Celebrating Data Privacy Day All Month Long
Although
International Data Privacy Day is recognized on Jan. 28, that's no reason to wait. We like to celebrate all month long! It's a fantastic way to raise consumer awareness, and it gives companies a perfect excuse to move data security and privacy projects forward.
For the past 11 years, I've been honored to work with the Iowa governor's office to have Jan. 28 proclaimed Iowa Data Privacy Day. We've been successful at securing the proclamation through three different top legislators and two political parties. It's been a privilege, and I'm very grateful to the individuals who have taken an interest in continuing this important tradition.
A lot has changed since Data Privacy Day was first founded in 2007. Notably, the number of industries impacted by data security and privacy issues has grown dramatically. Whereas
Healthcare and
Big Tech were once the chief industries impacted, it's now hard to think of an industry NOT affected. From travel and entertainment to agriculture, there isn't a single sector that doesn't need to pay attention to the data security and privacy of its customers, employees, partners and others.
Read on for a sampling of impacted industries. Hopefully, it gives you an idea of the breadth and depth of the data security and privacy issues facing our society today.
|
|
|
I'v
e included more of my photos from the Luxembourg trip.
Pictured here is
one of the large collection of vineyards that fill much of the Luxembourg countryside.
|
|
Data Security & Privacy Beacons
|
People and places making a difference**
Have you seen an organization or individual taking actions to improve privacy? Send me a note to nominate a privacy beacon of your own!
Firefox Monitor is offering
free data breach monitoring to Firefox account holders. A Firefox browser is not required to
sign up for an account, and a
nswers to FAQs
are available without an account. Firefox checks for public data breaches and alerts users of any incidents including their email addresses dating back to 2007. The service also provides helpful tips to mitigate risk and shares best-practice precautions, such as changing passwords for affected accounts and being diligent about not reusing passwords.
The Iowa Clinic recently distributed an email clearly stating its patients' privacy rights, as well as instructions on how to opt-out of third-party communication. It's a very clean, simple example of how to properly inform stakeholders of updated terms and conditions.
Shoot me an email if you'd like me to forward the Iowa Clinic's recent communication to you.
Princeton IOT Inspector automatically discovers Internet of Things (IoT) devices and analyzes their network traffic. This helps users identify any security and privacy issues that may exist within the devices. It presents the results in a user-friendly way with graphs and tables. Tools like this, which require minimal technical skills and no special hardware, are fantastic for increasing consumer awareness. They also place a healthy pressure on tech developers and providers to build security and privacy controls into their devices before making them available to the public.
The Tor Browser is a product I've been a fan of for many years. Users all over the world rely on the browser to protect large amounts of personal data while they are online. The diverse group of people behind Tor are united by a common belief: internet users should have private access to an uncensored web. They are working hard to protect all people from the rampant tracking, surveillance and censorship that happens when various entities siphon our personal and behavior data as we engage with websites through traditional browsers. NOTE: I interview the former top executive of the Tor Project in my January 2020 VoiceAmerica show!
With the product PRIVACY4CARS, users can delete data gathered by connected vehicles. While I've not yet tried the service, I'm including it here as something readers may be interested in. If any of you have tried it, I'd love to hear about your experience. Does it work as advertised?
**P
rivacy beacon shout-outs do not necessarily indicate an organization or person is addressing every privacy protection perfectly throughout their organization (no one is). It simply highlights a noteworthy example that is, in most cases, worth emulating.
|
|
|
My rough translation:
"The City of Remich Welcomes You
She had this place arranged for you
to look at the installations and plantations
Thank you"
|
|
Talking Tech
|
|
Rampant risks rage within the technology industry
An industry commonly associated with security risk, Big Tech will continue to be impacted by data security and privacy issues. In fact, two new tech-related vulnerabilities have just crept up:
Password Hardware Presents Problems
Many people rely on hardware-based password managers because the solutions feel safer. While that may be true in some cases, the hardware is not entirely without risk. A
well-engineered and fully-tested hardware-based password manager is certainly a better alternative to writing passwords on sticky notes and stuffing them in an unlocked desk drawer
or sticking them on your computer screen
. However, you should consider that if the device is lost, stolen or destroyed, your password data is, too.
Unfortunately, users view these devices as "hacker proof" because they're not connected to the internet. Yet, researchers report some
hardware-based password managers have poor security. Passwords saved on these devices could be accessed via flash chips, even after being reset.
Innovations in password management have led many people to use online password managers. Your best bet for protecting your data with this type of program is to close it down completely when not in use and set up two-factor authentication, as
this Forbes article
advises.
New Flaws on
Smartphone Apps Revealed
Another especially disturbing report affects a nearly ubiquitous tech gadget, the smartphone. New
vulnerabilities discovered in Android apps stem from app developers who source malicious code from code libraries.
It's important we not assume iPhone apps are in the clear. Flaws in the app code can be replicated over and over again. This is why we see issues from years ago continuing to victimize users across different devices and systems. Although patches and fixes are continually implemented, there are no guarantees an app isn't compromised. It helps to regularly update your apps, but that's not foolproof either.
As more issues with Big Tech products and solutions crop up, the responsibility for protecting users falls on many, including users themselves. Before you plug in those new holiday gifts, do your homework. Read reviews and privacy policies. If you have questions, ask the providers. Red flag if they do not respond.
|
|
|
Vianden Castle, located in the northern part of Luxembourg, is one of the largest fortified castles west of the Rhine, with origins dating from the 10th century
.
|
|
Retail Secrets
|
Consumer scores lead to different experiences for different people
The story worked from the fact that companies like Airbnb and OkCupid share customer data with third-party companies to protect against fraud. The third parties are asked to sift through the personal information and assign a score to each customer.
The score is typically used to detect things like false or stolen identities. This information, in itself, was not surprising. What was, however, is the fact these scores are used for even more than fraud detection, such as the level of attention a customer might receive from a call center representative.
What's the big deal, you might ask. Why shouldn't suspected fraudsters be treated differently?
Well, that's just the thing -- the score is based on suspicion alone. The algorithms that underpin scores like this can be biased, and even broken.
It's unclear how fraud scores are determined. Even more disturbing, it's unclear the unlimited ways the score could be used against consumers.
With the increased attention consumer privacy rights are getting from lawmakers (e.g., GDPR, CCPA), the secret consumer score may not stay secret for very much longer. In fact, according to the NY Times journalist who reported the story, there are already steps you can take to request your own score.
It should be noted that the reporter who attempted to follow those steps did not have much luck getting the complete information she requested. You might want to give it a try yourself. If you do, please share your experience with me, as this is a story I'll be following closely in 2020.
Are secret consumer scores being used against us? Who knows. But, the more questions we ask, the more answers companies may be compelled to provide.
|
|
|
A closer view of one of the Vianden Castle towers. I loved exploring this fascinating part of history!
|
|
Fake websites create very real problems
The financial sector has long been subjected to data security and privacy issues. The highly sensitive information contained within the servers and cloud platforms of even small financial institutions is the golden goose for cyber criminals. Add increasingly sophisticated attack models to the wealth of data, and you can see why the industry is such a high-priority target for crooks.
The real trouble for banks and other financial services entities is they are often liable for the mistakes of their customers.
Take the recent trend of fake websites, for example. D
ata thieves
trick unsuspecting online shoppers into thinking they're being routed to an authorized payment processor. Instead, it's a site that secretly steals payment card information.
How do the cyber crooks do it? They simply add a few lines of code and graphics that mimic legitimate payment processing sites. Subtle hints as to the sites' illegitimacy are practically indecipherable even to the most discerning online shopper. Below is a comparison** of the real and fake sites. As you can tell, the URL is about the only give-away, and even that doesn't look all that unreal...
Scams like this put us on high alert. They can even make us skeptical of every site. That isn't necessarily a bad thing, though. Heightened due diligence, especially when entering payment information or any other personal data, is absolutely called for this day in age.
That's why I'm so passionate about sharing this kind of information with my readers. It's my hope that by offering up information and tips, you'll develop hyper awareness... essentially the only weapon strong enough to slow the spread of consumer cyber attacks.
|
|
|
A medieval bridge in an ancient forest where a hiking trail passes through in the Mullerthal Region - Luxembourg's Little Switzerland
|
|
|
Healthcare Problems
|
| |