privacySince January 28th is National Data Privacy Day, let’s be #PrivacyAware in today’s episode.  Privacy Day has been around for a while.  It is “international effort to empower individuals and business to respect privacy, safeguard data and enable trust”.  We are all about trust here and certainly aim to empower those who are willing to respect privacy.  This is perfect for us!

HIPAA For MSPs by David Sims Privacy Day and Other News You Need
00:00:00 00:00:00

Nasty ransomware version going around now deletes file and formats backup drives not just encrypting data for you to restore or possibly pay the ransom.  The world of ransomware is evolving constantly so you can not let down your guard.  MongoLock Immediately Deletes Files, Formats Backup Drives

Speaking of that more malware is spewing forth.  This thing is also very nasty.  Of course, it uses Office files to spread.  Another case of making sure your people are prepared to NOT click! Emotet infections and follow-up malware article explain how this stuff does it’s damage and then loads some OTHER malware before cleaning itself up and leaving you hanging.

All web hosting is not the same. You can not assume that your hosting company will secure thing properly.  5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws

Finally, if you have cyber skills criminals are running ads for jobs hacking for them. These ads are crazy when you look at them from our perspective.  The fact that hackers are doing so well their underground economy they are hiring.  They also have a list of things you can hire them to do.  Check it out here: The Dark Overlord: “Do YOU want to get Rich? Come work for us!”

What is Data Privacy Day?

Led by the National Cyber Security Alliance (NCSA), Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Observed annually on January 28, Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.   On Jan. 27, 2014, the 113th U.S. Congress adopted S. Res. 337, a non-binding resolution expressing support for the designation of Jan. 28 as “National Data Privacy Day.”  That means we need to be ready to celebrate #PrivacyAware every year on this day.

What is the difference between Security and Privacy?

Security refers to the ways we protect ourselves, our property and personal information. It is the first level of defense against unwanted intruders. Privacy is our ability to control access to our personal information.

What are the recommended actions being presented as part of the respect for privacy, safeguarding data and enabling trust for Data Privacy Day?

Create a culture of privacy in your organization.  We use this phrase all the time but I also like the phrase privacy and security by design.  In either case, it means that you make privacy and security part of every discussion, project, plan, etc.

When we sit down to plan a project for our company we always question what do we need to do from a privacy and security standpoint in the project.  Sometimes, we don’t need to worry about them but it is always a decision that we make not an assumption.  That is when you have a true culture built around privacy and security.  You don’t just discuss it when it is time to work on it, you discuss it as PART of your work.

I do like some of the phrases they have included in their information guide.

Top Three Tips for Transparency and Trust

+ If you collect it, protect it. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access.

+ Be open and honest about how you collect, use and share consumers’ personal information.  Think about how the consumer may expect their data to be used, and design settings to protect their information by default.

+ Build trust by doing what you say you will do. Communicate clearly and concisely to the public what privacy means to your organization and the steps you take to achieve and maintain privacy.

Those are very helpful from a training standpoint in my opinion, anyway.  You can expect to see us use them, for sure.  All of those clearly apply in healthcare because they are required elements of HIPAA.  However, as we have been saying for years, this stuff is getting real for everyone else, not just those who are subject to HIPAA requirements.  That is one of the things I do like about this event is that it isn’t all about healthcare.

There is a section specifically related to medical records privacy in the published guide. It includes are many that we all know as the number of breaches that happen and how much data is collected.  One point I really appreciated:

This data can be immensely valuable to cybercriminals and so intensely personal that patients would be deeply impacted if it was lost or stolen.

This gets to the heart of what our HMWH tagline says:  HIPAA is not about compliance, it is about patient care.  I like that fact that this is clearly stated for everyone to remember in the medical record privacy discussion.  Here are a few of the stats they point out:

  • In the U.S. alone, healthcare data breaches occur at a rate of more than one a day, costing an average of $408 per record.
  • Under the Health Insurance Portability and Accountability Act (HIPAA), it’s illegal for healthcare providers to share patients’ treatment information. More than 30,000 reports regarding privacy violations are received each year.
  • Insiders are also remaining a constant challenge for healthcare, accounting for 96 incidents or 41 percent of data breaches this year so far. More than 1.17 million patient records were breached by insider error or wrongdoing.

The information included in all the Privacy Day education has details for consumers, parents, teens, and businesses.  They cover connected homes, social media and helping families navigate the digital world we live in today while worrying about their data privacy.

Tune into the live event on LinkedIn Live https://staysafeonline.org/dpd19-live/ on the official Privacy Day – Monday, Jan 28.

No matter how you celebrate Privacy Day just make sure you share the message just how important that trust and privacy means when you take the time to learn about it.