Data Privacy: What’s Your Identity Worth?

No matter your security or technical prowess, the concept of data privacy poses many questions. Who is responsible for securing data? Should individuals be more vigilant about what they share? Should organizations have better data security practices? While there isn’t a single answer to these questions, we aim to take a deeper dive into data privacy, data security, and the roles and responsibilities each of these entities play.

Business by the Unwritten Book

When it comes to data privacy, organizations should be taking a proactive approach, not reactive. Transparency around the data they are collecting, why they are collecting it, where they are storing it, and most importantly who has access to it, are key factors of data privacy. Companies should consider their potential responsibility for notifying and educating their customers on how data is collected, held, and used as part of their wider public privacy policy.

Senior Vice President of Security Consulting Kevin Dunn explains that, “Policy is not enough by itself. Organizations need to proactively secure their customers’ data to safeguard privacy.”

For their own protection and the protection of their customers, organizations are tasked with finding ways to design systems and processes that match the need for data privacy and protection. One approach to potentially minimizing privacy risk is following the guidelines of Privacy by Design (PbD), a system engineering approach that considers privacy throughout the entire engineering process. PbD isn’t a new concept, but in a data heavy society it’s become more prevalent and important. It’s not a formal technical standard, but PbD serves as a best practice guide when creating data privacy policies. Dr. Ana Cavoukian’s seven principles provide a guide for companies to ensure privacy for consumers, while not interfering with innovation.

Can Consumers Catch On?

With the dawn of the digital age, consumers readily share personal information without the blink of an eye. Small decisions, like giving an application access to your social media profile might seem insignificant, but could have lasting negative effects. The accumulation of quick decisions is what ultimately puts people at risk.

Vice President of Risk Management John Rostern says, “We post our life story online, including the most mundane details, to create a very complete and open digital picture of our lives. Narcissistic? Perhaps, but try eradicating your digital history or presence. The memory of the internet is indelible.”

This begs the question: Do consumers value their right to privacy when they share information so freely? Most experts would argue they don’t. To that point, companies may not be inclined to expend the effort and cost to protect something that isn’t valued.

“Consumers have the power to hold companies accountable for data privacy,” Director of Bug Bounty Services Adam Ruddermann explains. “The more they voice their need for security, the more companies will take action.”

In the current tech landscape, protecting your data may seem unmanageable, but it’s not. The below tips can enable your data privacy efforts:

  • Read and Learn: Stop absentmindedly agreeing to privacy and security settings. Take the time to read and learn about how your data is being collected and how it’s being used.
  • Share with Care: Before you share any personal information, think about how sharing that data can be a vulnerability. Rostern advises, “If we start to measure the cost of disclosure, we may begin to appreciate the value of our identity.”
  • Click with Caution: Phishing scams are a common way for cybercriminals to steal your personal information. If a link or post looks suspicious, delete it. Some deals aren’t worth your livelihood.
  • Make Smart Choices: When using technology, research and choose companies that are serious about privacy from the beginning (including making data safe from their internal employees).
  • Re-evaluate Your Settings: If you think your privacy settings are out of date, check them.

Interested in learning more about security tips and trends? Follow @NCCsecurityUS on Twitter and LinkedIn.

Published date:  13 February 2018

Written by:  NCC Group

Filter By Service

Filter By Date