International Data Privacy Day
This week, we celebrated International Data Privacy Day! To acknowledge the event, we’re presenting a two-part discussion of privacy: the first focuses around consumers, and the second around enterprises. Enjoy!
Part 1: Data Privacy and the Consumer
First off it may be helpful to draw the distinction between privacy and security in our digital world. Privacy refers to the ability to control what data you share, with whom you share it, and what that information is used for. Security broadly refers to the means of protecting that data from misuse, be that through theft, destruction, unwanted dissemination, etc.
In the digital age, privacy has become a much higher profile issue because of the ease of collecting, collating, and connecting pieces of information about individuals, and because of the ease of “mining” and exploiting this data.
Data Privacy Day presents an opportunity for everyone to take stock of the digital footprints you may have left out on the Internet, and to take steps to protect the privacy of your data. In fact, the theme of Privacy Day 2020 is “Own Your Privacy”: a call to action for consumers to defend the privacy of their data.
Here are some practical tips to help you “own your privacy” when online:
– Make sure your browser is up to date, and check your browser’s privacy/security settings to ensure you’re only revealing or storing what you intend to share. ZDNET has an excellent “deep dive” article on privacy, containing lots of tips for securing your browser, mobile device settings, and much more.
– Avoid auto-saving passwords and forms to keep your credentials and personal information private.
– Never use the same password on multiple websites or devices. If a password breach occurs on one provider, hackers can easily pivot and test the same userid/password combination on other popular sites and services. Maintain the privacy of your data by using unique credentials.
– When filling out online forms, ask yourself why information is being requested from you, and if you are comfortable sharing it. Unless you wish to do otherwise, only complete mandatory fields to limit the amount of data you are disclosing.
– Disposing of old computer equipment, mobile phones, old USB thumb drives, or even old printers/scanners? Make sure it is securely wiped before re-sale, or taken to an authorized electronics recycling depot for destruction. Old gear can carry a trove of old personal/private information that you likely don’t want to share.
– Have you ever Googled yourself? You may be surprised at where you show up on searches; Google provides tips on how to look for private information about yourself on the web, and how to remove/correct it as necessary.
Beyond search engines, social media sites should be an area of particular concern to all consumers. It’s been ten years since the incisive quote “If you are not paying for it, you’re not the customer; you’re the product being sold.” first appeared online. Your “free” use of social media platforms is underwritten by leveraging your likes, follows, searches, and views. They are all tracked and used by the services for targeted advertising. And those dozens of pages of legal gobbledygook that you didn’t read before clicking “Accept” when signing up for a site may severely curtail your privacy and control over those pictures you posted or those comments you made. Understand that your activities will shape the ads and content that you are presented. Be sure you agree with what your social media sites are doing with your information, and remember that social media data can have an extremely long shelf life (e.g., many employers are now quietly scanning social media sites for insights into prospective hires: are you proud of your teenage-years posts?). Facebook users should use the site’s Privacy Checkup feature. The feature was originally released in 2014, but most recently updated in January 2020. It’s not perfect, but it will give you important insights and control over what’s being collected, shared, and used from your online activities. Check your other favourite social media and online shopping sites for similar features.
Beyond text and images, even your spoken words are under assault from a privacy perspective. If you have a smart speaker device or other virtual listening assistants in your home of office, understand that your conversations may be captured and data-mined for advertising or other purposes. Commonsense.org presents a fascinating review of one of these devices which may prompt you to review what you feel comfortable sharing with third parties – and beyond.
With millions of apps and websites out there, it’s only natural that you may have signed up for a service or downloaded an application, then never used it again. Data Privacy Day presents a nice opportunity to do a little early spring cleaning in your digital world. Scan your mobile phone for apps that you no longer use and remove them. But understand that removing the app doesn’t necessarily make the app provider “forget” you. The Just Delete Me website provides direct links to some 600 common websites/services with details on how to delete old/unused accounts right from the providers themselves once you’ve removed the app from your phone. A recent article in Wired also has great tips, links, and guidance on severing your digital ties. After all, if you don’t do business with these companies, why should they still have your email address and other personal information on file?
Another way to “own your privacy” is to check up on vendors to see what information they have about you. In Canada, PIPEDA (the Personal Information Protection and Electronic Documents Act) gives you the right to make a formal privacy request from any company. To comply, the company must respond with an outline of all of the personal private data they hold on you, and give you the opportunity (where appropriate) to correct, redact, or remove that data.
A special case of checking your personal data is reviewing your credit report. You can check the major service bureaus to validate the information they have on you, make sure that any incorrect information is corrected, and ensure that any old credit cards you may no longer use are cancelled and removed from their records. Equally importantly, you can check a history of who has requested access to your financial data online. In Canada, you can request free credit reports directly from the two major services: TransUnion and Equifax. In the United States, there’s a one-stop site to centralize your requests on the Annual Credit Report website. Why not calendar this yearly activity for Data Privacy Day?
Hopefully this article has given you some food for thought on protecting your online privacy. For more information and resources on Data Privacy Day, visit the National Cyber Security Alliance’s StaySafeOnline website.