Why are you getting this? Please read our Privacy Notice & Communication Info at the bottom of this message.
|
|
|
|
17 Years of Celebration
Coming off the holidays, you’re no doubt ready to pack up your party plates. But wait, we have one more reason to celebrate. The 17th annual Data Privacy Day has been so popular that the sponsor is now celebrating it for a full Data Privacy Week!
Maybe you don’t need to host another in-home shindig, but we’d love to see you mark the week in a special way.
|
|
|
Some ideas:
- Organize a virtual trivia event with privacy history as the subject.
- Encourage your Governor to recognize the holiday in your state (We’ve done this 13 times in Iowa!)
-
Send ‘Tips of the Month’ to a new subscriber.
-
Post about the holiday on social media (#PrivacyAware and #DataPrivacyDay).
-
Explore and share PrivacySecurityBrainiacs.com flipbooks, paperbacks, infographics, training classes and videos.
-
Make your own privacy aware content (like these infographics). Send your creations to us, and we may share.
-
Check the privacy-friendliness of your browser with the Cover Your Tracks website.
Data Privacy Week is more relevant than ever before. Find someone new to share it with and celebrate with gusto. Then take a rest from the holidays… until Valentine’s Day, that is! :)
|
|
Rebecca
We would love to hear from you!
|
|
January Tips of the Month
- Privacy & Security Questions and Tips
- Data Security & Privacy Beacons
- Data Privacy Week
- Privacy & Security News
- Where to Find the Privacy Professor
- “Cybersecurity for Grandparents (And Everyone Else!): Q4 2021 Edition – IoT Security and Privacy” Paperback Book Available in January
|
|
Privacy & Security Questions and Tips
Rebecca answers hot-topic questions from Tips readers
|
|
Thank you for sending in great questions this month. Here are three top follow-up questions from December's facial recognition Q&A, along with a cybersecurity career choice question. Keep sending in the security and privacy questions on your mind!
|
|
Q: Facial recognition technology has me paranoid. December’s Tips sparked two additional questions. Where are these technologies located, and who gets all that video?
A: It depends on where you are located. For instance, Bellingham, Washington, banned government use of all facial recognition technology in November 2021. There are a few dozen similar local laws in the US, but those are specifically around government use of the technology.
Private security camera surveillance, on the other hand, continues to grow, with mostly no legal restrictions on how to use the video, and often captures activities and images from all kinds of public and often many private places.
As for who gets the video, no one truly knows. While government surveillance video is generally not made public, it is often shared with many other entities who use the videos for a wide range of purposes, beyond the original stated reason for collecting the video. Then the third parties often share with basically anyone they want. Likewise, videos from private businesses, organizations and residents are also often shared by the surveillance service vendor with many “trusted third parties”. The entities using them can also share with basically anyone they want. This is how such videos can, and often do, ultimately wind up in the public eye, including on websites like YouTube and NextDoor.
We are still in a digital wild west. Controlling, or even knowing, who has access to surveillance videos and what they will do with them is anyone’s guess. Our team is continuing to follow news on this topic closely. If you find items you’d like for us to share through our PrivacySecurityBrainiacs.com news site, please let us know.
|
|
Q: Are facial recording activities likely to impact the future value of retinal scans as a security measure?
A: At this time, we do not foresee facial recognition putting retinal scan-based security authentication at risk. That’s because most, if not all, of today’s facial recognition technology does not include retinal scanning. However, as technology advances, this may become a more immediate concern and will need to be addressed.
Retinal scans are typically executed by focusing a low-energy beam of infrared light on a person’s eye as the individual looks into a scanning component. The technology then maps the unique patterns of the individual’s retina.
Like all biometric authentication solutions, it needs to be monitored to ensure changing risk levels are considered as they evolve.
|
|
|
Q: There was recent news about Apple having access to photos stored on iPhones to monitor and flag digital crime. Sounds noble, but does that mean they are seeing and judging all photos?
|
|
|
A: In mid-2021, Apple proposed to launch a child sexual abuse material (CSAM) scan feature. The purpose was to scan all iCloud photos to determine whether they contained anything that could be considered illegal. Yes, it does sound noble, but also highly subjective. Considering they proposed to scan all the photos, the feature also sounded highly privacy invasive.
There was widespread public concern and loud objections. For example, on October 15, a group of privacy and cryptography researchers and experts published a paper, “Bugs in our Pockets: The Risks of Client-Side Scanning.” It outlined the risks of such scanning. Moves by Apple suggest they responded to the increasing public concern. First, CSAM was not included in the release of Apple iOS 15.2, as the company had previously announced. Second, product information about CSAM was removed from the Apple site. The only CSAM content that remains is a section within Apple’s child safety page indicating the company had “decided to take extra time to gather feedback and make improvements before releasing it."
So yes, Apple’s scanning (as originally planned) would have amounted to seeing and judging all iCloud photos. For now, however, that plan has been postponed.
This is a terrific example of what can be accomplished when experts and the general public speak up about privacy concerns. We will keep an eye on this and let our readers know if that plan rematerializes.
|
|
Q: As a victim of privacy invasion, I know firsthand the dangers of hacking. So, I'm considering a career in cybersecurity. What do you recommend for those who are not in the computer field?
A: Personal experience is a great career motivator. Since I don’t know you, I can’t make a specific recommendation. The answer also depends upon where in the world you are located. From a technical standpoint, you could devote a career to building preventative solutions that make it harder for criminals to pull off the kinds of crimes that victimized you. From a non-technical perspective, you could do research, create training programs and/or teach, develop policies and procedures; all of which are critical and necessary for security and privacy but are too often overlooked or not sufficiently covered in computing. Check out the NIST Cyber Security Framework or the NIST NICE sites to see more details about these types of technical and non-technical domains and associated activities where more practitioners are needed.
Ask yourself the following questions:
- What are you great at doing right now?
-
Do you like communicating with a wide range of people and working in a team? Or, do you prefer focused work alone without interruption?
- Are you drawn to specific areas of cybersecurity?
- Have you learned the technical and non-technical ways in which your personal experience with privacy invasion and hacking was accomplished?
- Do you want to do something to prevent similar situations from happening to others?
A career in cybersecurity will give you the opportunity to create technical capabilities and perform non-technical actions to reduce the occurrence of hacks and privacy breaches that are hurting others.
In addition to the NIST links above, check out a few other professional associations, such as:
- ISACA
- ISSA
- ISC^2
- IAPP
- CompTIA
Each of the above hosts' events, publications, webinars and more that address different specialty areas within cybersecurity and privacy. And, if you are a student, some of them have deeply discounted dues that may allow you to sign up for a membership.
I hope you found this information useful. Good luck with your career, whatever you choose!
|
|
Data Security & Privacy Beacons*
People and places making a difference
|
|
-
The Perfect Scam Podcast from AARP publishes valuable information for people of all ages. The stories they share are quite intriguing and include many lessons.
-
Think You Know Your Data Privacy? Is a brief quiz from Associations Now. It covers privacy regulations and concepts aplenty, making data privacy less challenging to grasp. (Try it out. You might know more than you think.)
-
The Electronic Frontier Foundation (EFF)’s “Cover Your Tracks” browser fingerprint privacy tool is super for everyone. We used one of our research computers, configured like most of those in the public to do the analysis. See the surprising results on our site.
*Privacy Beacons do not necessarily indicate an organization or person is addressing every privacy protection perfectly. It simply highlights a noteworthy example of privacy-aware practices.
|
|
Data Privacy Week
Seven days marks 17 years
|
|
Seventeen years ago marked the first ever Data Privacy Day. Originally known as European Data Protection Day, it was introduced by the Council of Europe in 2007.
Two years later on January 26, 2009, the US House of Representatives unanimously declared January 28 as National Data Privacy Day. For its part, the US Senate declared National Data Privacy Day to be January 28 in 2010 and 2011.
Here in our home state of Iowa, this is the 13th year in a row our team has been successful in its attempts to have the Governor formally recognize privacy on January 28, 2022, by declaring it Data Privacy Day in Iowa. Here is a link to the very first proclamation from 2010 when Iowa Governor Chet Culver was in office and the most current from 2022, proclaimed by Iowa’s current Governor Kim Reynolds. We have requested updated language in the proclamation each year to reflect changes in the privacy issues all consumers must deal with.
Now that Data Privacy Day is Data Privacy Week, we are looking forward to expanding our celebration of the holiday.
Please tell us… how will you mark Data Privacy Day…or the week if you are following the lead of the NCSA?
|
|
Privacy & Security News
Visit the PSB News Page often!
|
|
The PSB News page contains news grouped by month and by topic. We curate the news we find of most concern and interest, so you can see the kind of info we pass along to our clients and employees. In addition, we are now dedicating a separate news page specific to IoT security and privacy. We also created a special page at Privacy & Security Brainiacs for Log4j security and privacy vulnerabilities, patches, exploits and more.
It’s important to note that as we find news, we group it by the original month it was published. So, keep on scrolling. Past months may look different each time you visit.
Come back often to keep up with the news our team finds worthy of mention.
**IMPORTANT UPDATE: Our Privacy and Security Brainiacs SaaS services platform is not affected, nor even at risk from, the Log4j vulnerability. Our platform uses PHP and does not use Java-based third-party modules. Hear more about Log4j in the January episode of Data Security and Privacy with the Privacy Professor.
|
|
Where to Find the Privacy Professor
|
|
|
real-world topics within the data security and privacy realm.
Latest Episode
This episode first aired on Saturday, December 4th, 2021
Jon Bello
The customer contact call center is often the only barrier between access to your product controls, account information and smart device dashboards. This makes it imperative for contact centers to have strong privacy protections in place.
Next Episode
This episode will first air on Saturday, January 8th, 2022
Dr. Mich Kabay
The Log4j security vulnerability is ultimately a result of insufficient secure coding and/or testing practices for software that is used in billions of devices worldwide, now being actively exploited, causing a wide variety of security incidents and privacy breaches. Hear how to prevent this
and similar vulnerabilities.
|
|
|
|
The “Cybersecurity for Grandparents (And Everyone Else!): Q4 2021 Edition – IoT Security and Privacy” Paperback Book Available in January!
|
|
Coming in January 2022!
Privacy and Security Brainiacs is proud to announce we will start offering new Master Expert online classes from Dr. Mich Kabay, and other experts with over a decade of practitioner, professor and/or research experience starting on January 28 to correspond with Data Privacy Day! Check out our site on that day, and look for more information about these classes in our February Tips.
|
|
Privacy & Security Brainiacs| Website
|
|
|
Permission to Share
If you would like to share, please forward the Tips message in its entirety. You can share excerpts, as well, with the following attribution:
NOTE: Permission for excerpts does not extend to images.
Privacy Notice & Communication Info
You are receiving this Privacy Professor Tips message as a result of:
2) making a request directly to Rebecca Herold; or
3) connecting with Rebecca Herold on LinkedIn.
When LinkedIn users initiate a connection with Rebecca Herold, she sends a direct message when accepting their invitation. That message states that in the spirit of networking and in support of the encouraged communications by LinkedIn, she will send those asking for LinkedIn connections her Tips message monthly. If they do not want to receive the Tips message, LinkedIn connections are invited to let Rebecca know by responding to that LinkedIn message or contacting her at rebeccaherold@rebeccaherold.com.
If you wish to unsubscribe, just click the SafeUnsubscribe link below.
|
|
|
|
|
|
|