Privacy to the Extreme 

With readers all over the world, this email will reach people in wildly ranging climates today. As temperatures reach extreme highs in the Southern Hemisphere and extreme lows in the Northern Hemisphere, I'm mindful of the vastly different experiences humans go through at different times of the year... and at different stages of life. 

Across those variances, though, all people value privacy. While it's true some place a higher importance on it than others, most recognize it as a human right. Even through the extremes, be they geographical, political, social or otherwise, the majority of individuals on this planet see privacy as a cause worth advocating. And for that, I'm especially grateful this holiday season. 

Read on to learn more about the privacy challenges we all face. I hope it inspires you to do what you can to champion this most basic human right. 

And, please take our survey  to determine our Privacy Hero of 2018! We will collect only one item from you in the survey: your choice for 2018 Privacy Hero. No personal data is collected.

Everyday Privacy Risks You Never Thought Of
We're learning of new threats every, single day

The digital world in which we live, work and play has made privacy risks much more common. Here's a quick round-up of threats you may not be aware of.  

Unsubscribing from Marketing Emails: Clicking "Unsubscribe" can give  thieves direct access to your personal information and maybe even your money. Crafty hackers have begun to hijack traditional unsubscribe links, using them as Trojan horses to access information saved on computers and web browsers. 

Laptops and Phones Sending Requests to Servers : One developer decided to look into exactly how often his devices were contacting servers on the internet. His laptop and smartphone together sent or received requests  nearly 300,000 times in a single week! This is more reason for everyone to periodically check security settings on computing devices. It's so important to ensure they are strong and have not been changed inadvertently or through device updates.

Checking Off the Privacy Boxes Before Buying IoT Devices: Smart devices that are connected to the internet open consumers up to a whole slew of privacy and data security risks. Download and use this checklist developed by Tyler Reguly before you add any of these gadgets to your (or your friends') homes or offices this holiday season. And, k eep in mind any type of item can be "smart." In this particular case , a clever developer is using a smart dress to collect data about a disturbing activity.

You can also listen to my 
recent radio show during which we discussed the ins and outs of IoT security and privacy. 


This morning (November 30, 2018) reports began to break about yet another massive holiday-season data breach, this time at Marriott Hotels. 

As it turns out, since 2014, the records of between 327 and 500 million people who stayed at Marriott properties were exposed to a potentially large number of cyber crooks. 

It's been a busy morning, as I've spoken with several reporters about this situation. We will include links to some of those reports in the January Tips message.

hero2Privacy Hero: Philip R. Zimmermann        
Creator of "Pretty Good Privacy" (PGP) encryption brings great security to the masses

The first personal encryption tool I ever used back in the early 1990s was PGP, developed by Philip R. Zimmermann. The free solution effectively democratized high security for individuals and small businesses, which prior to PGP's development simply couldn't afford to encrypt sensitive and personal data.

Philip is also the author of a favorite q uote of mine: "If privacy is outlawed, only outlaws will have privacy."

In 1991, after Philip published PGP for free on the internet and it began to spread worldwide, he became the target of a three-year criminal investigation. The U.S. government alleged he had violated U.S. export restrictions on cryptographic software. Thankfully, the case was dropped in early 1996.

Philip went on to become an advisor and consultant to PGP Corporation, which was ultimately acquired by Symantec in 2010. For the last 15+ years, his focus has been on secure telephony for the internet. He developed the ZRTP protocol, as well as Silent Phone and Zfone, and co-founded Silent Circle, a provider of secure communications services.

Rightfully so, Philip has received numerous honors and awards. In 2014, he was inducted into the Cyber Security Hall of Fame, and Foreign Policy Magazine named him one of the Leading Global Thinkers of 2014. The next year, Philip received the U.S. Privacy Champion Award from the Electronic Privacy Information Center.

Help Us Choose: Who is Privacy Hero of the Year?
Throughout 2018, we introduced several individuals and teams who have gone over and above to advance data security and/or privacy. It's now time to pick which will receive Privacy Hero of the Year honors. And we want your help deciding. 

NOTE: W e are hosting this poll directly on our site to preserve your privacy.

Wrap up one of these privacy presents
Have a privacy champion on your holiday shopping list? Here are some gift ideas that will show just how much you recognize and admire their passion. 
  1. Privacy screens / filters to keep those around you from seeing the content of your screens 
  2. UPS (uninterruptible power supplies) and surge protectors
  3. Backup drives                 
  4. Cable locks                     
  5. Remote locator, data wipe and recording tools
  6. Portable battery chargers             
  7. Subscription to anti-malware tools
  8. Backup service subscription          
  9. Encrypted USB drives
  10. Webcam covers webcam (e.g., a cute sticky note cube, etc.
Happy shopping!

worldHow Credit Card Crooks Get More Money for Your Account
It all starts with hard-to-spot transactions on your card
It continues to be incredibly important for consumers to apply a fine-toothed comb to their credit and debit card accounts weekly, if not more often. 

That's because shrewd credit card thieves are using hard-to-spot transactions to increase the value of stolen account numbers. 

To sell a credit card number on the dark web is relatively easy, and a criminal can get a few dollars for a card. To sell a credit card that is validated as being used at least once without issue is a valuable card. The use of [my] card, for $200, wasn't outrageously large as to be eye catching, as grocery shopping for the week's food can easily top that but was enough to provide the criminal with evidence that the card wasn't maxed out.  Now the criminal can sell that card for many more dollars than they would otherwise be able to do so. 

To read more about how Christopher, his wife Kathy, and a local pro at the Washington Secretary of State's office caught on to one card thief's tricks, check out My Credit Card and the Washington Secretary of State Site Used In Credit Card Fraud

youFRESH PHISH: Real Life Phone Scams I Recorded
Before you answer that next call from an unknown number... 

Scammers will say anything to cheat people out of money. Believe me, I've heard just about every trick in the book through my phone. 

Everyone is a potential victim, and our only defense is to educate ourselves as to where these calls come from and what they sound like. 

Invalid Area Codes

If you want to avoid picking up the phone to a scammer, be aware of invalid area codes. I've added a growing list of invalid area codes to my website. 

Common Tricks of Phone Scammers

When possible, I record the scammers who call me. And I've uploaded a few to my website so you, too, can have a listen

If you get any calls like these, hang up. Or, if you want to report them, get as much information as you can (record the call if you can). Report that information to the proper authorities. In the U.S., that includes the  FTCBetter Business Bureau or your s tate's Attorney General's office. In the E.U., check with your country's Data Protection Authority.

If you have a recorded call you'd like to add to our list,  let us know!

READER QUESTION: Is My Child's Personal Data at Risk?

EdTech increases threat of child data exposure     

You're right to be concerned. With the increased use of Education Technologies, a.k.a. EdTech, K-12 student information is at much greater risk of exposure. Everything from your child's personally identifiable information to their classroom schedules are vulnerable to a breach. 

Here are just a few of the steps the FBI advises parents of children in K-12 grades take to protect their kids:
  • Research school-related cyber breaches, which can further inform families of student data vulnerabilities.
  • Consider credit or identity theft monitoring to check for any fraudulent use of a child's identity.
  • Conduct regular internet searches of children's information to help identify the exposure and spread of their information.
To learn more about student and teacher data security and privacy issues, listen to my discussion with Leonie Haimson and Marla Kilfoyle, part of the team that created the new
  "Educator Toolkit for Teacher and Student Privacy."     

PPInewsWhere to Find the Privacy Professor  

In the classroom... 

After years of  providing a regularly updated set of online employee training modules for my SIMBUS business clients,  and on-site certification teaching for IAPP, I'm excited to now also be teaching online IAPP-approved CIPP certification classes. 

As an instructor for AshleyTrainingOnline, an IAPP-registered certified training partner, I host a range of classes for businesses, groups or teams

Do you have a group for which you'd like to coordinate training? We can often arrange a discounted price for organizations and associations based on the number you have participating.

Hope to see you in the virtual classroom sometime soon!
 ** I also teach CIPM and CIPP/US classes, so if you are interested in those, let me know!**

On the road...

One of my favorite things to do is visit with leaders in different industries - health care and managed systems providers to insurance and energy (and beyond!). 

If you're looking for an experienced speaker who knows how to bring data security and privacy risks to life... on stage, on the airwaves or over the internet, please get it touch

On the air... 


I'm so excited to be hosting the radio show  Data Security & Privacy with The Privacy Professor on the  VoiceAmerica Business network . All episodes are available for on-demand listening on the VoiceAmerica site, as well as iTunes, Mobile Play, Stitcher, TuneIn, CastBox, and similar apps and sites. 

Hear the perspectives of incredible guests as they talk through a wide range of hot topics. We've addressed identity theft, medical cannabis patient privacy, cybercrime prosecutions and evidence, government surveillance, swatting and GDPR, just to name a few. Several episodes provide career advice for cybersecurity, privacy and IT professions.

Please check out some of my recorded episodes. You can view a complete listing of shows to date, grouped by topic. After you listen,  let me know what you think ! I truly do use what I hear from listeners.

SPONSORSHIP OPPORTUNITIES: Are you interested in being a sponsor or advertiser for my show? It's quickly growing with a large number of listeners worldwide. Please get in touch! There are many visual, audio and video possibilities.

In the news... 


Credit Union Times

Digital Journal

Health Care Info Security


The Privacy Advisor


3 Ways to Show Some Love

The Privacy Professor Tips of a Month is a passion of mine and something I've offered readers all over the world for since 2007 (Time really flies!). If you love receiving your copy each month, consider taking a few moments to...

1) Tell a friend! The more readers who subscribe, the more awareness we cultivate.

2) Offer a free-will subscription! T here are time and hard dollar costs to producing the Tips each month, and every little bit helps. 

3) Share the content. All of the info in this e mail is sharable (I'd just ask that you follow

My sons Heath & Noah years ago enjoying the snow with faithful friend Buster.
It's COLD out there in this Northern Hemisphere climate of mine... but so very beautiful. Each year as the snow begins to fly I can't help but think about the great times my little ones and I have had outdoors. Keeping a balance between safety and exploration, warmth and fun was always tricky, but it was worth the "extreme" effort every time. 

Here's to a safe, healthy and happy December. Enjoy!

Rebecca Herold, The Privacy Professor

Need Help?

share2Permission to Share

If you would like to share, please forward the Tips message in its entirety. You can share  excerpts, as well, with the following attribution:

Source: Rebecca Herold. December 2018 Privacy Professor Tips.

NOTE: Permission for excerpts does not extend to images.

Privacy Notice & Communication Infoprivpolicy

You are receiving this Privacy Professor Tips message as a result of:

1) subscribing through
2) making a request directly to Rebecca Herold; or 
3) connecting with Rebecca Herold on LinkedIn

When LinkedIn users initiate a connection with Rebecca Herold, she sends a direct message when accepting their invitation. That message states that in the spirit of networking and in support of the encouraged communications by LinkedIn, she will send those asking for LinkedIn connections her Tips message monthly. If they do not want to receive the Tips message, LinkedIn connections are invited to let Rebecca know by responding to that LinkedIn message or contacting her at 

If you wish to unsubscribe, just click the SafeUnsubscribe link below.
The Privacy Professor
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564

Visit my blog    Follow me on Twitter