Connect

January 22-28 is Data Privacy Week. To learn more about the importance of data privacy, Connect chatted with Phil Napier, Director, Health System Information Security. For the past ten years, he has focused exclusively on information security and has some wonderful advice on how to stay safe online. 

What is Data Privacy Week and why is it important?

Napier: While the roots of Data Privacy Week can be dated back to 1981, it formally began as a full week event in the United States last year. The National CyberSecurity Alliance established Data Privacy Week in the United States to align with International Data Privacy day on Jan. 28. It is a week-long effort to educate users about online privacy, how to identify whether their personal information is being used, ways to limit or control how your personal information is used by an app, and measures that can be taken to prevent data breaches.

It is important because our personal data is everywhere. Something as simple as a retail “discount card” (or in today’s world, an online app that allows you to make purchases from a retailer) results in your data potentially being stored in multiple online repositories. Your name, address, phone number, date of birth, and other information is shared not only with that retailer, but also with the company who manages the discount card program, and likely, many of their affiliates. Your computer, smartphone, and pretty much every other internet-connected device (which might even include your wristwatch or car) gathers and stores some of your personal information! But you have more and more choices when it comes to how this data is collected, shared, and sold.

How can I protect my data?

Napier: The short answer is be more aware of the data you are sharing with others online and don’t share any more information than is absolutely necessary. Sound familiar? It’s very similar to a fundamental principle established with HIPAA — “minimum necessary” — store only the minimum data required to accomplish your mission. 

With respect to protecting YOUR data, only provide the minimum data that’s required; be aware of the data you are sharing (Why do apps always ask for your birthday and address? Do they really “need” that information?); and leverage options to limit what data you share with an app — that might also be shared with others. 

There are more and more options to limit what data is shared with third parties (i.e., data you provide an app/company, who then sells or shares that data with others).

The National CyberSecurity Alliance has excellent resources to strengthen your own personal “privacy posture.” 

What can we do here at UVA Health to protect data?

Napier: Follow the “core 4” principles highlighted by the National CyberSecurity Alliance:

• Wherever possible — create long (at least 12 characters), unique passwords for each account and device. 
• Use multifactor authentication (MFA) wherever it is available. (We have many applications where MFA is required to better protect UVA Health and patient data.) This keeps your data safe even if your password is compromised. 
• Use a UVA Health-issued and -managed computer. They are configured to automatically get tested/validated updates. For personal devices you might use when away from the office, make sure they are configured for automatic device, software, and browser updates, or make sure you install updates as soon as they are available.
• Learn how to identify phishing messages, which can be sent as emails, texts, or direct messages

Learn more about Data Privacy Week on UVA Health’s intranet site.