This release was originally distributed by the Governor's Press Office. The original can be viewed on the Governor's website.
Governor Kathy Hochul today announced steps New Yorkers can take to safeguard themselves from having their personal data compromised online. In recognition of Data Privacy Week, the State Office of Information Technology Services has teamed with other state agencies to promote techniques for protecting private data including raising awareness of phishing schemes, using strong passwords, and exhibiting greater caution with information shared on social media.
"All too often, New Yorkers fall victim to online criminals because they don't take basic steps needed to protect their personal data," Governor Hochul said. "During Data Privacy Week, we are raising greater awareness of these schemes and urging all New Yorkers to protect themselves and their personal information to avoid becoming a target of these unscrupulous actors."
Starting on January 22, Data Privacy Week is aimed at spreading awareness about online privacy among individuals and organizations. The goal is to educate the public on how to safely manage their personal information online and to help businesses and other organizations understand the importance of respecting their users' data.
This year, New York State was named a Data Privacy Champion by the National Cybersecurity Alliance, a non-profit organization that promotes cyber security, privacy, education, and awareness. This designation recognizes the state's commitment to supporting the principle that all organizations share the responsibility of being conscientious stewards of personal information.
Governor Hochul also announced an expansion of state investments in cybersecurity initiatives in her State of the State address, which will further secure and protect New York's critical infrastructure.
ITS Chief Information Officer Angelo "Tony" Riddick said, "Under Governor Hochul's leadership, New York State continues to safeguard personal information and educate on steps to minimize cyber risk to prevent New Yorkers from falling prey to data thieves. In an even more connected world as the workforce continues to use remote tools, National Data Privacy Week reminds us of the effective steps we must take to protect our information and remain vigilant against cybercrime."
As part of statewide efforts to guard against potential data breaches, Governor Hochul appointed Michele Jones to serve as the first-ever chief privacy officer at the State Office of Information Technology Services. She is responsible for driving the State's strategy in protecting the personal and confidential data of New Yorkers amid a rise in digital service offerings and new data privacy laws and regulations.
ITS Chief Privacy Officer Michele Jones said, "I'm very excited about the opportunity to lead and coordinate New York's efforts around data privacy as the State deals with new and emerging privacy standards. During Data Privacy Week and every day, I will continue to encourage all New Yorkers to stay vigilant with their personal online security and follow our best practices and tips."
Online activity generates vast trails of data. Websites, apps, and services collect information on behaviors, interests, and purchases, as well as other sensitive data such as Social Security and driver's license numbers or health information.
Failing to take adequate safeguards can leave this information exposed and raise the likelihood that it will fall into the wrong hands. New Yorkers can keep their sensitive personal information private and secure by:
- Being wary of unsolicited emails and telephone calls asking for personal information. Never share personal information, such as your Social Security number, in response to an unsolicited email or telephone call. If the email or call claims to be from a company with which you do business, call it first to confirm the contact is legitimate.
- Keeping devices updated. Enable automatic updates for your devices and applications, including mobile devices. Use security features built into the device, such as a passcode, and programs that encrypt data and remotely eliminate contents if the device is lost or stolen.
- Being careful with Wi-Fi hotspots. Public wireless hotspots may not be secure and can potentially allow others to monitor online activity, especially if it is unencrypted - ensure your connection to your website is secure, and for extra protection use a virtual private network.
- Limiting personal data collected by mobile apps. Limit the data you allow to be collected on to the minimum required, such as by limiting location services to "only when using the app" and not allowing personal information such as email to be shared with third parties. Consider the app's privacy policies before downloading.
- Being cautious about the information shared on social media. Avoid posting birthdates, telephone numbers, home addresses, or images that identify employment or hobbies. This information may often reveal answers to security questions used to reset passwords and can be utilized by scammers looking to access accounts and personal information.
- Using strong passwords. Create different complex passwords for every account. Consider passphrases made of up multiple short words which are easy to remember but difficult for a computer to guess, like "Correct-Horse-Battery-Staple!". Consider using a password manager which can help generate and securely store passwords.
- Using hard to guess security question answers. Select security questions with answers that cannot be guessed or found by searching social media or the internet.
- Using multifactor authentication to access accounts. A password and another factor, such as a code from an app on your phone, make it much harder for your account to be hacked.
- Being aware of phishing schemes. Don't click on links, download files, or open attachments in emails from unknown senders. Open attachments only when they are expected, and the contents are known.
Chief Cyber Officer Colin Ahern said, "New York is taking a leadership role in privacy and cybersecurity under Governor Hochul's direction. The recommendations provided can help New Yorkers protect their private data."
Acting Commissioner of the State Department of Taxation and Finance Amanda Hiller said, "By using advanced encryption, firewalls, intrusion-detection systems, and other security measures, the New York State Tax Department safeguards confidential data and the integrity of its systems, but it's crucial that all New Yorkers follow the guidance above to help shield their sensitive personal information from cyber criminals."
Superintendent of the State Department of Financial Services Adrienne A. Harris said, "As we mark Data Privacy Day, we must remember the importance of being vigilant in protecting our personal and financial information in today's interconnected, digital society. DFS will continue to lead the nation in cybersecurity requirements and best practices for the financial sector to strengthen our defenses against cyber risk and safeguard data for regulated entities."
Division of Homeland Security and Emergency Services Commissioner Jackie Bray said, "We are all so reliant on our technology every day and losing access to accounts or having personal data stolen because of a malicious act can be extremely disruptive. By taking a few simple steps, we can prevent our private information from becoming compromised and susceptible to cybercrimes. The minor nuisance of having different strong passwords is worth the peace of mind to know you've done what you can to keep your accounts safe."
Secretary of State Robert J. Rodriguez said, "Consumers are using the digital marketplace more and more each year to buy the most basic goods and services. It is important to remember that the convenience of shopping online comes with the inherent risk of cyber criminals that lurk online seeking to steal money and your identity for their benefit. Today we commemorate National Data Privacy Day by reminding New Yorkers to safeguard their online privacy. Even small steps, such as frequent password changes, go a long way to remaining vigilant in thwarting cyber criminals and identity theft."
About Data Privacy Week
Data Privacy Week began as Data Privacy Day in the U.S. and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.