Rebecca Herold

The Privacy Professor's
Tips of the

Be Aware of Impending Privacy Scare


As children (and many adults) prepare their Halloween disguises, crooks and thieves, too, are conjuring up camouflages to fool you into giving out your personal information.



With October as National Cyber Security Awareness Month, it's an ideal time to educate yourself. Read on for the latest tricks designed to snag your treats. 

Your Internet Afterlife

You've heard the warning: What you put on the Internet lives there forever. But have you truly considered how long forever really is?

Today there are options for removing unsavory content from online sites. Although it's difficult, it's possible in many cases -- because you are alive and capable of taking action. But what if you are gone from this life? Will the information you posted haunt your survivors?

Check out this article for more on the steps you can take now to prepare for (gasp!) "the inevitable." I provide additional thoughts about this topic in an article I wrote a few years ago that is still valid today, "Is There Privacy Beyond Death?"

Similarly, you should be concerned about your valuable digital assets, such as online photos and iTunes playlists. Will your friends and family be able to access your digital property? As one lawyer recently told The Wall Street Journal:

"In the olden days, grandma had a chest in the attic full of photo albums. Now, your chest of photos is in your computer."


Marketers are Dying for Your Facebook Data

...and Facebook wants to help them get it. In fact, the social network giant -- now under pressure from stockholders to produce revenue -- has developed new functionality designed to help advertisers better find you on Facebook.

So long as you have voluntarily given your phone number or email address to a company, that company can now use it as a means for searching and locating you on Facebook.

Be sure to check and update your settings on Facebook (and other social sites), as new functionality is added frequently, threatening your assumption of privacy online.  


Speaking of Facebook, be sure you are aware of another change that could result in having your emails sent to Facebook. In June, Facebook changed everyone's email address visibility settings to hide the email addresses we purposefully shared with friends, leaving just @facebook.com addresses. For folks who did not change this back, and for folks using the new iPhones, running iOS 6, this could result in having the preferred email addresses being replaced by @facebook.com addresses...and having sensitive information saved to the Facebook systems (a far-from-secure system to keep email messages). See more about it here.



Most Important Language Buried Deep

Like I imagine many of you did, I recently reviewed PayPal's newly updated privacy policy, which it distributed to all users via email in September. My critique? Overall the payments company did a pretty good job of providing thorough information.

That said, most of the folks using PayPal are not lawyers, nor are they privacy experts. So it would have been far better if PayPal had reordered the information sent in their e-blast message, moving to the top the information that the broadest reading audience would want to know (e.g., "How we share personal information with other PayPal users"). 

PayPal is not alone in this practice. So remember, always read to the end, as that is typically where you will find the "meat" of any privacy policy.

Another thing to keep in mind when reviewing privacy policies is this: While a company many not voluntarily choose to share your information, some day they may be compelled. Law enforcement and certain government agencies have ways of "convincing" companies to release their secure personal data files. 
Your Data Privacy Day Undertaking

Have you begun plans for Data Privacy Day 2013? It's never too soon to start. The event -- an effort to empower people to protect their privacy, control their digital footprint and escalate the protection of privacy -- is scheduled for January 28, 2013. That's just around the corner!

In my home state of Iowa, I have successfully worked with the Governor's Office to secure the declaration of Data Privacy Day statewide for the past several years. Leveraging the declaration, I've issued news releases including tips for both consumers and businesses and worked with the local media to spread the message in our capital city of Des Moines.

I'd love to hear your creative plans for this important day. Certainly get in touch to share your ideas, and I'll get some eyeballs on them here in this monthly tips message. 
Apps Come Back to Haunt You

Can you count your apps on one hand? Two?

As smartphones have found their way into more pockets and purses, the tendency to become "app happy" has struck more than one consumer.

Often folks will download an app, input their personal information, allow it to track and store their locations, purchase behaviors -- heck, even account numbers -- and then forget all about it. Meanwhile, the application is running in the background gathering (and potentially sharing with third parties) the private and personal details of their lives.

Have you set an app to auto-broadcast your location to a social network? Here's hoping you remember that before you arrive at the amusement park on a "sick day."

Does that pizza place auto-fill your credit card number when you order a pie online? That's one lucky thief who gets a hold of your smartphone.

Make it a practice to review your apps often. A good time to do this is now; delete the ones you are not using. A friend of mine was surprised to find she had accumulated over 200! Then, check again whenever you have an app ask you to download an update. As those notices come in, don't just ask yourself if you'd like to update (which is an important step, as many apps improve their security and privacy standards with these updates); also ask yourself if that's truly an app you need to have on your smartphone, laptop or any other type of computing device you use
Apps Dressing Up as Innocent Fun

Many people mistakenly believe that any application found on Facebook has been vetted by Facebook, and is therefore safe. False. As this article on Facecrooks points out, anyone can create an app for publication on Facebook.

Facebook users are also guilty of clicking through the permission screen, potentially missing key information on how the application's developers plan to access their Facebook information (for those that actually provide such information). Take the time to read these screens thoroughly before clicking OK. If an app does not provide information about how they will use your information, then don't download; it's just not worth the potential problems, no matter how yummy fun the app sounds.


A Few Things I'm Up To...


October 9: IAPP Privacy Academy 2012 CIPP Certification Foundation Training, San Jose, CA


October 10: IAPP Privacy Academy 2012 CIPP/US Certification Training, San Jose, CA 

For those of you in the healthcare industry, or business associates of healthcare covered entities, here are a few more things you may be interested in: I am co-presenter for the HealthcareInfoSecurity.Com webinar: "Dept. of Health & Human Srvcs: Privacy and Security Strategies for Smaller Healthcare Entities" and a partner in Compliance Helper.  


In my neck of the woods, a good chill starts to set in this month, reminding us of the value of life's basics -- food, shelter, safety. Yet just when you are feeling comfortable, along comes a surprise.

Here's hoping each of you continues to keep your guard up, ever mindful of those "Boo!" moments.

I wish you all a beautiful, healthy and safe fall!
Rebecca Herold, CISSP, CIPP
The Privacy Professor®
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564, Business: 515.996.2199