Data Privacy Day 2022: Resolve to be in front of privacy ... not behind it

Just as New Year’s affords us the conceptual opportunity to annually reevaluate who we are and what our plans should be, international Data Privacy Day (or Data Protection Day in Europe), observed Jan. 28, gives organizations the opportunity to revisit their commitment to data privacy. Unfortunately, like so many resolutions, data privacy is often pushed down the to-do list in favor of items that seem more pressing (or less daunting).

While individuals and organizations differ in how they approach bettering themselves, an individual’s New Year’s resolutions can actually align with an organization’s commitment to data privacy.

• Be healthier – Perhaps the most common resolution is to take a more mindful role in how we treat our bodies with the focus on living longer, healthier lives. Similarly, organizations should look holistically at their systems because they may not be overindulging on ice cream, but they do have a tendency to binge on personal data. Organizations can minimize risk and even operate more efficiently by cutting down on the excess personal data they digest.
• Exercise more – To an organization, that means taking time to assess its personal data processing practices and addressing the identified gaps. It should also monitor to make sure it stays current on updates (and doesn’t let those bad habits creep back in!).
• Get organized – In the case of data privacy, most organizations aren’t sure what they have (or even where they have it). Data privacy maturity starts with taking the time to identify what personal data the organization has and why it has it. Then, it should make certain that information is protected accordingly, and that it rids itself of what it doesn’t need. Also, it should remember to update its privacy policy, which should be revisited at least annually.
• Lose weight – Organizations often hold on to excess personal data in their IT systems. If they shed some of that “extra weight,” the systems typically perform better, and the organization decreases certain risks. A sound data privacy practice is to keep personal data only as long as it is needed.  
• Learn a new skill – Organizations can stay on top of data privacy by providing their employees with educational materials and opportunities through training and awareness campaigns.  Through these types of instruction, employees learn new leading practices for data privacy and, at the same time, how they can decrease risks from the often-unintended adverse outcomes associated with poor data processing procedures.