2022 International Data Privacy Day: Top Ways to Prepare Your Organization for Data Security and Privacy in the New Year


By: David Cole, Nick Jajko and Heather Kuhn 

Each year on January 28th, the International Association of Privacy Professionals (IAPP) celebrates International Data Privacy Day. It was a day created to establish awareness about the importance of respecting privacy, safeguarding data, and enabling trust. It is also a good opportunity for organizations to review their practices at the beginning of the year to make sure they are compliant and ready for challenges of the year to come.  

With ransomware attacks, data breaches, and other security incidents continuing to rise, this is an area that demands serious attention now more than ever. So without further ado, here is our list of the top ways to prepare your organization on this International Data Privacy Day: 

  • Verify that your critical data is being backed up regularly, stored offsite, and capable of being restored quickly to protect against damage by ransomware attacks. 
  • Audit all systems to ensure they are fully patched and running the latest version of software to mitigate the risk of a cybersecurity attack due to open vulnerabilities. 
  • Review and update your Incident Response Plan or create one if you don’t have one yet. 
  • Rehearse your incident response procedures through a tabletop exercise
  • Review and update your Terms of Use and Privacy Policies on your website to make sure they align with your current practices and comply with applicable laws. 
  • Review your Written Information Security Plan (WISP), or develop one if you don’t have one, to comply with state or federal law requirements. 
  • Purchase cyber liability insurance to cover privacy event expenses for incidents like data breaches or ransomware attacks, as well as potential liability for third-party claims, or review your existing policy to ensure it provides adequate coverage for your organization’s risk. 
  • Review your data collection, use, storage and deletion practices for compliance with all applicable privacy laws such as the existing laws in California (and the amended law going into effect January 1, 2023) and the European Union, plus new privacy laws in Virginia and Colorado.  

Taking proactive steps like these will give your organization the best chance to protect against the ever-increasing cybersecurity threat landscape and the confidence to use data to add value rather than be afraid of it.

If you have any questions on how new and existing privacy and security requirements impact your organization, or if you need guidance on any of the recommended actions above, please contact David Cole, Nicholas Jajko, Heather Kuhn, or another attorney in our Data Security, Privacy & Technology practice group.