Here’s what an expert says Marylanders must know about personal data protection in 2024

Do you own a cell phone or computer, or use online banking? Your personal data may be at risk.

That’s why The National Cybersecurity Alliance (NCA) was established in 2001 with a mission to create a more secure and interconnected world.

The third annual Data Privacy Week, which started Monday and continues through Saturday, is just one NCA-led initiative aimed at this goal. According to its website, the weeklong campaign aims to empower individuals to make informed decisions about who receives their data.

The theme for 2024 is “Taking Control of Your Data.” Within that focus, NCA encourages individuals and businesses to become champions of their own data privacy. To access some of the benefits of being a Data Privacy Week champion, users must fill out a brief form on the NCA site. Afterward, they promptly receive an email containing a toolkit including webpages, PDFs, video and a badge to post or let rot in your email inbox. Technical.ly is putting ours here:

A blue badge reads “Data Privacy Week” in the center and “2024 CHAMPION” on the bottom. (Courtesy National Cybersecurity Alliance)

Read NCA’s online safety and privacy basics

Beyond Data Privacy Week, actively protecting one’s online privacy is essential in today’s digital world. Take, for instance, “The Tale of Privacy Peyton,” a collaborative animated short by NCA and Consumer Reports.

How could individuals take control of our data?

Folks might wonder, “Isn’t cybersecurity handled by the government?”

The reality is that responsible agencies may not provide complete coverage and are susceptible to risks themselves.

So, individuals can start by using multi-factor authentication. That suggestion came from Joseph Carrigan, a senior security engineer at Johns Hopkins University’s Information Security Institute and cohost of “Hacking Humans,” a podcast focused on the human side of cybersecurity problems.

Technical.ly reached out to Carrigan in honor of Data Privacy Week. He got us up to speed with how we all can take control of our data. He started with the laws.

“Now in Europe, there is General Data Protection Regulation, which includes the right to be forgotten,” he said.

Carrigan noted that European Union citizens can say to Google, “Just delete all my data.” It’s their right to ask not to have their data shared.

In Maryland, we might not be able to do that, at least not yet.

“In California, there’s a law [called the] California Consumer Privacy Act [that] has similar provisions,” said Carrigan. “The Maryland law [Personal Information Protection Act] is just essentially a notification requirement that if your data is breached, the company becomes aware of the security event that impacts the American citizen or Maryland resident. They have to be notified and the information they have to, they have to tell you what is contained in that, in that law. There’s nothing that says I can go to Facebook and go delete all my data.”

Several Maryland lawmakers are trying to change this, as well as address other data privacy and consumer protection issues, with a slate of bills introduced in Annapolis on Wednesday. One of these four bills, the Maryland Online Data Privacy Act, would limit how much user data large tech companies collect, as well as establish benchmarks for protecting that data from cyber threats.

Carrigan suggested that there is a way for folks to delete personal data from social sites. However, he highlighted that there’s no foolproof method of auditing to ensure that the site has actually deleted the data. According to him, most sites are “scary good” at targeted ads, which is a huge reason why they want your data in the first place.

For more insights, Carrigan recommended listening to Episode 272 (11:40) of “Hacking Humans,” where a story prompted him to humorously express the desire to “put on a tinfoil hat.”

But going to that extreme may not be necessary. There are some areas where people do have more individual control, like password protection. Carrigan’s sentiments about multi-factor authentication haven’t changed.

“If you are reusing a password and not using multi-factor authentication like I think the vast majority of people do, then you’re vulnerable,” said Carrigan. “You should protect your data on these sites as you would any other important data and make sure that your data is protected with good password hygiene — Which means using long, strong and difficult, really not easy [to remember] passwords.”

Carrigan said your passwords should differ for every site; the best way to manage that, in his opinion, is to use a password manager.

Even with managers and products like YubiKey, which he recommends for protecting access to your computers, he said the laws are what might help us all take control of our data.

“We need a national data privacy law,” said Carrigan, who offered that criminalizing data theft may help. “But if we can’t get a national law … I think that a plethora of state laws would be helpful in moving discussion along.”