While the majority of North Americans were asking Santa for new tech, we were busy building a contingency plan to protect our existing devices. In December, we were all wishing for things. In January, it’s time to take action to protect our technology and sensitive data from prying eyes, ears, and keyboards.
International Data Privacy Day is a global awareness initiative designed to “empower individuals and businesses to respect privacy, safeguard data, and enable trust.” Sounds straightforward enough, right?
But you may be wondering: why is there a day dedicated to data privacy? Well, because most individuals are grossly unaware and uninformed about who collects their personal information, where it can be stored, and how it can be accessed. Companies don’t always need your permission to store your sensitive information. In fact, during the infamous Equifax data breach, millions of people were outraged, having never explicitly given Equifax permission to store their personal data.
Equifax was negligent in protecting the most valuable consumer data—namely, Social Security numbers—and as a result, hundreds of millions of consumers in the United States, Canada, and Latin America are at risk. So, who is collecting your data without your permission? Here are just a few:
Sensitive data is not just your full name, credit card information, or Social Security number (these are super sensitive). It’s any amalgamation of data that can be used to identity and potentially exploit an individual. According to Slate:
Your age, interest, purchasing habits, frequented locations, health, and social map are all valuable piece of information that comprise a digital shadow, which can be packaged, bundled, and sold to the highest bidder.
Humans are creatures of habit. They stick to routines and utilize mental shortcuts. After an action becomes a habit, individuals don’t pay much attention to what’s they’re doing anymore. Vigilance eventually wears off. Consider this example:
Safe Zone: John Doe, 25
Danger Zone: John Doe (25) buys an Americano at Karen’s Kup every morning at 7:30am with the same credit card (ending in 1234), then walks 2 blocks due east to his office.
That’s a lot of information; John’s movements could be tracked, and more information extracted. The same idea applies to navigating the digital landscape. Consider how many apps are on your smartphone. For the past 4 years, Statista found that the average smartphone owner uses 27 apps in a month. Without thinking twice, most users permit these apps to access real-time locations, save usernames and passwords, and store all kinds of telling tidbits. When it comes to data, apps are constantly pushing the envelope with how much user information they underhandedly collect.
Because privacy is a huge consumer concern, what is being done to protect everyone?In the United States, there are a number of federal privacy organizations and lawsin place to protect consumers (but even these aren’t impervious to malpractice):
The Federal Trade Commission (FTC)
The Federal Trade Commission is “an independent U.S. law enforcement agency charged with protecting consumers and enhancing [economic] competition.” The FTC is the primary protector of consumer privacy and the enforcer of privacy laws. The FTC has law enforcement authority and its mission is to prevent “deceptive practices in the marketplace.”
The Fair Credit Reporting Act (FCRA)
The Fair Credit Reporting Act —passed in 1970—promotes the “accuracy, fairness, and privacy of consumer information contained in the files of consumer reporting agencies” (i.e. credit bureaus and specialty agencies). Under FCRA, consumers have the right: to be informed if information is used against him or her, to know what’s in a personal file, to ask for a credit score, to dispute inaccuracies, to delete wrong information, and to give employers access to a credit report. For more consumer rights, read the summary.
The Gramm-Leach-Bliley Act (GLBA)
Also known as the Financial Services Modernization Act of 1999, the GLBA mandates that financial institutions must provide clients with a privacy notice disclosing what information is gathered, where the information is shared, and how the company safeguards that information. In addition, customers must be give the opportunity to “opt-out,” meaning their information cannot be shared with nonaffiliated third parties (Wikipedia: Gramm–Leach–Bliley Act).
Other laws include: The Children’s Online Privacy Protection Act (COPPA), The CAN-SPAM Act, The Truth in Lending Act, The Fair Debt Collection Practices Act, Telemarketing and Consumer Fraud and Abuse Prevention Act.
Still, accidents happen. Companies slip up and their vulnerabilities are swiftly exploited. With so much constant online activity, vigilance is more crucial than ever!
For best practices in safeguarding data and protecting your privacy, review these best practices from US-CERT (the United States Computer Emergency Readiness Team), a division of Homeland Security:
The best protection is preventative maintenance. Be proactive today instead of reactive tomorrow (you’ll be glad you did)!