In 2006, the Council of Europe (CoE) decided to launch an annual Data Protection Day on 28 January. This date was chosen because on 28 January 1981, member countries could sign up to the CoE’s new data protection convention, known as ‘Convention 108’. This was the first binding legal instrument on data protection, and from 2008 other countries not part of the CoE were also able to sign up.
In 1981 there was no internet and a mobile phone only made phone calls and looked like a breezeblock. If you wanted to contact someone you called their home phone or you sent them a letter. If you wanted a private conversation you went to the nearest public phone box to call! If you had to hand over information you filled in forms by hand and took documents to offices to be photocopied. If you wanted to listen to music you turned on the radio or listened to cassettes (CDs only came out in 1982).
Quite simply, they saw the future. They may not have seen the detail of a connected world, voice-controlled AI assistants or a supercomputer in everyone’s pocket. But they saw how the increasingly data-driven world and advances in technology would require checks and balances to protect the individual. They were years ahead of their time.
Data Privacy Day is more relevant than ever given the advances in technology that mean almost anything can be connected to the internet, the way we live our lives online, and the fact that all this connectivity leaves a data trail. More people know more about you than ever before. DP Day is about raising awareness of privacy matters, both in your personal life and at work. Do you know what companies you deal with are doing with your information? Do you give away personal details without knowing what will happen to them? Do you look after the personal information you have about others, both at home and at work?
So on 28 January take a moment to reflect on who has your information and, if you’re concerned about how it’s being used, look for the privacy notices or privacy policies on company websites. If you’re asked for personal details, ask questions back about why it’s needed and what will happen to it. Key things to understand are whether it will be kept securely, whether it will be used for things you might not expect, and if it will be shared with anyone else.
If you’re filling in sensitive information online, like bank details or health information, check the website address starts with https: the ‘s’ indicates it is secure. Check what you’ve posted on social media: have you put out enough information for someone to take your details and pretend to be you? Think twice before posting your date of birth, address, phone number and photos of documents. One way to check you haven’t been a victim of identity fraud is to check your credit file at the different credit reference agencies (CRA). If you see checks against the file that you don’t recognise, you can ask the CRAs for more information and they have fraud teams to help if this has happened to you.
We may not realise it, but our personal information has great value to companies, and is the ‘cost’ of getting free products and services. We all have different views on our privacy and the trade-offs we’re willing to make to get the products and services. Make sure you know what’s in it for you, and that you’re happy with the trade off.
You may deal with other people’s personal information, particularly at work. Your company should have an internal policy or guidelines on how they handle personal information, so employees understand the rules. Don’t get caught out by social engineering: people who try to get information from you by email or over the phone by pretending to be someone else. With enough information and often by saying it’s urgent, they can be very convincing. If you’re being pressured to give out information, or you’re not sure who you’re talking to, go to your manager or other senior person.
Privacy and data protection can seem boring, complex and difficult to understand; information is often written in legalese; and it can be difficult to know what your rights and obligations are. Not many companies seem to be putting the consumer first. At Yoti we do, and we’re trying to get better at explaining our uses of your personal information.
We have come a long way since 1981 and privacy laws have needed tweaking and updating to deal with the massive changes in technology and data use. EU data protection law has had an overhaul with greater obligations on companies and strengthened rights for individuals, and comes into force in May 2018. Technology and society move so fast that some are saying it’s already out of date. But at its core are the same key principles that were founded in Convention 108 and which still form the basis of many data protection and privacy laws today.