Team Traceable
Traceable Announces Commitment to Respecting Data by Becoming a 2023 Data Privacy Week Champion
This year’s initiative emphasizes educating businesses on data collection best practices that respect data privacy and promoting transparency.
Data Privacy Week is an annual expanded effort from Data Privacy Day — taking place from January 22 – 28, 2023. The goal of Data Privacy Week is to spread awareness about online privacy among individuals and organizations. The goal is twofold: to help citizens understand that they have the power to manage their data and to help organizations understand why it is important that they respect their users’ data.
Let’s start with the basics. All information is provided by the National Cybersecurity Alliance, in honor of Data Privacy Week.
What is Data Privacy?
The sheer volume of data generated about you and your activities online is staggering, which is why data privacy has become a defining issue of our digital age. Even if you don’t care very much, thousands of businesses across the globe pay top dollar to learn about you through this data.
Your online data can be categorized in certain ways. First, there is personal information like your name, birthdate, and Social Security number. There is also important information about you like your medical records and credit card numbers.
Then there is data about what you do online, like what websites you visit, what products you buy online, and who you communicate with on social media. This data can be extremely granular, like how many seconds you spend looking at a webpage before clicking to something else. Advertisers and other businesses prize this sort of data because they can better target ads and products toward you.
Often, this data is anonymized when sold, meaning an advertiser won’t know the specific name of the person who clicked on a link. But a cross-section of data about you can be added together to try to personalize ads to you.
Data privacy, then, is the right to keep your data private. Understand that you cannot keep all of your data private from everyone – the IRS, for example, must know how much money you make, or you will face unpleasant consequences. However, you should know your data privacy rights and, when you can, make choices to only share your data when you feel it is appropriate.
What Does API Security Mean for Data Privacy?
Now, more than ever, it’s important to understand the role of APIs in data privacy. Given that this year has started with some major API data breaches, it’s imperative that organizations prioritize API security in their 2023 plans.
APIs transmit huge amounts of sensitive data. Everything from PII, PHI and SSNs, to highly valuable financial information is transmitted and shared via API. And the privacy implications are very important.
Every application connects and communicates with an API, making them the linchpin of data-sharing. This includes the thousands of third parties, app developers, advertisers, that all have direct or indirect access to an API’s users.
This is where authentication and authorization comes into play.
Broken authentication and authorization in APIs can be dangerous for data privacy. AuthN and AuthZ are different for APIs, as APIs are distributed, not monolithic. Now, they consist of microservices distributed in cloud data centers. Each microservice is a self-contained server and data store, bundled together but separate from the application’s other functions. A client application, the one the user interacts with, makes API calls to the services it requires to do its job.
Authentication and authorization look entirely different under this new distributed model. Since each microservice has a data store, a session created in one has no meaning to another. API calls would constantly break if the application depended on a single session ID created by the first server an application happened to call.
Is Data Privacy the same as Cybersecurity?
Data privacy and cybersecurity are different fields, but they go together. Data privacy revolves around rules, guidelines, and your own personal choices about who has access to your data, and how much access they have. Cybersecurity is focused on preventing and solving threats like hackings, malware, and online scams.
Bad actors often exploit cybersecurity vulnerabilities, though, to get data – it is that valuable. A lot of cybersecurity is about keeping your data safe. Data privacy, on the other hand, is about your right to keep your data safe, especially from those who aren’t cybercriminals, like websites and businesses.
Why Data Privacy is Important
You might be thinking that all your data is already out there, who cares who sees it? Why do I care if an advertiser knows what shoes I just bought through social media?
Think about this: have you ever been creeped out after using a search engine and then suddenly all the ads on the websites you visit are about the thing you searched? Do you want unscrupulous marketers to have your phone number so they can call you constantly?
There is probably some data you really don’t want others to have full access to, like your emails. However, if you don’t pay attention to your data privacy, you might download a program or plug-in that scans your email for data and sells it to advertisers. Even if the plug-in provides a decent service, like easily allowing you to unsubscribe from promotional emails, you might think twice about giving the service total access to your email inbox if you know that they sell your data.
With technology, there is always a trade-off between privacy and convenience. A maps app, for example, needs to know your current location to give you directions. In many cases, though, you can choose how much data you want to share. This is where knowing about data privacy can help you make decisions and form habits. Believe us, finding peace of mind by being more aware of your data privacy is worth it.
The National Cybersecurity Alliance has offered up the following themes to help guide individuals and businesses to better data privacy practices:
Data: The Story of You
All your online activity generates a trail of data. Websites, apps, and services collect data on your behaviors, interests, and purchases. Sometimes, this includes personal data, like your Social Security and driver’s license numbers. It can even include data about your physical self, like health data – think about how a smartwatch counts and records how many steps you take.
While it’s true that you cannot control how each byte of data about you and your family is shared and processed, you are not helpless! In many cases, you can control how you share your data with a few simple steps. Remember, your data is precious, and you deserve to be selective about who you share it with!
For Businesses: Respect Privacy
Respecting the privacy of your customers, staff, and all other stakeholders is critical for inspiring trust and enhancing reputation. According to the Pew Research Center, 79% of U.S. adults report being concerned about the way their data is being used by companies. By being open about how you use data and respecting privacy, you can stand out from your competition.
Be transparent about how you collect, use, and share consumers’ personal information. Think about how the consumer may expect their data to be used. Design settings to protect their information by default. Communicate clearly and concisely to the public what privacy means to your organization, as well as the steps you take to achieve and maintain privacy.
For more information about Data Privacy Week and how to get involved, visit https://staysafeonline.org/programs/data-privacy-week/.
About Data Privacy Week
Data Privacy Week began as Data Privacy Day in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. NCA, the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness, leads the effort in North America each year. For more information, visit https://staysafeonline.org/data-privacy-week/.
About the National Cybersecurity Alliance
The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organizations from cybercrime. We create strong partnerships between governments and corporations to amplify our message and to foster a greater “digital” good. For more information, please visit https://staysafeonline.org.
About Traceable
Traceable is the industry’s leading API security platform that identifies APIs, evaluates API risk posture, stops API attacks, and provides deep analytics for threat hunting and forensic research. With visual depictions of API paths at the core of its technology, its platform applies the power of distributed tracing and machine learning models for API security across the entire development lifecycle. Visual depictions provide insight into user and API behaviors to understand anomalies and block API attacks, enabling organizations to be more secure and resilient. Learn more at traceable.ai.
