Harvesting Data They Don't Need
How often have you downloaded an app, made a purchase or signed up for a service and thought, "Now, why do they need to know that piece of information?" It happens all the time - organizations asking for way more data than they really need.
Because data is the new currency, everyone is after it. The most valuable of all is the data that reveals information about people and their lives. And when we indicate a willingness to give away some of our information, the data hungry among us begin to salivate. "Give me more!"
Unless we push back, the overconsumption of our valuable and private data will continue. It's up to each of us to be aware of what we're giving away and to follow up with the tough questions.
So, the next time you wonder why they need that information, ask. Just the simple act of inquiring does a lot to keep these companies on the straight and narrow.
|
|
|
It's nearly harvest time in my home state of Iowa, USA. Thought I'd do a little farm theme with the pictures this month in honor of the honest, hard work family farmers put in all year long.
|
|
Facebook Isn't Satisfied Yet
|
Social giant wants purchase histories, dating data to round out collection
 |
|
 |
My son on the farm, circa 2016
|
Since Facebook's CEO went before Congress to answer questions about the company's security and privacy failings, it seems the social giant has become even more aggressive in its pursuit of private information.
Facebook now wants...
- Financial data: So users can access their banking features from within Facebook.
- Dating preferences: So users can build "real, long-term relationships" within Facebook.
Inquiries from lawmakers are clearly not enough to slow Facebook and other social media companies in their race to own every piece of private information about its users; but it should be enough to get Facebook's users asking serious questions. Before enrolling in either of the above "features," ask yourself if the data trade-off is worth it.
|
|
Privacy Heroes: Dr. Larry Ponemon and Susan Jayson
|
|
Industry leaders first to collect privacy statistics and research
They were the first researchers to collect and maintain privacy statistics, as well as perform analysis on those statistics. It was an incredibly important contribution to the field. The data has been instrumental to the creation of a rich history, detailing how privacy trends in many different industries and areas of life have evolved over time.
I've personally relied on Ponemon Institute stats and research for years, and have seen firsthand how so many organizations depend on Dr. Ponemon's and Ms. Jayson's work to guide their privacy and information security decisions.
Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management (RIM) framework. Security Magazine named him one of the "Most Influential People for Security." In addition to being a researcher and advocate, Dr. Ponemon is an educator. He is an adjunct professor for ethics and privacy at Carnegie Mellon University's CIO Institute and a fellow at the Center for Government Innovation at the Unisys Corporation.
With more than 20 years of experience in financial communications, Ms. Jayson now serves as executive director of the Ponemon Institute. She has worked in investor relations and communications for The Financial Relations Board (FRB) in New York and Qorvis Communications in Washington D.C. Ms. Jayson was also the technical editor of Management Accounting magazine for more than 10 years.
Please join me in celebrating another dynamic duo the security and privacy industry. We are so fortunate to count them among our community's leadership!
We want to know: Who is your privacy hero?
Throughout 2018, we'll introduce an individual or team who has gone over and above to advance data security and/or privacy in their corner of the world. To nominate, simply
drop us a note and explain why we need to know your hero.
At the end of December, we will announce our Privacy Hero of 2018. The hero will receive a token of appreciation and commemoration of outstanding work.
|
|
Google Flies Under Radar, Collects Far More Data
|
"I'm glad I don't use Android."
Just some of the disturbing take-aways:
- Google continues to track location data even after a consumer has turned off the setting.
- A dormant, stationary Android phone communicated location information to Google 340 times in 24 hours.
- "Anonymous " advertising identifiers can be associated with a user's real identity through passing of device-level data to Google servers by an Android device.
As the researchers point out, Facebook has been taking a lot of the heat lately, but Google has the
ability to collect "far more personal data about consumers across a variety of touchpoints."
Hey, Apple & other OS users...
Don't be completely relieved. Just because we've not seen similarly detailed research on Apple and other devices, doesn't mean risks don't exist. Be diligent in securing every type of system you use.
|
|
Privacy as a 'Business Issue of Note'
|
GDPR forces many to reconsider how they are collecting data
The European regulation that caused so many businesses and other entities that gather personal information to scramble for compliance has so far generated at least one really great outcome:
Businesses are taking data security and privacy much more seriously.
As writer Naomi Eide put it in her CIO Dive coverage, "More companies are considering privacy as a business issue of note, not an afterthought."
I spoke with Ms. Eide last month about several topics, including where data collection on the Internet really started (e-commerce). We also discussed how people have become much too comfortable giving away their data without stopping to consider who will get it and how it will be used to make decisions about them.
In isolation, single data points are fairly harmless, especially when they are truly anonymized and encrypted. However, single data points are rare today (as is real anonymity and good encryption). Because consumers give away so much data - often without even realizing it (e.g. our cell phone's GPS locator in always-on mode) - it's much easier to uncover who even isolated data belongs to and what it means.
Big data analytics and machine learning algorithms are taking all that isolated data, blending it together and coming away with a freakishly accurate profile of the target. And that target is you!
Fortunately, in-roads to awareness are becoming better traveled. And, we have GDPR to thank for much of the progress.
|
|
|
Harvesting corn on my farm a few years ago. |
|
An App for Voting?
|
Why cyber security experts are nervous
When the Daily Wire asked for my thoughts on the implications of a proposed "mobile voting platform," I was more than happy to give them. While the spirit of such an innovation is spot-on (encouraging more people to vote), the deployment will be tricky.
- Because apps are often viewed as "breachable," some voters may be nervous about using such a platform.
- That said, all technology has the possibility of doing good. It should be engineered correctly with layers of security and thoroughly tested. That testing should happen well before deployment and then repeated throughout administration and management of the innovation.
- The app Daily Wire was reporting on doesn't appear to have been tested by objective third parties to ensure all identifiable risks have been appropriately resolved. A good test will involve enough subjects within a wide enough range of situations and digital environments.
My guests and I have devoted several episodes to the topic of voting security, each of which you can listen to on-demand. I'm also planning another show on voting security, which will air first on Sept. 11, and a few more in the weeks and months to follow. Just visit the site archive at Voice America online or subscribe through iTunes, Stitcher or wherever you get your podcasts.
|
|
All Data Leakage is Not Digital
|
Physical threats to data just as bad today as decades ago
 |
|
 |
My grandfather in a plowing contest, circa 1948
|
Breaches happen in more spaces than digital. Unauthorized access to physical forms of information is a big problem facing many different industries, especially in healthcare, government, education and law enforcement.
Here are just three of the more common mistakes businesses, agencies and organizations make with physical forms of personal information.
- Placing boxes of customer or patient records on the curb for trash pickup
- Not restricting access to small data storage devices, such as USB drives and external hard drives
- Failing to lock down access to backup media
There are numerous other missteps that expose personal and other types of sensitive information. But with all the news hackers make, digital vulnerabilities comprise the majority of today's headlines.
That's why I decided to tackle the issue on a recent episode of Data Security & Privacy with the Privacy Professor. My guest, Andrew Ysasi, Vice President of Kent Record Management and President of IG Guru, talked about some of the more bizarre incidents involving physical breaches he's seen. Click on the icon below to listen in.
|
Reader Question: Electronic Voting Systems
|
"
I wondered if you'd seen The Economist piece on how much more secure the electronic voting systems are compared to the known issues with the paper based versions?"
Thank you for sending that article my way!
Let's start with the obvious, and that's the click-bait headline:
Voting Machines in America Are Reassuringly Hard to Hack. Ask most any cyber security pro who has studied these terminals and their associated systems; you will not hear the word "reassuring" in any of their remarks.
Second, the article completely omits critical details about the wide diversity and ages of voting systems currently in use throughout the U.S.
The Federal government does not establish any requirements for voting systems; that is the responsibility for each state & territory. Because of this, the range of data and cyber security risks varies greatly throughout the country.
Lastly, some of the information within the article is just plain incorrect.
2 MUCH BETTER RESOURCES
Check out
this research report about election security in all 50 states. The main takeaway is that all states have room for improvement; some much more than others.
My radio show guest Marian Schneider, President of Verified Voting, and I will be covering the topic on my show Sept. 11:
Voting Systems Security & Risk Limiting Audits. You can also listen to my recent discussion with
Maurice Turner about the security of voting machines. Maurice provides some great insights, but I can't promise they'll be "reassuring." :)
|
|
Where to Find the Privacy Professor
|
|
In the classroom...
After years of
providing a regularly updated set of online employee training modules for my SIMBUS business clients,
and on-site certification teaching for IAPP, I'm excited to now also be teaching online IAPP-approved CIPP certification classes.
As an instructor for AshleyTrainingOnline, an IAPP-registered certified training partner, I will host a full schedule of classes
.
Do you have a team or group you'd like to coordinate training for? We can often arrange a discounted price for organizations and associations based on the number you have participating.
Hope to see you in the virtual classroom sometime soon!
**
I also teach CIPM and CIPP/US classes, so if you are interested in those, let me know!**
On the road...
 |
|
 |
My other son on the farm, circa 2016
|
One of my favorite things to do is visit with leaders in different industries - health care and managed systems providers to insurance and energy (and beyond!). Below are a few of the events I have scheduled for the upcoming season.
September 5: Giving keynote, "Understanding the Privacy Impact of Cloud Services & Social Media," at
Spotlight on Security Speaker Series hosted by ISSA, ISACA, Women in Security, netskope and Sprint. Event is at the Sprint World Headquarters in Overland Park, Kansas.
September 19-20: Giving keynote and workshop at Data Privacy Asia, Manila, Philippines.
On the air...
HAVE YOU LISTENED YET?
I'm so excited to be hosting the radio show
Data Security & Privacy with The Privacy Professor on the
VoiceAmerica Business network
. All episodes are available for on-demand listening on the VoiceAmerica site, as well as iTunes, Mobile Play, Stitcher, TuneIn, CastBox, Player.fm and similar apps and sites.
Hear the perspectives of incredible guests as they talk through a wide range of hot topics. We've addressed identity theft, medical cannabis patient privacy, cybercrime prosecutions and evidence, government surveillance, swatting and GDPR, just to name a few. Several episodes provide career advice for cybersecurity, privacy and IT professions.
SPONSORSHIP OPPORTUNITIES: Are you interested in being a sponsor or advertiser for my show? It's quickly growing with a large number of listeners worldwide. Please get in touch! There are many visual, audio and video possibilities.
In the news...
CIO Dive
Credit Union Times
Daily Wire
Health Care Info Security
Secure World
Segurança Informática
Softchoice
Techno Chops
Trend Hotspot
CWIowa Live
The morning TV broadcast regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out
this online library to watch recent episodes.
Keep an eye on my YouTube channel, where you can catch up on many of my visits to CWIowa Live.
Questions? Topics?
|
|
|
My other grandparents in a corn shucking contest on their farm, circa 1940s.
|
|
3 Ways to Show Some Love
The Privacy Professor Tips of a Month is a passion of mine and something I've offered readers all over the world for since 2007 (Time really flies!). If you love receiving your copy each month, consider taking a few moments to...
1) Tell a friend! The more readers who subscribe, the more awareness we cultivate.
3) Share the content. All of the info in this e
mail is sharable (I'd just ask that you follow
|
|
This time of year always inspires me to get outside and dig in the dirt. I've always loved working on the farm, in the garden or around the yard. It reminds me of everything "real." The earth never takes more from us than what it needs. Can we say the same?
As you're enjoying the very start of the fall season, be mindful of what others are asking you to disclose. When you can, say no if you feel it's too intrusive. And never be afraid to ask why.
Have a terrific September!
Rebecca
Rebecca Herold, The Privacy Professor
|
|
|