So… what’s the big deal about Privacy? Most uses think all they have to do is configure their Privacy and Security settings and voila, you’re good to go! Well, that’s part of it but there are other concerns. One concern is when users “unknowingly” volunteer personal information to a website or company and then that company uses the data to compile a profile for monetary gain. For example, let’s look at Facebook. When you signed up a few years ago, you probably used your real email but you fudged your birth date a little and you didn’t enter any other information. Even back then, you knew enough about online fraud to not enter all of your personal information, at least not up front. Nonetheless, over the years you’ve revealed more and more information about yourself to Facebook. Recently, you posted a message to your cousin (UserY) about your wonderful vacation to Hawaii. You also friended a co-worker, updated your status with a description of your new puppy, posted a picture of your beautiful new born son and, on June 14th, you received 100 or so, “Happy Birthdays!” on your wall. So, what does Facebook learn? Well, the first thing they think is “Ca – Ching , Mo’ Money!” Remember you are Facebook’s product not merely a User. With all this information, it can create a nice profile on your possible likes and dislikes – and get pretty close to accurate. Facebook knows 1) Your real birthday is June 14th, and not the fake date you entered when you signed up; 2) you are likely blood related to User Y (btw, User Y puts his every move on FB and is a lot less conscious about his privacy settings); 3) you just had a son (I’m sure Babys R’Us would like know this); 4)You love Hawaii (you’ll start seeing vacation coupons soon); 5) your cute little puppy indicates you are a dog lover (requests to donate to the local puppy shelter); and 6) if your co-worker has revealed her place of employment then your job is also clear. Companies such as online advertisers and marketers pay top dollar for this information. Also, if this information gets in the wrong hands, you can become the target of elaborate Phishing scams.
Now, this isn’t all bad. Even as a Privacy professional, I don’t mind a little targeted marketing every now and then. It helps with finding that perfect pair of shoes at the BEST price on the Internet or researching and comparing the best HD Flat Screen TVs. It’s all good. And, there’s nothing wrong with business growth in this wonderful new age of information and information sharing; however, companies should show respect and responsibility with the uses of your personal data. They should give you choice and notice – real notice, not text buried in the fine print. Allow people to voice concerns and opt out in easy ways. It’s not fair to keep you in the dark about what is going on behind the scenes. After all, you may still choose to share all of this information with companies like Facebook , and that would be your right to do so.
Then there are the companies that hold a lot of personal data that make hackers smile. The companies are targets simply because of the amount and type of user information they collect and use. They may not be engaged in selling or altering the information but they will be targets for a hacking scandal sooner than later. Regulators such as the Federal Trade Commission (FTC), Department of Justice (DoJ) and many of the States’ Attorney General Offices have made great strides in cracking down on companies with poor security practices but their efforts alone will not be enough. We all need to do our part to ensure personally identifiable information is collected, stored and used responsibly and is protected with industry standard security.
So, basically, Privacy and Security Professionals, Consumer advocates and Legislators want to see stronger policy, laws, regulations, best practices, and industry standards around the seemingly unfettered access to millions and millions of users’ data. This is an issue that will be with us for many years so buckle up for the ride, and decide where you stand in the debate.