Category Archives: Privacy

Is Privacy Really Dead?

According to this article, Facebook founder Mark Zuckerberg recently said that “privacy was no longer a ‘social norm”’.   This convenient point of view comes less than a month after Facebook changed the way it organizes user information.  Under the old system, people had the option of being  placed into regional networks like “North Jersey”, while the new system removes this distinction so that your information can be visible to any Facebook user and not just those in your network.   

As well, the new “Everyone” setting doesn’t just limit your page to Facebook users – it allows access to everyone on the Internet, including Google , Yahoo! and any other search engine spiders.  In other words, if you use the Facebook default settings – which many new users do – you will end up posting to anyone with online access and you may now also end up on a search engine results page.  LinkedIn has been doing this for years now.  This increase in exposure is obviously the goal behind the recent Facebook changes.  In other words, Facebook will be able to grow it’s user base beyond its already staggering 350 million users.

There is obviously a simple solution:  Limit your visability to those who are friends and curtail what you post on your page that is made visible to non-friends.  Go to this site for detailed information on how to set your Facebook privacy settings.  Privacy is not dead – unless you choose to let it die.

Are you ready for Data Privacy Day?

On January 28, 2010, the United States, Canada, and 27 EU countries will celebrate the second annual Data Privacy Day.  If you go to the Data Privacy Day website, you will see links to some helpful privacy resources.

It is with no small bit of irony that Data Privacy Day will also approximately mark the one-year anniversary of the Heartland Payment Systems data breach, the largest privacy data loss in history – potentially impacting over 100 million credit card transactions.   Heartland recently negotiated a $60 million Visa settlement fund that will be used to reimburse Visa’s issuing banks.

Data Breaches, Encryption and ICs

In 2009, there were 498 reported breaches involving over 222 million records.   And, of these 498 incidents, only six firms reported that they had deployed encryption or another strong security to  protect the exposed data.   This is not surprising given that most notification laws provide a safe harbor for encrypted data.  In other words, there would not have been a need to report. 

As well, of the reported records impacted by the breaches, 59% could be attributed to the conduct of independent contractors.  Last year, over 45% of all breached records – 16 million – were compromised by the actions of independent contractors. In fact, the Ponemon Institute reports that 29% of all breaches are caused by third-party negligence.   As the year progresses and budgets continue to be squeezed, the due diligence that was once used to vet vendors will unfortunately slip a bit. And, when vendor engagements start favoring pricing over controls, the resulting increase in vendor data loss may prove staggering.

Improving independent contractor due diligence by employing only those small business vendors with sound data protection practices in place will go a long way in improving your risk profile.  Moreover,  in addition to being a sound way to better protect sensitive data, encryption deployment has the added benefit of protecting you from notification laws and resulting lawsuits.  The public notices speak for themselves.

Data Theft by Former Employees

With unemployment now stretching past 10%, the Ponemon Institute “Data Loss Risks During Downsizing” survey conducted last year is more relevant than ever.  This survey found that 59% of employees who leave or are asked to leave a company are stealing proprietary or sensitive corporate data. Moreover, 79% of these respondents admit that their former employer did not permit them to leave with company data. Not surprisingly, 67% of respondents used their former company’s proprietary information to leverage a new job.