Data Privacy Day (known in Europe as Data Protection Day) is an international event that occurs every year on 28 January. The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices. It is currently observed in the United States, Canada, Israel and 47 European countries.
Data Privacy Day's educational initiative originally focused on raising awareness among businesses as well as users about the importance of protecting the privacy of their personal information online, particularly in the context of social networking. The educational focus has expanded over the years to include families, consumers and businesses. In addition to its educational initiative, Data Privacy Day promotes events and activities that stimulate the development of technology tools that promote individual control over personally identifiable information; encourage compliance with privacy laws and regulations; and create dialogues among stakeholders interested in advancing data protection and privacy. The international celebration offers many opportunities for collaboration among governments, industry, academia, nonprofits, privacy professionals and educators.
Learn more about protecting your privacy at staysafeonline.org/data-privacy-day
Data Privacy Digital Scavenger Hunt Jan 20-22, 2021
We’re hosting a Data Privacy Digital Scavenger Hunt. Sign up to receive the clues via email. Registered participants will receive a digital prize. Registration form: https://go.illinois.edu/ScavHuntSignUp
We are a Privacy Aware Champion Organization
The National Cybersecurity Alliance offers many resources that help you to better understand and safeguard privacy. Tips include Online Safety Basics, Managing Your Privacy, Checking Your Privacy Settings, Free Online Security Checkups and Tools, and more.
Data Privacy Day Archives – Stay Safe Online
Data Privacy Day National Events
Educause Webinar Data Privacy Panel Discussion
January 26 from 12-1pm Central
Educause Data Privacy Panel Registration Link
Meeting data privacy compliance isn’t always as pretty and neat as the regulators think. Join us for a lively panel discussion with an attorney, an information security officer, and a cybersecurity professional as we talk about how to “win ugly” when it comes to compliance. We’ll discuss GLBA, FERPA, HIPAA, and other regulations and showcase real-world examples from legal and higher education perspectives. Joining the panel are Ben Nixon, Director of Information Security at Point Loma Nazarene; Christian Auty, Partner at Bryan Cave; and Thomas Coke, Chief Strategy Officer of BitLyft Cybersecurity. After a guided portion of the discussion, webinar participants will have the opportunity to ask live questions to any panelist.
Outcomes:
- Learn about overcoming compliance challenges
- Hear real-world examples of navigating data privacy
- Take a look into the future of data privacy for higher education
More About Privacy
Quick-links to relevant University of Illinois System privacy policies
- University of Illinois System Web Privacy Notice
- University of Illinois System Web Privacy Notice
- DAT-01 Data Security Standard
- DAT-02 Information Access Control
Quick-links to relevant University of Illinois System data privacy regulation-related resources
Personal (and Identifying) Information:
- Illinois Personal Information Protection Act
- Illinois Identity Protection Act
- U of I OBFS Social Security Number Policy
Health (and Medical) Information:
Financial (and Consumer) Information:
- Cardholder Information (PCI-DSS)
- Gramm-Leach-Bliley Act Privacy Rule
- FCRA/FACTA Red Flags Rule
- U of I OBFS Red Flags Rule
Other Applicable Laws:
The diagram of the Data Privacy Life Cycle
Data Privacy is a Process!
The Data Privacy Life Cycle is a simple process flow (represented here as a diagram) to show the vital points where privacy decisions need to be considered. This is often used by organizations, but consumers also can use this to help understand privacy policies and questions they may have about use and maintenance of their personal information. It is vital to pose the following questions at every decision point in the data privacy life cycle: Who? What? When? Where? Why? How?
Collection –This is the point at which the data is collected from the data subject (e.g., consumer). A privacy policy should state why specific data is being collected and for what purpose.
Use – Also called Processing, this stage is what the data controller does with the data within their own organization once collected. The purpose of using the data should be in keeping with the privacy policy’s purpose statement.
Disclosure – Also called Sharing, this the stage when the data is provided to another organization outside the purpose of its internal business processes. It can include trading data or selling of data for monetization purposes. Sharing of data should only take place with established business partners under the law and the partners should be specified in the privacy policy.
Retention – Sometimes called Storage or Archiving, is where personal data is stored for a time during or after its intended use, per business or legal requirements. This can include archiving where data is stored digitally–sometimes offline–for a time before it is determined that it is no longer wanted or needed. Archived data often contains aggregated personal data and should be protected very securely.
Destruction – Also called Disposition, is where the data is destroyed because it reached the end of the data life cycle. Sometimes hardware holding the data still may be usable, so the hardware may be set aside (dispositioned) to be used again but without granting the new user access to the old user’s data. Some new laws such as GDPR grant users the ability to request destruction of their personal data by organizations that may have it.
What additional steps can I take?
At UIS, we want to help students, faculty and staff make wise choices about their personal data and provide applicable knowledge in order to protect such data. Below are some tips, tricks and hacks one can take to safeguard themselves when using popular technologies.
Review your location data.
- If appropriate delete your historical data. Review which apps can access your phone’s GPS features and consider whether you want to provide this history of your daily movement to them.
- Cell phones are great at providing directions and recommendations for restaurants nearby. To do this they use GPS and poll your phone every few minutes. Most cell phone makers and cellular providers keep a record of this data. Individual mobile apps and even games, if GPS permissions are given, can also track this data. In many cases there is no limit to how long this data can be stored or shared.
Rethink the messages and content you share publicly. Understand that not all “deleted” messages are deleted.
Any social media post that is public is often indexed by third parties including researchers, media, and government entities. Even after deleting content the content can be retained. Other social media companies claiming “private messaging” are sometimes found not to be private or anonymous. Before sending that private message check your platform and consider whether you really want to send it.
Review apps that offer ‘secure’ messaging to see if their platform has been endorsed by a trusted third party:
Cover your webcam and double check which software and apps have access to your microphone.
Many security professionals cover their cameras and safeguard access to their microphones. There are numerous exploits that allow hackers to turn those devices on–often with no indicators.