SOS! Security & Privacy at Severe Risk

With this week marking May Day, a traditional spring holiday in many cultures, I thought it would be fun to theme this month's Tips message off both meanings of the phrase. "May Day" isn't always joyous. In fact, ship and aircraft pilots also use the word "Mayday" to signal extreme distress... and many believe that describes perfectly the state of data security and privacy today.

Read on to learn more about the latest threats against our personal security and privacy, as well as some tips on how you can address them.

5 simple steps to finding out how the social giant sees you

With all the news Facebook as made in recent months, you may have wondered what the social giant thinks (and is sharing) about you. 

While it's easy to find out, it's impossible to change. We hope one Facebook will allow us to correct inaccurate assumptions. After all, that would be in everyone's best interest. 

Follow the steps recommended in the image to the left, and you'll not only find out the political affiliation Facebook has assigned to you, but you'll also learn what some of the other fascinating, eery and perhaps even incorrect things it believes are true about you. 

As you post, like, link and friend, keep in mind these sites are logging and analyzing that information. As I shared with the ABC affiliate in Des Moines, the position many of them take with regard to personal data is "If it's not illegal, we're going to take it."

A replica of the radio room on the ocean liner RMS Titanic showing the Marconi telegraph apparatus.
Photo b
By Cliff1066 [CC BY 2.0 (], via Wikimedia Commons
hero2Nominate a Privacy Hero   
We want to know: Who is your privacy hero?

This year, we're celebrating the people who go above and beyond to preserve our personal data security and privacy. It's a crowdsourced project, so please weigh in and send us your nominations. 

Throughout the year, we'll introduce an individual who is working to advance data security and/or privacy in their corner of the world. To nominate, simply drop us a note and explain why we need to know your hero.
At the end of December, we will announce our Privacy Hero of 2018. He or she will receive a token of appreciation and commemoration of outstanding work.
Recent Grads, Grandparents Targets of Scammers

Life transitions create opportunities for con artists
As high school and college graduates head off for their next life stage, crooks are paying close attention. In a new place, feeling anxious about what's ahead or maybe just a bit off kilter, new grads (and their families) are especially vulnerable to tricks, traps and scams.

Here are a few to watch out for:

Employment Scam Targeting New Graduates - A phishing scam that preys on job seekers, this one sends emails to university (.edu) email addresses. The crooks promise easy money and flexible hours.

Alumni Services Phone Scam - Callers "sell" recent graduates a fake set of alumni perks in exchange for credit card details.

Scammers Impersonate Grandchild in Distress - Especially when grandparents have not seen their fast-growing grandchild in some time or they are dealing with the challenges of aging, they can be vulnerable to this scam. A con artist pretends to be a grandchild in trouble and in need of emergency funds. The unsuspecting and generous grandparent wires money that eventually winds up in the hands of crooks.

Grads and grandparents, if something sounds too good to be true, it probably is. By the same token, if you get a fishy feeling about a call, do not engage. Hang up and investigate independently. 

Is your business ready?
One of the most significant consumer data protection laws is going into effect this month in the European Union. It's called the General Data Protection Regulation (GDPR), and it has far-reaching implications for businesses around the globe. We're beginning to see all kinds of organizations make efforts to comply. 

When LinkedIn's terms of service changed in March, you could see the social network pursuing actions to demonstrate they are trying to comply with what is actually a worldwide regulation.

Facebook, too, is making preparations. They are changing to which users will be covered by different terms of service, depending on where they live. It's a move that will reduce Facebook's exposure to GDPR compliance.

Too many business leaders think GDPR applies only in the EU. But it really applies to anyone who has any type of association with EU citizens and residents. This could be users, customers, contractors, business partners, anybody who might be in Europe.

Freelance consultants may be impacted, too.

Data is everywhere. You may be surprised how the small, seemingly everyday things you are doing as a part of your small business could be a violation of GDPR. This is a great article that summarizes some of the simple steps you can take to reduce your exposure. 

Now is the time to learn more. 

quickBefore You Play the Lottery

Rules are rules: Read those policies and terms of service

An interesting case recently arose. A New Hampshire woman won a lottery prize, but did not want the lottery organization to release her name. While I certainly understand the desire to remain anonymous, especially after coming into a lot of money ( $560 million in this case), her predicament should not have come as a surprise. 

The winner has gone so far as to sue the lottery for what she says will be an invasion of privacy. The situation underscores the importance of knowing the rules before you enter any kind of contest. It's also critical to understand h ow organizations will use the personal information those privacy notices!.  
Only  seven U.S. states allow lottery winners to stay private: Delaware, Kansas, Maryland, North Dakota, OhioSouth Carolina, and Texas, and soon to be Georgia.
It is interesting to note that Iowa, my home state, does NOT allow for anonymity as a way to help protect the integrity of the lottery and prevent fraud. This restriction helped to flag, and ultimately determine, that insider fraud had occurred within our Multi-State Lottery Association.  

Cases like this are not only fascinating to me, they are also becoming an increasingly important line of work. Expert testimony in data security and privacy litigation can make or break cases, and I'm proud to say I have served in this capacity for both the plaintiff and defendant. 

If you're in need of such testimony, don't hesitate to get in touch. I'm happy to consult. 


Inexpensive tech makes it easy to manipulate video

Over the past few years, I've shared examples of altered video. One of the most common is footage of an interview with a VIP edited to make it look like the person on film said something he or she did not, or carried an expression he or she did not. 

The technology to pull this off and to make it look incredibly real is becoming even better, and more affordable. What's more, the issue recently went mainstream with Jordan Peele highlighting it on BuzzFeed

This day in age, it's so important to q uestion what you see, and consider the source. Always keep technology  in mind when you are watching videos, particularly those from InfoWars and other conspiracy theory and propaganda-spreading sites. Doctored videos are becoming more prevalent and the spread of them is getting much worse. If you find one, please let me know. I like to stay aware of, and catalog, such examples.

PPInewsPrivacy Professor On The Road & In the News  

On the road and in the ethernet...

One of my favorite things to do is visit with leaders in different industries - health care and managed systems providers to insurance and energy (and beyond!). Below are a few of the events I have scheduled for the upcoming season.

May 3: Providing identity theft information at Compass Financial 
in Des Moines, Iowa at their  free, public event.

May 30-31: Giving keynote, "Prevent Nightmares in the IoT," SecureWorld, Atlanta, Georgia. 

June 26: Hosting online seminar, "Practical Steps to Scale Your Vendor Risk Management Program," IT GRC Executive Forum
July 13: Giving keynote, Electric Grid Security, at the Central Iowa Power Cooperative (CIPCO) IT Users Group in Des Moines, Iowa.

September 19-20: Giving keynote and sessions at Data Privacy Asia, Manila, Philippines.

Privacy Professor in the news...


I'm so excited to be hosting Data Security & Privacy with The Privacy Professor on the  VoiceAmerica Business network . All episodes are available for on-demand listening. 

Hear the perspectives of incredible guests as they talk through a wide range of hot topics. We've addressed identity theft, medical cannabis patient privacy, cybercrime prosecutions and evidence, government surveillance. One of our recent guests even talked about his personal experiences with historical notables Jimmy Hoffa, Gloria Steinem and Fidel Castro

Several episodes provide career advice for those in, and wanting to pursue, cybersecurity, privacy and IT professionsPlease check out some of my recorded episodes, and let me know your feedback! I truly do use what I hear from listeners.

Do you have an idea for a show topic? Or would like to suggest someone who would be a great guest? Please let me know!

California Lawyers Association

Health Care Info Security

The morning TV broadcast regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out this online library to watch recent episodes.

On April 2, we talked about the recent headlines Facebook has made, as well as the implications of our online behavior. 

Keep an eye on my YouTube channel, where you can catch up on many of my visits to CWIowa Live. 

Questions? Topics?

Have a topic I should discuss on the  CWIowa Live morning show or on my VoiceAmercia radio show? Or, a question I can answer in my next monthly Tips? Let me know!

Here's to a week that brings more May Day joy than Mayday stress. Hopefully, this Tips message has kicked it off in the right direction.

Congratulations to all the graduates about to celebrate your accomplishments this month. (That's me with my youngest last year at his high school graduation, a valedictorian in a class of 465, with honors. Now he is almost finished with his first year of college. Time flies!)

As you transition into the next phase of life and come across tricks, traps, scams and threats you'd like me to cover, please don't hesitate to get in touch. 

Have a terrific, safe May!

Rebecca Herold, The Privacy Professor

Need Help?

Permission to Share

Want to repurpose the information contained in this Tips? Yes, please forward in its entirety. 

If you prefer to use only excerpts, please use this attribution:

Source: Rebecca Herold, Founder, The Privacy Professor┬«,,,, 

NOTE: Permission for excerpts does not extend to images.
The Privacy Professor
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564

Visit my blog    Follow me on Twitter