By Jodi Daniels, Founder & CEO of Red Clover Advisors
Our favorite time of the year is finally here—and yes, we know the winter holidays have already come and gone. But as much we may love warming up with a cup of hot cocoa (topped off with unreasonable amounts of marshmallows, please!), there’s one day that holds a special place in our hearts: January 28th was World Data Privacy Day.
And while there aren’t any seasonal beverages to enjoy along with it, we think Data Privacy Day represents something fundamental: the right of every person to control their own personal data with the confidence that it won’t be shared, sold, or otherwise exposed without their consent.
World Data Privacy Day: a short background
Observed annually worldwide, Data Privacy Day honors the signing of Convention 108 in 1981, the first international treaty to deal with privacy and data protection.
1981 was a long time ago, though.
Since then, generations of activists, lawmakers, and ordinary citizens have advocated long and hard for a future where an individual right to their private data doesn’t get lost in the crowd.
That’s why we like to look at January 28th as something like a Data Privacy New Year’s for our industry: it was a chance to stop and acknowledge the progress we’ve made, celebrate our privacy accomplishments, and look ahead to the work that still needs to be done.
Data privacy day? Let’s make it a week (or even a year)
This year, the National Security Alliance decided to expand its Data Privacy Day campaign to cover an entire week—to which we say, why not? After all, privacy is an ongoing issue, and there’s only so much work you can do in a day.
In fact, we’d like to propose an even more ambitious idea: what if we made 2022 a Data Privacy Year? Because as much as we love the 28th, the things you do on those other 364 days are more important.
Three good reasons to make data privacy your New Year’s resolution
We know the ball dropped weeks ago (and some of us even managed to stay up long enough to see it), but that doesn’t mean it’s too late to make a few more resolutions.
Our suggestion? You guessed it: making data privacy a priority. From legal compliance to business considerations to just straight up doing the right thing, here are a few good reasons to keep data privacy top of mind as you plan for your business’s future in 2022.
1. Regulatory compliance
Convention 108 was left all by its lonesome, and lax (or nonexistent) data privacy laws allowed dangerous privacy practices to thrive for a long while. Consumer’s private information was often collected and sold without their knowledge or consent, and insufficient data security measures led to high-profile breaches of private consumer data.
Thankfully, Convention 108 finally got help. If your company sells products or collects data from users, you’re probably already familiar with the EU’s General Data Protection Regulation (GDPR), adopted in 2016. This far-reaching privacy and data security law placed a wide range of restrictions on how organizations collect, store, and use consumer data—at least within the EU.
Since then, several US states have joined the EU in creating consumer privacy regulations, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), and the Virginia Consumer Data Protection Act (VCDPA).
More state laws are likely to follow, and for those who care about consumer privacy, that’s cause for celebration. But it also means that companies need to carefully monitor their regulatory compliance obligations. Failing to prioritize privacy issues in the coming years could put your company on the wrong side of the law if you ignore policy changes.
2. Privacy is what your consumers expect
Even if you put regulatory concerns aside, prioritizing data privacy is simply good business. Consumers are increasingly aware of how their private data is being collected and used, and most Americans now report concern over companies’ use of their personal information.
That gives your company an excellent opportunity to differentiate itself by putting privacy first. In fact, a whopping 97% of companies report one or more tangible benefits after investing in robust privacy policies, from more significant competitive advantages to lower data-breach losses to increased investor appeal.
(And that’s not a bad way to start the year.)
3. It’s simply the right thing to do
No matter what your industry is or who your consumers are, your relationship with the people you serve is built on trust: trust in your professionalism, trust in the quality of your goods or services, and trust that your business will uphold its core values.
Data privacy efforts are one way to pay them back for that trust. Each of your consumers is a living, breathing human being who has a right to privacy and control of their personal data, and helping them protect that right is an excellent New Year’s resolution.
Seven resolutions for a privacy-first 2022
Look, we know that staying true to your resolutions is hard (raise your hand if you’ve already broken the ones you made on New Year’s Eve).
But when it comes to data privacy, staying ahead of the trends is a year-round effort, and it helps to have a plan you can commit to. Here are seven goals to keep the privacy fire burning bright when Data Privacy Day is just a warm and fuzzy memory.
1. Start with awareness and empathy
Successful privacy efforts need to go deeper than policy—you also need to foster a culture that values your privacy plans. And one of the best ways to do that is to remember the people you serve.
Whenever you implement steps to keep your clients’ and customers’ data safe, you’re also protecting the legal and ethical rights of the people who trust you. Keeping an awareness of this responsibility top-of-mind can help you fuel your efforts with empathy, even when breaking your privacy resolutions is oh-so-tempting.
2. Train and educate your team
Setting goals is admirable, but implementing real and lasting change requires full-team buy-in and participation. If you want to create a company culture that values privacy, you’ll need to equip your team with the knowledge they need to put privacy first.
That involves clearly articulating your privacy goals to your team, providing them with opportunities to engage with your privacy policies, and making it as easy as possible for them to comply. Instituting company-wide use of privacy measures like VPNs, encryption, and two-factor identification can help you make privacy awareness the norm.
3. Plan for 2023 (and ’24, and ’25 . . .)
Another thing to reflect on as we enter a new year: didn’t that last one go by really fast?
There’s simply no stopping the future from rolling on in, and data privacy regulations are now evolving more quickly than ever before. By 2023, it’s estimated that current data privacy regulations will impact 65% of the world.
That’s a lot of new privacy laws to keep up with. If you’re planning on staying ahead of new compliance demands, you’ll need to start future-proofing your privacy efforts today. And while you can’t perfectly predict the privacy demands of tomorrow, implementing a robust privacy program based on today’s best practices and current data protection laws will set you up for success as the years roll by.
4. Put the cookie jar down
Speaking of future-proofing, one of your priorities right now should be to move beyond reliance on third-party cookies. With data protection regulations like the GDPU banning the use of most third-party cookies without explicit uses consent, even major browsers are now dropping cookie support.
Thankfully, the kind of cookies you eat is still on the table—and there are plenty of viable ways to move toward a cookieless future.
5. Build a robust preference center
As third-party cookies quickly become a thing of the past, the preference center is stepping up to become your new privacy best friend. Preference centers give your site’s users all the tools they need to opt-in or out of the collection or use of their data.
It’s a vital way to stay in compliance with privacy regulations and an easy way to build trust with your site’s users.
6. Data mapping
One of the cardinal rules of responsible data collection: never collect or keep data you don’t need.
But how do you get started if you don’t know what data you have? Enter data mapping, an irreplaceable tool for taking stock of the data you’re collecting, where it’s coming from, how (and how long) you’re storing it, and how it’s being used.
Building one out should be a priority if you don’t have a data map yet. Thorough data mapping helps your company stay compliant and can serve as the first step toward effective preference centers.
7. Work with a privacy consultant
All of the above resolutions are well worth the effort, but when you’re navigating the increasingly complex world of privacy regulations, sometimes you just need some extra professional help.
Working with an experienced data privacy consultant is one of the best ways to ensure your efforts don’t go to waste. Letting privacy professionals take the lead this year can take the load off your shoulders while allowing for a more informed and comprehensive strategy.
Contact us if you’re ready to make 2022 your Data Privacy Year. We’d love to help you move your data privacy program forward.