Data Privacy Day: Recognizing the Next Steps in Information Security2017 was the year of the data breach. It happened over and over again, first with Equifax, then with Forrester, and finally with Uber—one of the best-covered-up hacks of all time. Now, with the bad taste of so many terrible breaches still in our mouths, you might find yourself asking this question: where do we go from here? As it turns out, you’re not alone.

In 2008, the National Cyber Security Alliance (NCSA) launched an initiative in the United States and Canada—following in the footsteps of something similar in Europe—recognizing the 1981 international treaty on privacy and to protect private data. The initiative is called Data Privacy Day, and it’s observed every January 28th across the West, in remembrance of the treaty. The goal of the project is to remind individuals and organizations of the importance of personal data and our responsibility to protect it—a noble and critical endeavor in a world dominated by haphazard information security.

Awareness is the first step on the road to change. Campaigns like Data Privacy Day do a massive amount of good in their efforts to get issues like data privacy on the radar. After breaches like Equifax or Uber happen, these initiatives remind the public that data privacy is an important issue, and that there are individuals and organizations out there fighting to protect it. But the initiatives can’t stop at awareness. They only mean something if they spur us on to further action, to actually making the necessary efforts to stop more breaches from happening. And the lion’s share of those efforts lies in education: making sure that every member of every team in every organization has the tools necessary to protect personal data.

Of course, protecting data isn’t easy in a cloud-based world where hackers lie in wait around every turn, sussing out weaknesses in infrastructure and then waiting for the perfect time to pounce. If data protection were simple, breaches would never happen, and there would be no problem to solve. And yet, we have tools at our disposal that—unfortunate and difficult to believe as this might seem—many organizations do not take full advantage of. Education is one of these tools. Many companies, even those that deal with mass amounts of private data, do not properly educate their employees in how to protect it. What this means is that, to a large degree, hackers are banking on a lazy, uneducated public to make their mint. Education is the weapon that will help prevent us from becoming such easy targets.

So, as you quietly note this year’s Data Privacy Day, do a little bit of mental math. How much private data does your organization deal with? When was the last time you comprehensively educated your users in how to protect it? And do you have a plan for making sure that your data is secure in 2018? The answer to the question “Where do we go from here?” is fairly simple. Either we stay where we are, complacent and vulnerable, or we take a cue from the individuals and organizations standing up for Data Privacy Day and get ourselves on a more secure track. GLS wants to help with that. We offer a variety of privacy courses—including our brand new, gamified course on the General Data Protection Regulation (GDPR)—that provide users with a comprehensive overview of what personal information is and how we can protect it. Because while education might require an investment of time and energy, the payoff is priceless: and it could mean the difference between an organization that survives a breach attempt and an organization that is ruined by one.

In recognition of Data Privacy Day and the 1981 treaty, GLS is offering 15% off all privacy training, including GDPR, through the end of February. Use promo code privacyday2018 to redeem.

What Can You Do?

GDPR compliance training from GLS focuses on these areas so learners will be able to:

  • Articulate the purpose of GDPR
  • Define personal data under GDPR
  • Explain key processes needed to protect personal data
  • Describe the responsibilities of an individual within the organization under GDPR
Learn More