by Jim Havron, Archivist
Data Privacy Day, known as Data Protection Day in Europe, is “celebrated” by 49 different countries on January 28th each year. In the United States, programs are led by the National Cyber Security Alliance (NCSA) with the support of both houses of Congress, the Department of Homeland Security, and private organizations. The purpose of the day is to promote best practices in data protection and privacy for individuals, businesses, nonprofit organizations, and government entities. Archives, museums, and other cultural heritage preservation institutions generally fit into at least one of these categories.
Apart from my work as an archivist, I am an information systems/cybersecurity professional, a field I entered specifically to help protect and preserve cultural heritage. In the past few years I have done threat and risk assessment, security consultation, data security, and data recovery for a number of nonprofit organizations. I have discovered most of the people for whom I provided services, as well as many people with whom I speak at professional conferences or when doing workshops, fail to see privacy as an issue that needs to be addressed on an institutional level. There is room for a great deal of discussion on this topic, but for this day of data privacy/protection awareness, I would like to suggest the following points for consideration by those of us involved in archives, museums, or other cultural heritage preservation fields.
- Privacy can generally be equated, at least in part, with confidentiality. Confidentiality is one of the three cornerstones of cybersecurity (the CIA of cybersecurity.) The others are integrity of data and accessibility of data. In the cyber/digital world, confidentiality cannot be separated from integrity or accessibility. If one does not have confidentiality (i.e. privacy) in respect to data, one cannot guarantee the integrity of the data or its ready accessibility.
- Privacy practices affect trust. In the world of cultural heritage preservation, as with cybersecurity and data protection, trust is a vital component of what we do. Donors must trust that any confidential information will remain confidential. Researchers and visitors must be able to trust in the integrity and authenticity of what is preserved and presented. Staff must be able to rely upon storage and security technology, as well as third-party vendors, to protect the integrity and privacy of stored data and any data that is used in communication and access of material.
- The largest source of data breaches and security compromise in the United States (and the world, as well as can be determined) is through compromise of individual accounts or devices. The primary means of compromising individual accounts or devices is through obtaining and leveraging private information. Poor privacy practices by individuals have led to security breaches that have cost billions of dollars at a time.
- Privacy and security on mobile devices is far less assured that on desktops and traditional networks. Recent studies suggest that around 65% (54%-78% range in studies) of work that was once done on desktop computers is now done from mobile devices. On average, 85% of mobile apps require access to at least one source of private information that is not required for the app to actually function properly, and almost 100% require the ability to write data to the device, but with no restrictions on what or where it is written. In addition, there is no public app approval process (including those of Apple, Android, Facebook, etc.) that includes an inspection of the code of the proposed application. Mobile apps are not vetted for code that violates security and privacy before being distributed.
There are many issues related to privacy that must be addressed in the world of cultural heritage preservation. Privacy (or protection) of electronic data is just one, but it is rapidly becoming the overarching area of concern, if it isn’t already there. Data Privacy Day is a good day for students, professionals, researchers, visitors, teachers, curators, archivists, preservation professionals, or any concerned individual, to examine best practices in privacy and security. There will be future posts on some of these practices, and the Albert Gore Research Center can offer workshops or information sessions if requested. If you have suggestions or comments, please let us know.
More about the day and the National Cyber Security Alliance can be found at :https://staysafeonline.org/
(Jim Havron is a Certified Archivists, Digital Archives Specialist, and Comptia Security+ certified cybersecurity specialist)