Data Privacy Week, taking place January 27–31, 2025, is a yearly initiative dedicated to raising awareness about the importance of personal data protection. Celebrated worldwide in the final week of January, it aims to educate individuals and organizations about their data rights, emphasize the need for secure information management, and promote responsible data practices.
We all manage sensitive information every day. Data privacy is a shared responsibility, not just an IT concern. Whether accessing records, handling documents, or using email, we all play a critical role in safeguarding information.
Data privacy focuses on the right to safeguard personal information in the digital world. So what are some of the different types of protected data?
- Personally Identifiable Information (PII) includes any information that can identify an individual, such as names, Social Security numbers, addresses, phone numbers, or driver’s license numbers.
- Protected Health Information (PHI) includes medical records, insurance details, and any health-related data tied to an individual’s identity.
- Federal Tax Information (FTI) includes Social Security numbers, earnings, wages, payments from retirement income, filing status, tax refunds, and any other information on federal tax returns.
- Criminal Justice Information (CJIS) includes sensitive information about criminal activity, investigations, and individuals involved in the criminal justice system.
- Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of students' education records. FERPA applies to public and private schools, as well as state and local education agencies that receive federal funds.
- Financial information includes payment card data, bank account numbers, tax information, or any information related to financial transactions.
- 42 CFR Part 2 includes any information about a patient’s substance use disorder treatment.
How You Can Protect Your Data
- Be Able to Recognize and Report Phishing Emails: Use Gmail’s PhishAlarm button to Report a Suspicious Email.
- Think Before You Share: Verify requests for sensitive data and share only with authorized parties.
- Secure Your Workstations: Lock your devices when away from your desk and avoid using unfamiliar or public Wi-Fi to access sensitive information without being on a Virtual Private Network (VPN). A VPN creates a secure, encrypted connection between your device and the Internet, making it nearly impossible for hackers, third parties, or Internet service providers to intercept or exploit your data.
What Is Phishing?
Phishing occurs when cybercriminals send fake emails, social media messages or other communications to trick you into clicking on a harmful link or downloading a malicious attachment. These scams might try to steal your personal information, such as passwords or financial details, or install malware on your device.
Spot It Before You Click It
Whenever you see an email that seems a little suspicious, take a few seconds to assess it before clicking anything. Ask yourself these questions:
- Does it seem too good to be true? Surprise lottery wins or unbelievable offers are almost always scams.
- Is the language urgent or threatening? Phishing emails often use alarming phrases like immediate action required to push you into acting without thinking.
- Does it look poorly written? Typos, strange grammar or awkward phrasing are major red flags.
- Is the greeting generic? Emails addressed to Dear Customer instead of your name are likely phishing attempts.
- Does it ask for personal information? Legitimate organizations will never request sensitive details like passwords or Social Security numbers over email.
- Is there an unfamiliar link or attachment? Hover over hyperlinks (don’t click!) to see where they lead. If the URL looks suspicious, steer clear.
- Does the sender’s email address look off? Phishers often use email addresses with small misspellings, like pavpal.com instead of paypal.com or anazon.com instead of amazon.com. If you spot any of these signs, you’ve likely caught a phishing email.