“Privacy is Paradise.” — Holly Hunter.
On January 28th 1981, the Council of Europe adopted Convention 108 as its first legal instrument for data protection. Data Protection Day (in Europe) /Data Privacy Day (rest of the world) aims to spread awareness and drive privacy and data protection best practices. The objective is to encourage compliance with privacy regulations and kindle the dialogue between stakeholders, including private individuals, employees, academia, governments, non-profit organisations regulators, and businesses.
With the rapid growth of technology and the increasing amount of personal data being shared and stored online, data privacy and data protection have become one of the central considerations of our time. Unfortunately, data breaches and cybercrime are becoming more common, making data protection and cyber security more important than ever.
Organisations must understand the complex nature of managing privacy and personal data, as the consequences of getting it wrong can be severe. Misuse, loss, or breach of data can result in a loss of trust, grave commercial damage, and legal and regulatory repercussions. However, when managed correctly, responsible and ethical handling of personal data can lead to business opportunities and enhanced trust. Building trust through responsible data use is vital for the long-term success of any organisation.
The exponential rise in remote ‘distributed’ working arrangements in recent years ( be it from home, holiday rentals, a friends house, or a co-working space) saw Swiss data protection authorities and SECO (Staatssekretariat für Wirtschaft) publish corresponding data protection recommendations, see below. These should be observed by both businesses and employees to protect personal and commercial data alike. In addition, the Federal Office of Justice (FOJ) announced that the expected date of entry into force of the revised Federal Act on Data Protection (FADP) in Switzerland is September 2023. (An update will follow shortly.)
- Employers shall implement Internal arrangements/agreements on remote working practices.
- Vigilance is vital in protecting sensitive data at home or in another working location, including commuting/travelling (do not let others view your screen, shut down, screen lock.
- A distinct division of personal and business use of technology, computers etc., shall be practised.
- Regular upgrades and current antivirus software.
- Strong passwords frequently changed and secure connections to prevent unauthorised access to company data.
- No use of third-party WLANs.
- Only use secure VPN connections.
- Any data breach must be immediately reported to your manager, as a string of legal repercussions will trigger within extremely tight timelines.
- Safeguarding against phishing/trojans/cyberattacks.
- Employers to inform on spam emails, teams to share their knowledge on recognising unauthorised senders.
- Shredding documents.
- Disciplined and secure use of communications platforms and technologies.
With the rise of distributed working practices and significant advances in technology underpinned by stricter legislation on data protection, personnel, commercial businesses, enterprises, and governmental institutions need to stay vigilant and proactive to protect personal and sensitive data and ensure conformance with Swiss, European, and International data privacy laws and regulations.