Tag Archives: privacy

What Do You Know About GDPR?

Posted on by
Reply

I recently attended a lecture by a former FBI special agent on the topic of cybersecurity. Sounds cool, right? (It was!)

I’ve been paying close attention to the topic that is now top of mind for many since last summer, when I wrote this story for BizVoice® on fraud and cybersecurity issues, including what businesses should be doing to help prevent potential cyberattacks.

While I sat in a small room with 20 or so people who seemed genuinely surprised by much of what the former agent was saying, not much of it came as news to me (and I’m not bragging – I just went through my shocked phase last year when researching my story). But one thing I’d never heard before was something known as GDPR, an acronym for General Data Protection Regulation.

GDPR was passed in the European Union (EU) and takes effect in late May. It expands the rights of individuals under the regulation with regard to data privacy and places new burdens on companies or businesses that handle private data. And you might be thinking, “I’m in Indiana, not the EU.” And that’s true, this regulation primarily impacts users in the EU. But it also impacts any businesses or organizations that operate in the EU.

Indianapolis-based DemandJump recently posted a blog focusing on GDPR and how it impacts companies here in the United States, with links and a video to help others learn more about the potential impact:

From an internet user standpoint, this policy only affects those people located within the jurisdiction of the EU. However, companies that do business in the EU – regardless of where they are located – must also abide by the same rules, which has left many in the global technology industry reeling to meet these strict privacy standards by the May 25th deadline.

The GDPR is one of the first major legislative acts of its kind, but it certainly won’t be the last. The question is not whether the United States and others will pass a similar bill, but when.

At DemandJump, we have always believed in and respected the privacy of internet users, and we hold ourselves accountable for individuals’ rights to privacy and security. We also understand there is some sensitivity around data right now, and, well … we love data.

The truth is, data can be an amazing asset when used and handled responsibly, helping to automate, expand, speed up, and generally improve the world we live in. But those improvements should not come at the risk of individuals’ privacy.

Luckily for everyone, they don’t need to.

What is Data Privacy?

Check out this video from our very own Brad Wilson, Director of Engineering and Data Protection Officer at DemandJump about data privacy and GDPR.

In the context of GDPR – and the broader discussion about data privacy – the main goal is to put control over personal data back into the hands of individuals. This means that if any individual does not want to be recognized or known by a data consumer, they have the ability to instruct any system to “forget me”. This would trigger a string of technical actions which would anonymize their information, making it very difficult for any person, business or technology system to identify that person individually.

Fundamentally, this movement is not so much about restricting the usage of personal data as it is about giving control back to individuals. It’s about companies being open and transparent about what personal data they have on individuals, and about the way they handle that data.

For 10+ years there has been a lot of fuzziness and disparate regulation around data privacy and transparency. The EU is saying “no more”, and it’s highly likely that other regulatory bodies will follow suit.

Cybersecurity and data privacy experts will come together for the Indiana Chamber’s inaugural Cybersecurity Conference (in partnership with the Indiana attorney general’s office) on May 1-2. There’s still time to register for the two-day conference held in downtown Indianapolis, with focuses on responding to litigation following a data breach, vendor management, lessons from the defense industry and much more.

Social Connection at What Cost?

Posted on by
Reply

It’s been fun, guys.

Digging our heads into the sand and enjoying our social media. Happily sharing gifs, memes, videos, photos with one another, connecting with friends (or frenemies) from high school and posting political opinions that will change exactly no one’s mind.

On some level, we probably all knew that Facebook was tracking our every “like” and “share” online. And yet, the reality of that fact has come crashing down on us over the past few weeks as privacy scandals at Facebook are making headlines.

Understandably, there’s a #DeleteFacebook campaign ongoing. And yet, I haven’t deleted my Facebook account, with no plans to do so. What about you?

While I’m not planning to leave Facebook, I have identified recently with a scene from NBC’s “Parks and Recreation,” where privacy-conscious Ron Swanson is alerted that web site cookies exist and that Google Maps has a photo of his house:

(He’s throwing his computer in the dumpster, FYI.)

But that’s not a solution. Maybe for some it is, but not for me and probably many others working in today’s world, who need to utilize and understand technology and social connection.

However, we can – and should – all do a better job of understanding just what we’re agreeing to when downloading new apps and sharing on social media. Instead of an “ignorance is bliss” outlook, take a thorough look through your privacy settings and advertising settings and be very specific about what information you want to share with each platform or app.

If you are interested in downloading the full archive of what data Facebook contains about you, this article from Inc. includes an easy five-step process:

How to Get Your Data

In typical Facebook fashion, it’s easy to get this data, but only if you know exactly where to look. That’s what I’m here for.

  1. Click this link. You’re looking for facebook.com/settings. If for some strange reason that doesn’t work, on desktop, you want to click the little upside-down triangle in the upper right-hand corner, then drop down and click “Settings.”
  2. Click where it says “Download Archive.” You will likely have to reenter your password. Facebook will need about 10 or 15 minutes to compile your data and will send you a link via email to get your information.
  3. Check your email spam folder; the message Facebook sent me wasn’t readily visible in my inbox. The subject should read “Your Facebook download is ready.” Click the link in your email and you’ll be sent back to Facebook again–and probably have to enter your password once more. (This is a good thing; there’s a lot of personal information in the files they’re sending you.)
  4. Click the “Download Archive” button on this second screen, and you’ll download a .zip file that should be called: “facebook-YOURUSERNAME.zip.” Extract the files by clicking on the .zip file in most cases, and you’ll wind up with a series of folders. There should be a file called simply “index.html.”
  5. Click on that, and the archive should open in your browser.

I’m going to download my Facebook data – mainly to see what it contains and how accurate some of it is. I joined Facebook when I was a sophomore in college, back in 2005. So, I’ll have 13 years of data to comb through and I’m assuming it’s going to be as embarrassing as when I read back through my diary from junior high.

Breaking Bad? Google Chairman Warns That Governments Could Effectively ‘Break Internet’

Posted on by
Reply

WIn a recent event hosted by Sen. Ron Wyden (D-Oregon), Google Chairman Eric Schmidt offered an alarming prediction that governments, especially our own, could end up splintering the Internet into pieces. This, he argues, is because countries may prefer to operate their own Internet instead of allowing surveillance organizations, such as the National Security Agency, to collect data on their citizenry.

Wyden added that this would hurt American tech companies — and thus eliminate some American jobs.

Be sure to read the full National Journal article about these remarks, and watch the brief video featuring Schmidt’s comments.

Understanding Privacy in the Workplace

Posted on by
Reply

Patrick Devine recently penned the following column for Inside INdiana Business about privacy at the office. It's a worthwhile read for employers and employees alike, and may help you get a better understanding of where privacy begins and ends in the workplace dynamic.

My wife and I recently decided to complicate our daily routine by buying a puppy. The time came to pick up the adorable little nipper from the breeder whose location is about a two-hour drive from our home. The breeder generously offered to shorten our trip by meeting us at a highway rest stop. She included in her email that we could still opt to drive to her house as she "has nothing to hide." Did she really mean that? Being a curious and suspicious soul (aka an attorney), I chose to see the "kennel." My immediate thought after the visit was that when someone tells you they "have nothing to hide," they probably have something to hide.

When an employer is conducting an interview of a prospective employee, or a work place investigation, or simply monitoring the company’s email system, the employee may say: "Go ahead, I have nothing to hide." Does this "green light" change the equation for balance between the employer’s legal and the employee's privacy rights? An employee's expectation of privacy in the workplace can become a thorny issue. Most thorn-pricks can be avoided if the employer has well-written policies that are provided to the employee and are enforced consistently and are consonant with the employer's business interest, the type of information involved and the level of intrusion needed by the employer. This is referred to as managing the employee’s expectation of privacy.

The laws and regulations protecting employee privacy rights are too numerous to list here. One obvious example would be the expectation of privacy in certain employee medical information created under the Health Insurance Portability and Accountability Act (HIPAA). Another example are the federal and state laws that address an employer’s right to access and monitor employees’ use of the company’s electronic communication systems.

With greater technological access to both work-related and personal information about their employees, employers should comply with any notice and consent requirements, and distribute policies consistent with the laws. A relatively recent issue is employee-owned tablets and devices connected or synced to the employer’s network. This creates a situation where the employee should be advised of the trade-off between expectations of privacy of their personal information on their devices and access to the employer’s network.

Again, the employer can limit the possibility of claims of invasion of privacy by properly managing employees’ expectation of privacy.

As for our puppy, I definitely "have nothing to hide" from the neighbors when I race out of bed in the middle of the night to take him outside to do his "business." The cold January wind whips right through what little I had time to throw on before puppy has a mistake on the floor.

Microsoft Hopes to Help You Avoid the Nosy “Gmail Man”

Posted on by
1

After touting Google+ last week on this blog, it’s only fair that I also mention Microsoft’s efforts in its new Office 365 email program. According to PR Daily, the video below was shown by Microsoft at its annual global sales conference. Actually makes a pretty important point about personal privacy:

“I Know What You Made Last Summer”

Posted on by
Reply

‘Tis the season for scary movies — and, I suppose, scary concepts. We hear a lot about transparency here in the United States, and it certainly appeals to many voters in as much as we want to know what the government is doing. But Norway has taken the concept to an eerie new level, and it’s under that guise that they now reveal incomes of almost every taxpayer. Yeah, that’s right. You know that neighbor who always comes over and talks to you while you’re trying to do yard work? Well, he has a new topic: Your income.

Many media outlets use the tax records to produce their own searchable online databases. In the database of national broadcaster NRK, you can type a subject’s name, hit search and within moments get information on what that person made last year, what was paid in taxes and total wealth. It also compares those figures with Norway’s national averages for men and women, and that person’s city of residence.

Defenders of the system say it enhances transparency, deemed essential for an open democracy.

"Isn’t this how a social democracy ought to work, with openness, transparency and social equality as ideals?" columnist Jan Omdahl wrote in the tabloid Dagbladet. He acknowledged, however, that many treat the list like "tax porno" — furtively checking the income of neighbors or co-workers.

Critics say the list is actually a threat to society.

"What each Norwegian earns and what you have in wealth is a private matter between the taxpayer and the government," said Jon Stordrange, director of the Norwegian Taxpayer’s Association.

Besides providing criminals with a useful tool to find prime targets, he said the list generates playground taunts of my-dad-is-richer-than-your-dad.

"The children of people with low wages are being teased about it in the schools," Stordrange said Thursday. "People with low salaries are being met with comments at the grocery store, ‘How can you live on these low wages?’"