This week on Sunday January 28th was Data Privacy Day. Here are my thoughts about digital privacy in 2018.

What Is Data Privacy Day?

Data Privacy Day is an international holiday every year at that time to raise awareness and promote privacy best practices. In the United States the leading advocate for Data Privacy Day is the National Cyber Security Alliance.

Data Privacy Day in the US started initially with a non-binding resolution by the US House of Representatives in 2014 .

Read about House Resolution 337 (113th Congress, 2nd session) in more detail here.
For a quick introduction read the Wikipedia Information Privacy page.
CMU held an event celebrating International Data Privacy Day. It has some interesting links worth checking out.

Who Cares? Nobody is After My Data.

I wish that were the case but there is great interest and efforts made from different organizations and individuals to gather, store, analyze, and implement actions based on the data you share, generate, or is otherwise collected about you.

How Is My Private Data Being Collected?

Pez collection — **It start with Pez dispensers then graduates to your data!**

Your data is collected in ways both simple and elaborate. Look at this infographic about privacy in a growing internet of me. It shows a few common items that many people own/use and some basic information they are able to surmise. It is a short jump away to creating a realistic and actionable personal profile of you.

Online Tracking and Targeted Ads

Sometimes it is done through online tracking and targeted ads. Browsers store cookies with info about your web browsing habits and are read by the different sites you visit. Device fingerprinting can uniquely identify a browser based on its configurations and settings – no cookie needed. Web beacons, invisible images used to monitor online behavior, can be used with cookies.

Try this – visit Amazon and browse for some item. You will notice days later you get ads of that item on various pages you visit. Sometimes the info is used for targeted ads by the site and other times it is sold to other companies who want to target specific people for their products.

Data Breaches

A report by the Online Trust Alliance states the number of cyber incidents targeting businesses has almost doubled from 2016 to 2017. Ransomware was the most newsworthy attack but not alone. Targeting corporate email can yield a treasure trove of information that can be used for nefarious means.

When was the last month you didn’t read about a huge data breach?

The full report: Cyber Incidents & Breach Trends Report

Internet of Things

IOT devices are being adopted in greater numbers. From smart televisions, Amazon Echo, wearables, speakers, cameras, cars, to various sensors placed in the house there are many devices gathering data about you and reporting it back.

Social Media

All of the bits of information you share on Facebook, Twitter, Instagram, etc are stored and mined. You’d be surprised what can be derived from your tweets, photos, posts, likes, etc.

How To Assert My Right To Privacy?

Privacy keyboard — Copyright Creative Commons – http://bit.ly/2nxlzdV

McAfee published a report recently from people they surveyed in a study of data privacy. It shows some interesting things about identity theft, family security, and home network security. Here are some key findings:

43% feel they lack control over their personal information
33% are unsure they can control how companies collect their personal information
37% of individuals use an identity theft protection solution
67% check accounts to prevent ID theft
37% use credit monitoring services
33% of parents do not monitor their child’s connected device usage
79% have talked to their kids about online safety
33% admit they don’t know the risks well enough to explain the dangers
52% were unsure of how to secure connected devices and apps
59% change the default password on devices right away
63% worry about ID theft from a home network breach
66% limit those who can access their home network

In general, one option is to opt out whenever you can. It may take some looking for but you can sometimes stop it here.

Understand that your data is valuable and treat it like it is. Find your comfort level with information sharing online.

Logins and Passwords

Any logins you have must be secured. Most people have terrible passwords that are easily guessable or broken with ease via brute force attacks. The proliferation of accounts we all maintain now doesn’t make it easier. Your memory is not the tool for this job. You need a password manager system like 1Password, LastPass, or Keepass.

Keep these key points in mind:

Get and use a password manager. Seriously.
1. Consider a paper copy (ex. a notecard) that contains the master password.
Longer passwords are better than complex passwords
Change all default passwords

Password Length > Password Complexity

NOTE: you can (and should) use complex passwords for your secret questions. If you don’t believe me look at Troy Hunt’s remarks before the US Congress last year.

Guard Your Smartphone

Protect your smartphones. There are some privacy settings you should use:

Use a passcode or biometric
Grant applications only what they need to have – nothing more
Be mindful of location tracking services – use judiciously

Multi-Factor Authentication

For most people this is 2FA. It boosts the security of your login credentials because it combines something you know (password) with something you have (an external value).

Google Authenticator is widely used for this. I need to shout out Authy as being a better alternative – it can be used anywhere Google Authenticator can be used (even if it doesn’t say).

If you can enable 2 Factor Authentication – please do so! Facebook, Gmail, Dropbox, Evernote, and many others offer it.

Virtual Private Network

It is quite affordable to purchase a VPN for personal use. The key benefits are that it encrypts your internet traffic, routes through its DNS servers, and for some they don’t keep logs of your activity. My recommendation is Private Internet Access VPN – their prices are reasonable and services are solid.

Definitely get a VPN if you travel or use public WiFi!

Read the Privacy Policies

These can be cryptic and long to read but reveal a lot you might not assume about your data collection and usage. UsablePrivacy.org put together a site to analyze privacy policies and teach you about them.

Get Political

In the US we don’t have much of a framework for this contemporary hot topic. One possible way to mitigate abuses toward privacy is to enact legislation.

The International Safe Harbor Privacy Principles suggest some starting principles to implement:

Notice – Individuals must be informed that their data is being collected and how it will be used. The organization must provide information about how individuals can contact the organization with any inquiries or complaints.
Choice – Individuals must have the option to opt out of the collection and forward transfer of the data to third parties.
Onward Transfer – Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
Security – Reasonable efforts must be made to prevent loss of collected information.
Data Integrity – Data must be relevant and reliable for the purpose it was collected.
Access – Individuals must be able to access information held about them, and correct or delete it, if it is inaccurate.
Enforcement – There must be effective means of enforcing these rules.

Read more about it at the Privacy Shield Framework.

The European Union (EU) has the rollout of GDPR coming this year. Consequently, it will be interesting to see how it works and the impacts it has both good and bad.