Data Privacy Day takes place annually on January 28. The purpose of Data Privacy Day (Data Protection Day in Europe) is to raise awareness and promote privacy and data protection best practices. It is currently ‘celebrated’ in the United States, Canada, and 27 European countries. In Europe it is referred to as Data Protection Day. Data Privacy/Protection is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, legal and political issues surrounding them. Privacy concerns exist wherever personally identifiable information or other sensitive information is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. Data privacy issues may arise in response to information from a wide range of sources, such as:
Criminal justice investigations and proceedings
Financial institutions and transactions
Biological traits, such as genetic material
Residence and geographic records
Location-based service and geolocation
Web surfing behavior or user preferences using persistent cookies
Internet security has become a growing concern. These concerns include whether email can be stored or read by third parties without consent, or whether third parties can continue to track the websites that someone has visited. Another concern is if the websites that are visited can collect, store, and possibly share personally identifiable information about users. The advent of various search engines and the use of data mining created a capability for data about individuals to be collected and combined from a wide variety of sources very easily. The FTC has provided a set of guidelines that represent widely accepted concepts concerning fair information practices in an electronic marketplace called the Fair Information Practice Principles.
In order not to give away too much personal information, emails should be encrypted. Browsing of web pages as well as other online activities should be done trace-less via “anonymizers”, in case those are not trusted, by open-source distributed anonymizers, so called mix nets, such as I2P or Tor – The Onion Router Are available.
Email isn’t the only internet content with privacy concerns. In an age where increasing amounts of information are going online, social networking sites pose additional privacy challenges. People may be tagged in photos or have valuable information exposed about themselves either by choice or unexpectedly by others. Caution should be exercised with what information is being posted, as social networks vary in what they allow users to make private and what remains publicly accessible. Without strong security settings in place and careful attention to what remains public, a person can be profiled by searching for and collecting disparate pieces of information, worst case leading to cases of cyberstalking or reputational damage.
The challenge of data privacy is to use data while protecting an individual’s privacy preferences and their personally identifiable information. The fields of computer security, data security, and information security design and use software, hardware, and human resources to address this issue. Since the laws and regulations related to Privacy and Data Protection are constantly changing, it is important to keep abreast of any changes in the law and to continually reassess compliance with data privacy and security regulations. Within academia, Institutional Review Boards function to assure that adequate measures are taken to ensure both the privacy and confidentiality of human subjects in research.
Data Privacy Day’s educational initiative was originally focused on raising awareness among businesses as well as users about the importance of protecting the privacy of their personal information online, particularly in the context of social networking. The educational focus has expanded over the past four years to include families, consumers and businesses. In addition to its educational initiative, Data Privacy Day promotes events and activities that stimulate the development of technology tools that promote individual control over personally identifiable information; encourage compliance with privacy laws and regulations; and create dialogues among stakeholders interested in advancing data protection and privacy. The international celebration offers many opportunities for collaboration among governments, industry, academia, nonprofits, privacy professionals and educators.
The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data was opened by the Council of Europe in 1981. This convention is currently in the process of being updated in order to reflect new legal challenges caused by technological development. The Convention on Cybercrime is also protecting the integrity of data systems and thus of privacy in cyberspace. Privacy including data protection is also protected by Article 8 of the European Convention on Human Rights. The day was initiated by the Council of Europe in 2007 as the European Data Protection Day and on January 26, 2009, the United States House of Representatives passed a House Resolution declaring January 28 National Data Privacy Day. On January 28, 2009, the Senate officially recognised January 28, 2009 as National Data Privacy Day. In response to the increasing levels of data breaches and the global importance of privacy and data security, the Online Trust Alliance (OTA) and the National Cyber Security Alliance adopted Data Privacy Day as Data Privacy & Protection Day, emphasizing the need to look at the long-term impact to consumers of data collection, use and protection practices and they also organise other Data Protection Day Activities