This week on Sunday January 28th was Data Privacy Day. Here are my thoughts about digital privacy in 2018.

What Is Data Privacy Day?

Data Privacy Day in the US started initially with a non-binding resolution by the US House of Representatives in 2014 .

Who Cares? Nobody is After My Data.

I wish that were the case but there is great interest and efforts made from different organizations and individuals to gather, store, analyze, and implement actions based on the data you share, generate, or is otherwise collected about you.

How Is My Private Data Being Collected?

Your data is collected in ways both simple and elaborate. Look at this infographic about privacy in a growing internet of me. It shows a few common items that many people own/use and some basic information they are able to surmise. It is a short jump away to creating a realistic and actionable personal profile of you.

Online Tracking and Targeted Ads

Sometimes it is done through online tracking and targeted ads. Browsers store cookies with info about your web browsing habits and are read by the different sites you visit. Device fingerprinting can uniquely identify a browser based on its configurations and settings – no cookie needed. Web beacons, invisible images used to monitor online behavior, can be used with cookies.

Try this – visit Amazon and browse for some item. You will notice days later you get ads of that item on various pages you visit. Sometimes the info is used for targeted ads by the site and other times it is sold to other companies who want to target specific people for their products.

Data Breaches

A report by the Online Trust Alliance states the number of cyber incidents targeting businesses has almost doubled from 2016 to 2017. Ransomware was the most newsworthy attack but not alone. Targeting corporate email can yield a treasure trove of information that can be used for nefarious means.

When was the last month you didn’t read about a huge data breach?

The full report: Cyber Incidents & Breach Trends Report

Internet of Things

IOT devices are being adopted in greater numbers. From smart televisions, Amazon Echo, wearables, speakers, cameras, cars, to various sensors placed in the house there are many devices gathering data about you and reporting it back.

Social Media

All of the bits of information you share on Facebook, Twitter, Instagram, etc are stored and mined. You’d be surprised what can be derived from your tweets, photos, posts, likes, etc.

How To Assert My Right To Privacy?

McAfee published a report recently from people they surveyed in a study of data privacy. It shows some interesting things about identity theft, family security, and home network security. Here are some key findings:

43% feel they lack control over their personal information

33% are unsure they can control how companies collect their personal information

37% of individuals use an identity theft protection solution

67% check accounts to prevent ID theft

37% use credit monitoring services

33% of parents do not monitor their child’s connected device usage

79% have talked to their kids about online safety

33% admit they don’t know the risks well enough to explain the dangers

52% were unsure of how to secure connected devices and apps

59% change the default password on devices right away

63% worry about ID theft from a home network breach

66% limit those who can access their home network

In general, one option is to opt out whenever you can. It may take some looking for but you can sometimes stop it here.

Understand that your data is valuable and treat it like it is. Find your comfort level with information sharing online.

Logins and Passwords

Any logins you have must be secured. Most people have terrible passwords that are easily guessable or broken with ease via brute force attacks. The proliferation of accounts we all maintain now doesn’t make it easier. Your memory is not the tool for this job. You need a password manager system like 1Password, LastPass, or Keepass.

Keep these key points in mind:

Get and use a password manager. Seriously. Consider a paper copy (ex. a notecard) that contains the master password. Longer passwords are better than complex passwords Change all default passwords

Password Length > Password Complexity

NOTE: you can (and should) use complex passwords for your secret questions. If you don’t believe me look at Troy Hunt’s remarks before the US Congress last year.

Guard Your Smartphone

Protect your smartphones. There are some privacy settings you should use:

Use a passcode or biometric

Grant applications only what they need to have – nothing more

Be mindful of location tracking services – use judiciously

Multi-Factor Authentication

For most people this is 2FA. It boosts the security of your login credentials because it combines something you know (password) with something you have (an external value).

Google Authenticator is widely used for this. I need to shout out Authy as being a better alternative – it can be used anywhere Google Authenticator can be used (even if it doesn’t say).

If you can enable 2 Factor Authentication – please do so! Facebook, Gmail, Dropbox, Evernote, and many others offer it.

Virtual Private Network

It is quite affordable to purchase a VPN for personal use. The key benefits are that it encrypts your internet traffic, routes through its DNS servers, and for some they don’t keep logs of your activity. My recommendation is Private Internet Access VPN – their prices are reasonable and services are solid.

Definitely get a VPN if you travel or use public WiFi!

Read the Privacy Policies

These can be cryptic and long to read but reveal a lot you might not assume about your data collection and usage. UsablePrivacy.org put together a site to analyze privacy policies and teach you about them.

Get Political

In the US we don’t have much of a framework for this contemporary hot topic. One possible way to mitigate abuses toward privacy is to enact legislation.

The International Safe Harbor Privacy Principles suggest some starting principles to implement:

Notice – Individuals must be informed that their data is being collected and how it will be used. The organization must provide information about how individuals can contact the organization with any inquiries or complaints.

– Individuals must be informed that their data is being collected and how it will be used. The organization must provide information about how individuals can contact the organization with any inquiries or complaints. Choice – Individuals must have the option to opt out of the collection and forward transfer of the data to third parties.

– Individuals must have the option to opt out of the collection and forward transfer of the data to third parties. Onward Transfer – Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.

– Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles. Security – Reasonable efforts must be made to prevent loss of collected information.

– Reasonable efforts must be made to prevent loss of collected information. Data Integrity – Data must be relevant and reliable for the purpose it was collected.

– Data must be relevant and reliable for the purpose it was collected. Access – Individuals must be able to access information held about them, and correct or delete it, if it is inaccurate.

– Individuals must be able to access information held about them, and correct or delete it, if it is inaccurate. Enforcement – There must be effective means of enforcing these rules.

Read more about it at the Privacy Shield Framework.

The European Union (EU) has the rollout of GDPR coming this year. Consequently, it will be interesting to see how it works and the impacts it has both good and bad.

Don’t Give Up

Be inspired by children’s drawings about their understanding of privacy. This was put together by the CMU CyLab.

Did you find this helpful? Please subscribe!