An Eternal Commitment to Privacy Protections

 

It's wedding season in many parts of the world. As couplesof all backgrounds and in all geographies, both young and seasoned, come together, their communities are often standing by to show their support.

  

 


It's in that same spirit that the privacy and security industry extends its expertise to people around the globe. Our great hope is that with continuing education and eye-opening information, everyday citizens of the world will make their own life-long commitments - to protecting their 
personal information and making privacy awareness (for themselves and with those they share their information) a priority.

 

Read on to learn more about the world around you, including some of the more recent threats to your privacy.  

...to have and to hold  

My parents on their wedding day in 1948.
Facebook has endeared itself to billions. But do the devoted truly understand what they have signed up for?

 

Simply being a user of Facebook and other social media networks can make consumers attractive targets for scammers. Take this recent con, for instance, in which people are fraudulently persuaded to donate to the care of a critically injured infant (photos of which were stolen from a family who lost their child nearly two years ago). Here is another in which unsuspecting Facebook users pay taxes on phony financial windfalls. In this particular case, the victim of the scam became an unwitting part of the criminal activity, and now faces up to 10 years in jail.

 

Be careful not to fall for the lure of promises on Facebook. Not only may you fall victim to identity fraud and theft, you may also expose your friends in the process. As in the case above, you may even become a criminal yourself.

 

Perhaps more troubling is the amount of information social networkers are voluntarily, but unwittingly, revealing about themselves. Take the Vox article, "7 things you told Facebook without even realizing it," for instance. In it, the writer talks about a scary new app that will guess your location, income and passwords based on data you've shared via Facebook and other social networks.

 

One of Facebook's newest features, Nearby Friends, allows users to track one another to precise locations. Per the social network's own explanation: "When Nearby Friends is on, you can see when your friends are traveling if they're also using this feature and sharing with you." Today, this is an opt-in feature, but if you're like a friend of mine, you may have very easily enabled it from the mobile prompts Facebook has been pushing. If you suspect you may have inadvertently opted-in or you did so and have since changed your mind, instructions for disabling Nearby Friends are here. 
 
A second new feature allows Facebook to not only read the details of your life, but also to hear them. The as-yet-unnamed feature captures data from smartphone microphones to help users identify songs, movies or TV shows. Although Facebook claims it will not record the sounds, it will be very easy to have another app that does exactly that!

 


...from this day forward

What you put out there online, on apps, anywhere shared with others, will basically remain in one or more places forever. No matter how many times you hear it, it bears repeating. That's because developers behind apps like Snapchat are working around the clock to convince consumers that the opposite can be true.

 

The premise of SnapChat is that users can share "disappearing pictures." But as many of us have learned, disappearing pictures is not exactly the completepicture. Just watch the cat-like reflexes of any proud grandparent attempting to screen-capture a "disappearing" image of their grandchild, and you'll understand.

 

The writer of this Federal Trade Commission (FTC) article puts it best when she asserts, "Snapchat's popularity suggests that people love the spontaneity of sending a snap without worrying too much about how it might affect their online reputation. But the app might have lured users into a false sense of security."

 

Snapchat recently settled with the FTC after it made charges that the company's privacy policies weren't as stated.  In addition, Snapchat recently admitted to collecting and transmitting user data, which makes its recent security breach all the more perilous.

 

The escapades of this fledgling app developer is just more evidence that so-called temporary digital content is more fairy tale than reality.   

  

  

... for richer, for poorer

The criminal mind is extremely sharp, adaptable and tenacious... and often money-hungry. Scammers will target the pockets of anyone, rich or poor, to get their pay day. Here are a few recent traps these lawless individuals are perpetrating on the world:

 

Authorities Warn of Jury Duty Scam: People are asked to pay fines for missing jury duty they didn't actually miss.  This one is in Iowa, but they are occurring throughout the U.S.

 

Beware of Home Repair Scams, AG Advises: Storm season brings out con artists posing as legitimate contractors. Again, here in my home state of Iowa, but also occurring nation-wide.

 

What's the Deal with Google Work-at-Home Jobs: Phony emails and job postings for Google trick the unemployed.

 

***On May 20 alone, four job scams came into my personal email inbox! Judging from this UK Telegraph article, this is hardly a U.S.-only problem.

 

How to Avoid Becoming a Victim of a 'Catfish': This article has advice on watching out for the old bait-and-switch on social networking sites.

 

***By the way, the term "Catfish" was recently legitimized by the Merriam-Webster's Collegiate Dictionary with its very own entry. It was joined by Hashtag, Selfie and Big Data among others.

   

...in sickness and in health

In no industry is the need for strong quality controls more apparent than in the healthcare field. 

 

Proof of this came just last month as the Department of Health and Human Service imposed its  largest HIPAA fine ever ($4.8 million!) against New York-Presbyterian Hospital and Columbia University. There will increasingly be more, and larger, fines as time continues.

 

My new HIPAA book (I created the cover; see to the right!) will be out in October. In it, I and my co-author Kevin Beaver talk through the critical need for hospitals, universities, insurance companies and other healthcare organizations (called "Covered Entities" under HIPAA) to step up  their information-protection efforts. Of course, this call for increased action extends to the third-party businesses these Covered Entities hire, such as billing companies, cloud service providers medical device manufacturers, marketing firms and an endless number of other contracted entities (called "Business Associates" under HIPAA).

 

Specifically, we discuss the need for more intentional strategies in the area of protected health information (PHI) and all other associated medical information, security and privacy protection. We also offer practical advice and steps for how these strategies can be achieved.  

...until death do us part

Have you ever wondered what becomes of your online accounts after you die? The Washington Post recently looked into the question, and reports that "The immortality of one's digital accounts is one of the more morbid philosophical wrinkles of modern life." Here are a few of the take-aways from the article:

 

Family who want to access these accounts often can't.

 

Digital asset laws vary greatly by state.

 

The spookiest take-away: Artificial intelligence-like technology may someday Tweet in a user's voice after he or she dies. 

Privacy Professor Point of View

I've become an early riser thanks to my reoccurring stint on the KCWI 23 GreatDay morning show and I'm very grateful to the show for this fabulous opportunity to raise privacy and security awareness! I recently returned to talk with viewers about eBay's breach. You can view the entire segment here on YouTube.

 

Nothing gets me quite as riled up as companies and organizations that irresponsibly gather and share personal information in the name of marketing. One such incident inspired me to write this blog post, and I'd love to have you weigh by leaving a commentI wrote a follow-up blog post to provide businesses currently doing such privacy negligent practices some instruction on how to better protect privacy.

  

 

Privacy Professor on the Road

I love traveling the country and beyond to raise awareness of data security and privacy. Following is my early summer schedule. If you're in the area, stop by to say hello!

 

June 16: Providing the keynote about how to engineer privacy controls into the Internet of Things at the International Information and Computer Security Conference in Bogotá, Colombia 

 

August 19: Providing a session called "Cybersecurity & Business Data Privacy" at the IT Service Management Leadership Forum in Scottsdale, AZ

 

October 16 & 17: Providing a keynote at the Australian Information Security Association's National Conference in Melbourne, Australia. 

 

 

Need Help?

 

If you need any help with information security or privacy training and awareness, or if you must comply with HIPAA and need help (especially important now that the Omnibus Rule has gone into effect), please check out my Compliance Helper site or get in touch with me; I would love to help you!

  

You Have My Permission to Share

 

I receive a lot of requests to repurpose the information contained in these Tips messages, so I wanted to drop a quick note in here to say, "Yes, I approve!" Please use the following attribution so that others will know where to find me if they have additional questions about the material you pass along.

 

Source: Rebecca Herold (a.k.a. The Privacy Professor), privacyguidance.comrebeccaherold@rebeccaherold.com.

 

 


Many say their wedding day was among the happiest in their lives. Looking at this picture of me grinning from ear to ear on my own, I can't disagree. 

 

To all the fresh couples (young to worldy-wise) who are just starting their lives together this summer, I wish you a lifelong bond and great happiness. 

 

As you watch out for one another, keep those privacy tricks and traps in your view!

 

All my best wishes for a beautiful June!

 
  Rebecca
Rebecca Herold, CISSP, CIPM, CIPP/US/IT, CISM, CISA, FLMI 
The Privacy Professor®
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564