Intro: 00:00

Are you ready to know what you don't know about Privacy Pros? Then you're in the right place.

Intro: 00:06

Welcome to the Privacy Pros Academy podcast by Kazient Privacy Experts. The podcast to launch progress and excel your career as a privacy pro.

Intro: 00:17

Hear about the latest news and developments in the world of privacy. Discover fascinating insights from leading global privacy professionals and hear real stories and top tips from the people who've been where you want to get to.

Intro: 00:32

We're an official IAPP training partner.

Intro: 00:36

We've trained people in over 137 countries and counting.

Intro: 00:41

So whether you're thinking about starting a career in data privacy or you're an experienced professional, this is the podcast for you.

Jamal: 00:57

Today's discussion we're going to take a little deep dive into what is actually data privacy. How do we understand how that actually plays a part in our lives? Are there any laws responsible? And what implications does it have on society? And then how does it actually have an implication on me? And how can I educate myself on the latest threats and scams so I can keep myself protected? And if you're a business, then obviously what responsibilities do you have as a business to make sure you keep that information safe? So let's get straight into it today. Today I want to start off by looking at a few different things, as I just mentioned. And the first thing I want to understand is, what is data privacy? Let's get into understanding data privacy and let's have a look at what the actual definition of that is. So when we talk about data privacy, what we're really talking about is the protection of personal information that's collected, stored, and used by businesses and other organizations. And the goal of data privacy is to make sure that when you give up your personal information, when you share your personal information with an organization, when you trust that organization with your personal information, that they actually handle that in a way that's responsible. And not just responsible, but also ethical. And as you might have heard the words or the letters GDPR, GDPR, GDPR being bounced around, data privacy also involves complying with lots of different laws and regulations, and we'll have a light touch on that in a little while as well. Now I want to talk about the different types of personal data. So when we talk about data privacy and data, it just sounds like just some random words, but what is actually personal information? So the law talks about personally identifiable information. That means that's any information that can directly identify you, that could be your name, it could be your address, it could be your phone number, it could even be an email address.

Jamal: 02:51

And it's not just as simple as that, because it could be a photo, it could be a video, it could be your phone device number. And it can get really complicated, but there's lots of different types of information. So we've got your normal personal information that we just discussed, but we also have sensitive personal information. And that's information that can reveal things about your life as an individual, such as your race, your ethnicity, your religion, your sexual orientation, information about your health. And some of this information, if it's not protected, could lead to people discriminating against you. And therefore when you look at the law, the law does also afford greater levels of protection for sensitive personal information. So that's personal identifiable information, sensitive personal information. Then we have behavioural data, that's data that's related to an individual's online activities, your preferences, your habits, such as your browsing history and your purchase history, and also what you're looking for. And then we have geolocation data so that's information about your physical location, where are you actually right now, and that's information that's collected through your mobile phones, your laptops, or any other GPS enabled wearables that you might be wearing. And all of this information is collected in lots of different ways. We give that information when we fill out forms online. When you register to create an account on a website. Every time you go on a website, you also have these cookie banners and then you have cookies and other tracking technologies on websites and apps that are following you around and having a look at exactly what it is that you do and how you do it and how long you're doing it for, and then sharing that information with other. And that's what we want to think about is where is my information going? Who is actually sharing this information and why do they have it? Then you've got your social media platforms, they're also collecting information about you based on what you're putting out there, based on what you're posting, and also based on the content and the profiles that you're actually interacting with. And then of course we have our public records, your databases and third party data brokers who are collecting information that's available on those records.

Jamal: 05:02

And now we have so many devices that are connected to the internet, so we've got SMART appliances and the data is collected via those things as well. So the question is, why are organizations, why are they collecting so much information? Every time I do something, it seems that some information is being collected about me and taken somewhere. So what is the purpose for this? Is there any good or is it all for fraud and other bad stuff like that? So there are actually lots of good uses. So for example, if I go on a website, they can use those cookies to learn more about me, so they can personalize those services to me and give me specific recommendations. So let's say I'm browsing online, maybe I'm interested in buying a new smartphone. So I think I would be more interested in seeing adverts and information in relation to smartphones rather than seeing random adverts of, let's say lipstick or perfume. So, personalization of services and recommendations actually makes our online experience a little bit more better and a little bit more streamlined and personalized to what it is that we're actually interested in. It's also used by businesses and other organizations for marketing and advertising purposes. If you know what someone is interested in, or if someone knows what you're interested in, they're more likely to be able to show you things that will be of interest to you, and therefore market and advertise you things that are more likely to capture your attention. And if they know that about you, they also know that about everybody else that's visiting their site or interacting with them. And therefore they can offer the things that would be relevant to people, instead of spamming people and annoying them with things that have no interest to you or them.

Jamal: 06:42

ll across Europe since around: 2016

Jamal: 08:21

It really came to light in: 2018

Jamal: 11:03

If you look at the adverts on the latest Apple iPhone, Apple have understood that privacy is very important to people. People really care about their information. Now, there used to be a time when people didn't care. People used to be like, wel, I've got nothing to hide. But actually, people are realizing more and more now. They don't want people to know everything about them. They don't want businesses to be spying on them. And therefore, Apple is selling out on all of its latest phones by telling you, hey, we respect your privacy, and we're going to make sure that when you use our phone, your privacy is protected. Now, whether that's the case or not, that's another conversation for another day. But we can see privacy is becoming more and more important. And what we're moving into now is the age of privacy or the privacy paradigm. Now, sometimes I'll get family members asking me, well, you've been talking about privacy, but what do you actually mean? So let me explain that before we get into the importance of privacy and the impact it actually has on individuals. Imagine when you come home, or imagine going to your house. When you go to your house, you get to the front door, but you can't get in. You need a key to get into the house because you have security, you have padlocks, you have locks. That stops people from coming into your space and taking things away, or that stops people coming into your space and staying there when you don't want them to. But you also have windows. And on those windows, you have curtains or blinds, and you draw those blinds. And even inside your house, you have separate rooms. And in those rooms, you have doors, and you might have separate locks. The reason for that is not only do you not want people to come and take things away, but you also don't want people to see what you're doing. You don't want people to see what time you get into bed and what time you wake up. You don't want everyone to know what you're having for breakfast, how long it took you to cook that breakfast, what you're doing with your time. Are you reading a book? Which book are you reading? How long have you been reading that book for? Are you now on the phone to someone? Who are you talking to? How long are you talking to them for? What time do you go to the gym? What time do you come back? We are very private with our information. We don't want every single person out there or businesses out there to understand what we're doing with every second of our time. And that's exactly what happens sometimes when we have our devices. There's cookies on there and they're monitoring everything you're doing with your smartphone all of the time, including what you're looking at, how long you've been looking at it for, who you're talking to, how quickly you reply to their messages, how long you take to respond to them, what groups that person's in, what other things those people are interested in.

Jamal: 13:35

g, the GDPR came to Europe in: 2016

Jamal: 15:31

And that's why the right to privacy is so important. When you impact someone's right to privacy, you start impacting on all of the other rights as well. Look at our brothers and sisters in China, the Uyghur community. It's no secret that they have their privacy violated. On occasions they have people living with them to observe what they're doing. You can imagine the consequences of having a stranger in your space the whole time, watching and observing what you're doing. And essentially, you don't need to have a person doing that anymore. You can do that through surveillance, you can do that through drones, you can do that through microphones, you can do that through other devices. And it starts getting quite creepy and scary what we see happening in some parts of the world and therefore it's important to make sure that we give individuals complete control over their personal information. So number one is the impact it has on individual is if you erode their right to privacy. If you start infringing on the right to privacy, you start infringing on all of their other civil liberties as well. The second thing I want to talk about when it comes to the impact on individuals is the prevention of identity theft and fraud. When personal data is protected properly, the risk of that identity theft and that financial fraud is significantly reduced. If we can make sure that we take steps to identify someone is who they say they are and then actually verify they are that right person, then all of these situations where people have the bank accounts wiped out, where people are taking out loans and mortgages and pretending to be them and causing them misery in their lives. We can overcome all of those things. We can also protect sensitive information, so we can safeguard people's sensitive information. Things like their medical records, things like their religion, things like their beliefs from unauthorized access. And when we do that, that helps to prevent discrimination, it helps to prevent harassment and other negative consequences and behaviour, somebody might experience if that information hasn't been protected. And also it helps with trust and confidence. When you know that a business is handling your personal data responsibly, then you are more likely to trust them and do business with them. And that encourages more individuals to engage in online activities without fear of privacy violations.

Jamal: 17:54

Those are the impacts that it has on individuals. I'm talking about now, the impact on businesses, what is the importance of data privacy and what is the impact it actually has on businesses? So there's four key impacts it has: legal compliance, reputation and brand image, competitive advantage and data driven decision making. So let's start off with legal compliance. Now we as businesses need to make sure that we're following all of the laws and regulations and this helps us to avoid fines, legal actions and other negative consequences such as operational disruption and reputational damage. It's very important that we look after our reputation because we work so hard as business owners and as business people to really do everything we can to enhance the reputation of our business. And something as simple as a data privacy fine could really cost the reputation that we've worked so hard to build up and that comes into brand image as well. So strong data privacy practices can enhance a company's reputation and attract customers who value privacy and data protection. And there was a recent study that was done that said that 62% of people, 62% of people will not buy something from a website or buy something from a business if they don't feel that the information is going to be kept safe and kept private. So you could be losing 62% of customers just by not giving them the assurance that when they come and shop with you or when they come and share their information with you, that you will actually protect it. And another recent study done this year actually showed 91%, 91% of information care about their personal information, or 96% of individuals are worried about losing control over their personal information. So what does that actually mean to businesses? It means that most of the people you're going to be interacting with, most of the people that you want to do business with, actually care about their personal information, and they care about losing control or staying in control of that information. And if you want to increase business, if you want to do business in this day and age, moving forward, you need to make sure that people feel they can trust you. You need to inspire that confidence that people can trust you with their personal information moving forward. And that also leads to point number three, which is the competitive advantage.

Jamal: 20:11

As individuals become more aware of data privacy issues, the businesses that prioritize privacy can differentiate themselves from their competitors. So if you're looking at two businesses and you can see one has really put in the effort to make sure that they put a privacy notice up, show that how they're keeping your information safe, you're more likely to go and shop with them than you are the competitor than you are the other one that doesn't actually do that, even if it means paying a little bit more. And also, from a business point of view, you can actually make data driven decisions by making sure that you have good privacy, can lead to higher quality data. And when you have higher quality data, you can actually make better decisions and have more effective business strategies. So that's the impact it has on businesses. What is the impact data privacy has on society? So it impacts digital divide and inclusivity, our democracy and free speech, the ethical use of data, and also innovation and growth. Let's start off by looking at the digital divide and inclusivity. When we have strong data privacy practices this can help bridge that digital divide by making sure that people who are often marginalized, people who are often vulnerable, also feel comfortable engaging in online activities without fear of privacy violations. People should feel comfortable that any information that they share is shared in a way that's private and it's not going to actually be exposed. It's not going to be shared with someone they don't want to be shared to, it's not going to be made public. And when we do that, those people who are vulnerable or often marginalized, we can actually make them feel included and we can overcome the digital divide. The second thing I want to talk about, about when I societal implications is democracy and free speech. Now, the protection of personal information is critical. It's critical for preserving our democratic values as it enables us to express our opinions and access information without fear of surveillance or retaliation. If we look back in history, back to the Second World War and what was happening in Nazi Germany, people were worried about being surveilled. People were worried about having an opinion that might go against the government and how that might impact them. Does that mean they're going to get beaten? Does that mean they're going to get thrown into prison? So we need to make sure that people understand the governments won't be surveilling them or retaliating if they have opinions that are different to that, and that's necessary in a democratic and free society.

Jamal: 22:46

Then we have to think about ethical use of data as well. So data privacy can promote the responsible and ethical use of personal information, and we can encourage businesses to consider the potential social implications of collecting their data and how they actually use them in practice. And finally, innovation and growth. If we have a strong data privacy framework, then we can foster innovation in technology and digital services and create a level playing field for businesses so that individuals can now trust the new products and services that we're introducing to them and bringing to the table. And now what we want to talk about is online threats and risks. And I want to cover some common online threats that we face when we're sharing information. And I want to talk about phishing and social engineering. I want to talk about malicious software, I want to talk about ransomware, and I also want to talk about what are the consequences of not protecting that data. So the common online threats, we spoke about phishing and social engineering. What is phishing and social engineering? So phishing and social engineering is where a criminal or somebody with bad intention uses deceptive tactics to trick you into revealing information about yourself, such as your login details or your credit card numbers. Let me give you an example of someone who had recently reached out to me. I had an imam recently reach out to me saying that his WhatsApp was hacked by a social engineering attack. Now, this person is very well known in his niche for what he does, and there are people who respect him. And he's got lots of people in his phone book. And there was an account made on Twitter pretending to be some religious institution or pretending to be a university in Saudi Arabia. And they said, hey, we're really interested in having you come here and teach. We want you to teach our students. We're impressed by the work you do, and we want to communicate with you. The best way to do that would be on WhatsApp? So the imam, he was quite excited. He was like, you know what? Yeah, this would be great. I would love to go and serve and help people in Saudi Arabia. So he was very interested in having this meeting and they said, oh, look, by the way, WhatsApp video doesn't work in Saudi Arabia? So we're going to send you a code. When you get that code, give it to us so we can actually have that meeting. So this Imam is excited. The code comes in from WhatsApp. He shares the code, next thing he knows is his WhatsApp has been hijacked. It's been taken over. It's been taken over from social engineering. It wasn't actually a university in Saudi Arabia, it wasn't an educational institution, it was a trickster. And now they've got access to his whole phone book. Phishing and social engineering, that's the most common type of attack that you're going to come across.

Jamal: 25:27

You want to make sure that you understand how to protect yourself against that and we'll talk about that a little bit later on. So examples of that could include fake emails, fake websites or messages that appear to be from a legitimate source, but they're actually designed to steal information. So make sure you keep a lookout for it. If it's too good to be true, it probably is. The next thing I want to talk about is malware. Malware is malicious software that's designed to infiltrate or damage computer systems, networks or devices. And this includes viruses, worms, Trojans, ransomware and other spyware. And we need to make sure that we protect ourselves against clicking any of those suspicious links that would download some of that malicious software or putting anything into or devices that's also going to be equipped with that kind of malicious software. And ransomware that's the next thing I want to talk about. That's a type of malicious software that encrypts the files on your computer or your device, which means that you can no longer access them until a ransom is paid. And ransomware attacks can cause significant financial employee operational losses as well as reputational damage. If we don't protect the data, if business don't protect the data, if we don't take responsibility to protect that data, then it can lead to lots of negative consequences. The first one being identity theft. That's where someone uses your personal information to commit fraud or other crimes, pretending that they are you. It could be someone taking out a mobile phone name, a mobile phone contract under your name. It could be them taking out a loan for lots of money. It could be them purchasing a car, it could be them setting up lots of bank accounts and everyone else will think that that's actually you that's done that and therefore you will be responsible for anything someone's done whilst they've pretended to be you. And this can include huge consequences such as financial losses, damage to your credit scores. And think about all of that emotional distress that you're going to have to go through as you try and repair this and figure out the extent of the damage that's actually been done, then you will actually have financial loss. That's where someone's got unauthorized access to your bank accounts, to your credit cards and to your other financial accounts. And they've emptied out all of your accounts and made purchase that you now have to pay off but has nothing to do with you. And these losses can incur indirectly too. It could be through intellectual property or trade secrets. It causes lots of damage to reputation. Data breaches or privacy violations can lead to negative publicity, loss of trust and damage to an individual's reputation or if you’re a business, damage to your business reputation. And to go and try and repair that reputational damage can often be lengthy and a costly process.

Jamal: 28:19

and case studies. So, back in: 2017

Jamal: 30:27

And that brings me on to my last point, which is all about staying educated, keeping ourselves educated on all of the latest threats and scams. So make sure you stay informed about the latest online threats, the phishing attack and scams by following reputable news sources. And you can follow me on LinkedIn. I have shared this every week, once a week. One of the things that you might have seen recently is someone saying, hey mom, I've lost my phone. Can you text me on this number? Or somebody pretending to be PayPal and saying you need to access your account for some reason or the other, or even Royal Mail. So we can see there's lots of different threats, and by knowing about these threats, we can actually protect ourselves against them. Second thing I want to say is be cautious of unsolicited emails, messages or phone calls calling you up, asking you for personal information. Make sure you verify the authenticity of the person before you provide them with any information. Oftentimes you'll get an email or a message or a phone call pretending to be someone, pretending to be a business that you've engaged and asking you for lots of information under pressure. Remember, if it's too good to be true or if you're expecting something from someone you're not supposed to be hearing from, challenge them, verify them, and hang up and call back on the official number that you find on a website using a different phone. You can also report suspected scams or phishing attempts using the appropriate authorities, such as the Information Commissioner's office or even your local law enforcement agency. All right, so the next thing I want to talk about is what is the role businesses and organizations play when it comes to making sure that personal information is protected?

Jamal: 32:03

And I want to talk, first of all, about privacy by design. As a business, as an organization, as a school, as anyone who is collecting information of other people, I want you to think about privacy by design. Privacy by design is where we take a proactive approach that integrates the data protection principles and considerations into the design phase as we're developing products, as we're developing services and business processes. And key principles of privacy, by design, include only collecting the amount of information that we actually really need to be able to fulfil that purpose, making sure that any information that we collect is only used for that purpose. And being transparent about what we do and how we're doing it and making sure that we keep the user central to all decisions that we make. And thirdly, when it comes to privacy by design, by implementing privacy by design, businesses can comply with data protection regulations, minimize the risk of data breaches, and also it helps to build trust with our customers. So the first thing I want you to think about is how am I putting privacy at the heart of everything that we do, especially when it comes to designing a new product or a service. Then as businesses, we want to make sure that we implement robust security measures. So we want to make sure we use encryption to protect information and that's information that's both traveling when we're sharing you with someone but also at rest, we want to make sure we have strong access controls so we limit information and we limit who can access that information within the business. Everybody doesn't need to see everything, so we need to make sure we have good access controls in place and we need to regularly review those who have control. We also want to develop and maintain comprehensive cybersecurity plans, including how we deal with an incident and what recovery procedures we have in place if something should go wrong, it's not a matter of if, it's a matter of when. So when something does go wrong, we need to make sure that we can respond.

Jamal: 34:00

And also we want to make sure that we are transparent with what we do as businesses and that we're being held accountable and we're holding ourselves accountable. So be transparent with your customers, with your clients, with your employees, with your staff, with your pupils, about what information you're collecting, how you're collecting it, who you're going to be sharing that information with. Make sure you provide clear and plain language privacy notices so people can actually understand what's happening. Establish and maintain a culture of accountability within the business. Make sure all employees understand the importance of data privacy and their responsibilities when it comes to keeping that information protected. If required, make sure you appoint a data protection officer or someone who is a responsible individual that will oversee all of your organization's data privacy compliances and practices and let you know if there's anything wrong. And the other thing I want to talk about is training and awareness for the programs and your employees. It frustrates me the amount of times an incident takes place or a problem happens because an organization hasn't actually trained their employees. Remember, your chain is only going to be as strong as your weakest link. Your business is only going to be as protected as your weakest employee. And when I say weakest employee, I mean someone that doesn't actually understand their responsibilities. When it comes to protecting personal information, we need to make sure that we provide as business owners, as businesses, as responsible individuals running organizations, provide regular training and awareness programs for employees on all things to do with protecting data, on how to keep it safe and how to keep it secure, and best practices. Educate your employees about common online threats such as phishing and social engineering attacks, and teach them how to recognize and report suspicious activities. And make sure you engage a culture of vigilance and continuous learning. And make sure that all of your teams stay up to date with the latest data privacy developments and requirements.

Jamal: 36:02

And that covers pretty much everything I wanted to talk about today. So my final thoughts on this are number one, data privacy is essential for protecting individual rights and freedoms, maintaining trust, especially when it comes to digital services, and fostering innovation. There are various online threats and risks such as phishing, malicious software, ransomware that can compromise personal data and lead to negative consequences. And three, we need to adopt best practices, such as using strong passwords, enabling multifactor authentication, and being cautious about how and who we share personal information with, and making sure that we do everything we can to protect our data online. And it's a shared responsibility. The responsibility to keep our data private is a shared responsibility between us as individuals and also businesses and organizations. Individuals must take steps to protect their own data, and businesses must also implement robust security measures and also promote a culture of privacy, transparency, and accountability. And we need to make sure there's ongoing dialogue and awareness. It's critical and crucial to maintain an ongoing dialogue about data privacy and stay informed about the latest threats, technologies and regulations. And by working together, by working together and prioritizing data privacy, we can create a safer and more secure digital environment for everyone. And if we all work together, then we can have a world where every woman, every man, and every child can enjoy freedom over their personal information wherever they travel in the world. And that's exactly what I'm here and what I'm committed to doing.

Outro: 37:46

If you enjoyed this episode, be sure to subscribe, like and share so you're notified when a new episode is released.

Outro: 37:54

Remember to join the Privacy Pros Academy Facebook group where we answer your questions.

Outro: 37:59

Thank you so much for listening. I hope you're leaving with some great things that will add value on your journey as a world class privacy pro.

Outro: 38:06

Please leave us a four- or five-star review.

Outro: 38:09

And if you'd like to appear on a future episode of our podcast or have a suggestion for a topic you'd like to hear more about, please send an email to team@kazient.co.uk

Outro: 38:21

Until next time, peace be with you.