Data privacy, in simplest terms, is the right to control how your personal information is collected and used. Although this may seem obvious, it hasn’t always been the case. With data being generated in mass amounts daily, it’s interesting that the earliest data protection laws like the Data Protection Act only started to emerge in the late nineteenth and early twentieth century. With Europe leading the way (and the global community following suit), the concept of data privacy continues to be a point of discussion for regulators and consumers around the world. In this article we will address some of the interesting facts you may have not known about data privacy.
5 Facts You Probably Didn’t Know About Data Privacy
1. Data Privacy Day is only 41 years young
As we kickstart this article in celebration of Data Privacy Day, let’s take a moment to recognize that it is only in its infancy. Originally known as Data Protection Day, this holiday is now celebrated in Canada, the United States, and 27 countries in the European Union. The basis of this holiday is to shed light on the importance of data protection and promote best practices.
Data Privacy Day, January 28th annually, is significant because it marks the day that the Council of Europe opened the Convention for Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) in 1981. This holiday only started being observed in the US in 2009 to promote data privacy awareness – a worthwhile endeavor, if you ask us.
2. Before there was digital consumption of personal data, it started with the census
It’s almost hard to believe that there was a time when data was’t collected digitally. Before computers, the primary form of data collection by the federal government was through the census. The first census was conducted in the US in 1790, which only asked four questions. By 1860, the number of questions increased and became more personal. At the time, the information collected was posted publicly so that people could verify any errors. However, by the 1870s the government halted this practice. As time went on the data collection practices used during these censuses were stopped because information about disabilities, finances, and diseases were shared and caused public outcry This ultimately led to the upcoming centuries implementing stricter data privacy laws.
3. In Canada, there are two federal privacy acts
Known as the Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA), these policies identify how entities can use personal information and what processes must be deployed to protect collected data. Furthermore, these acts also include the steps needed to mitigate potential data breaches. Canadian companies processing EU citizen data are also required to comply with global privacy laws such as the GDPR, which require that any business handling EU citizen data adhere to their regulations.
4. What counts as sensitive, personal, or PII data varies across regulations
As the world becomes increasingly digital, keeping up with new regulations is a challenge. What counts as sensitive, personal, or PII data varies across regulations. Sensitive data is considered confidential and must be completely out of reach except for those who have access permission. Whereas, personal data includes non-sensitive information and PII may or may not include non-sensitive information. Not understanding what your rights are as a consumer, what businesses are held responsible for when dealing with personal identifiable information (PII), and what to consider if you are working with data can leave room for unwanted consequences such as data breaches.
5. Companies that operate business abroad, are not exempt from their home country’s data privacy laws
It’s no surprise that many companies in Canada have made their headquarters and/or operate in other countries. What many companies don’t realize is that they must still comply with data privacy laws in Canada. Failure to comply can result in million-dollar fines. Examples of data privacy laws we have today are regulations such as the GDPR, HIPAA, and many more. You can also utilize online cyber incident response resources for guidelines on what steps to plan ahead for.
Data privacy is important
In order to remain in good standing with data privacy protocols, the processing of your PII shouldn’t be taken lightly. As consumers, businesses, and employees, we have the power to protect our data, our customers’ data, and in turn our digital and physical safety.
Coming up next on Private AI’s webinar: CEO Patricia Thaine sits down with Professor Graham Taylor, Canada CIFAR AI Chair. Register here for your free tickets.