses should consider leveraging data discovery and protection tools and exploring novel uses of blockchain and artificial intelligence. The firm explained these technologies can help organizations better track the source of their data, assure its accuracy, make it easily discoverable, protect it and build greater external visibility into the data being collected.
In fact, according to a survey of 600 global technology executives conducted in late March/early April, KPMG found that improving cybersecurity and data privacy is one of the top four objectives for which their organizations are investing in emerging technologies such as process automation, smart analytics, cloud computing, artificial intelligence and blockchain.
Results of Ponemon research
The Ponemon Institute discovered similar findings when it conducted its own consumer survey.
The research center dedicated to privacy, data protection and information security policy orchestrated a projected sponsored by ID Experts that revealed what analysts called a “startling” lack of empowerment consumers feel when it comes to their data privacy.
Research from the Ponemon Institute pointed to a privacy gap between the consumer data protection individuals want and what industry and regulators provide. While the majority of consumers want their data protected, the center found they’re still waiting on — or expecting — the federal government or industries to provide this protection.
For instance, the Ponemon Institute said a majority of consumers (60%) believe government regulation should help address the privacy risks facing consumers today, of which 34% say government regulation is needed to protect personal privacy and 26% believe a hybrid option (regulation and self-regulation) should be pursued.
“This research revealed much of the tension surrounding digital privacy today. Based on my polling experience, these findings make a compelling case for the important role identity protection products and services play in protecting consumers’ privacy,” Ponemon Institute chairman and founder Larry Ponemon said in a news release.
“The study shows that many consumers are alarmed by the uptick in privacy scandals and want to protect their information, but don’t know how to and feel like they lack the right tools to do so,” Ponemon continued.
Other key findings from the Ponemon Institute survey include:
— Consumer concern is increasing: Two-thirds of consumers (68%) are more concerned about the privacy and security of their personal information than they were three years ago. Three-fourths of consumers (75%) in the over 55 age group have become more concerned about their privacy over the past three years.
— Search engines least trusted: Almost all consumers (92%) believe search engines are sharing and selling their private data, 78% believe social media platforms are and 63% of consumers think shopping sites are as well. Similarly, 86% of respondents say they are very concerned when using Facebook and Google and 66% of respondents say they are very concerned when shopping online or using online services.
— Seniors against advertising tracking: A majority of older consumers (78%) say advertisers should not be able to serve ads based on their conversations and messaging.
— Consumers have little hope in websites’ ad blocking: Only 33% of consumers expect websites to have an ad blocker that stops tracking and only 17% of consumers say they expect websites to limit the collection and sharing of personal information.
— Split responsibility: More consumers (54%) say online service providers should be accountable for protecting the privacy of consumers, while 45% say they themselves should assume responsibility.
— How consumers protect themselves: A majority of consumers (65%) are using some type of privacy protection provided by their devices. Of these, 25% are setting a more restrictive data sharing setting, 21% are using both additional authentication controls and a more restrictive data sharing setting and 19% are using additional authentication controls.
— Half of consumers are aware of the availability of protections: Of the protections available to consumers to protect their personal information, 52% say opting out of data collection and 48% say data sharing and encryption of personal information are available, respectively.
“What we’re seeing is a privacy gap between Americans’ desire for a solution due to their growing concern for their digital privacy and the services that the actual protection government and industry leaders offer,” ID Experts president and chief executive officer Tom Kelly.
“Consumers must recognize that there are simple tools and practices they can implement to guard their data privacy, and government leaders and online platforms won’t do it for them,” Kelly added.
Interestingly, the study also found that 64% of consumers say they think it is “creepy” when they receive online ads that are relevant to them, but not based on their online search behavior or publicly available information. This confirms that many consumers experience this phenomenon and are alarmed by it.
In addition, ID Experts’ own research findings reveal that 73% of consumers say advertisers should allow them to “opt-out” of receiving ads on any specific topic at any time.
ID Experts asserted this sentiment revealed a lack of empowerment that consumers feel in their ability to protect their privacy.
While 74% of consumers say they have no control over the personal information that is collected on them, ID Experts’ research indicated they are not taking action to limit the data they provide when using online services. In fact, 54% of consumers say they do not consciously limit what personal data they are providing, according to ID Experts, which went on to say, “This lack of empowerment can have devastating effects on consumers’ privacy if it goes unchecked.”
The research conducted by Ponemon Institute included interviews of more than 650 adults across the country who represent a diverse sample of gender, age, race, political and religious beliefs, educational backgrounds and income levels.
Its complete report, Privacy and Security in a Digital World: A Study of Consumers in the United States, is available for download on this website.
