Orientation for a Digital Life
Campus tours are underway at universities and colleges all over the world. Wide-eyed high schoolers and anxious parents are strolling the sidewalks and touring the buildings of their dream schools curious about what is just around the bend.
The fact is, college life for today's co-eds is rife with risks - and not only from the usual suspects. Kids now have to worry about personal data and privacy threats that simply didn't exist when many of us embarked on our post-secondary educations.
Read on to learn more about the peril facing both the young and the seasoned among us. If you're so inclined, share it with a student or two who may benefit from  more awareness of the hazards facing them in a brave new world.  

Your Cheat Sheet to Good Personal Data Hygiene
Get a guide to online trackers
Regardless if you're a student or a professional, you're spending a lot of time online these days - we all are! Do you know which sites are tracking which information about you? 

I asked that question during a recent visit to the CWI Live morning show. If you get a chance to watch, you'll see I offered the audience a pdf with more information. You are welcome to it, as well. Just send me an email request, and I'll get it right over to you. 
The other resource we discussed was an online service called Ghostery TrackerMap. The tool allows you to see how many different entities are taking information from your computer or mobile device when you land on a web page, use an app or "like" something on a social media site. You'll be able to see who is collecting things like your IP address, what times and for how long you were online, which apps you've downloaded, your address, phone number or even your contacts and their personal data.
Check it out. I think you'll be surprised by what you find.
QUICK TIP FOR COLLEGE KIDS: Don't "like" everything your friends post just so you won't hurt their feelings. When you do, their activity becomes your activity. Marketers, law enforcement, creditors and others are watching what you "like," which may lead to false conclusions about you.  
Outdated Laws 'Protect' Digital Communication
Electronic Communications Privacy Act (ECPA) needs a rehaul 
Although the ECPA is in place to protect U.S. citizens' email communication, it was put into law in 1986. Shockingly, the law hasn't changed since!
The ECPA says the FBI and other law enforcement agencies can't have access to those emails without first getting a warrant until 180 days have passed. Of course, a few things have changed since this law was developed. 

Back then, there were only an estimated 100,000 to 200,000 email addresses in the entire U.S. Today, there are billions worldwide. Also, email in the 1980s was not kept in the cloud; it was delivered directly into the recipient's computer. When you deleted an email in 1986, that was it. It really was deleted. Today, we accumulate massive amounts of email that is stored and gathered forever by providers like Gmail, Yahoo, Microsoft, Facebook and literally thousands of others.
419-0 was the overwhelming U.S. House of Representatives vote to rehaul the ECPA. Unfortunately, the Senate's judiciary committee stopped it from going anywhere until an amendment was considered. That amendment would allow the FBI unfettered access to our digital communications (e.g. texts, chats, messages and emails), and even further to online activities, without a warrant so long as they have a national security letter (NSL). Now, we already have emergency access to digital data by the FBI covered in the U.S.A. Freedom Act, so there's really no need to consider this amendment.
I spoke about this more on CWI Live last week. Take a listen and let me know what you think. For more information, check out my LinkedIn post on the topic, as well. 
QUICK TIP FOR COLLEGE KIDS: It's so important for you to pay attention to what is going on with your government. Contact your legislators on this issue when you get back to school in the fall.  

Bonus points if you can spot me in this photo! I'm posing with fellow members of CMSU Kappa Mu Epsilon, a mathematics honors society.
Social Media Tips for College Students...
... or really anyone who uses it!
Social media tips and etiquette continue to evolve alongside our connected society. But here are a few I thought were good... at least for now:
Don't be a 'Phubber:'  Phubbing, or phone snubbing, happens when one person takes their attention away from the person they are engaging with in "real life" to look at their phone. A 2015 study from Baylor University found this kind of behavior is actually damaging romantic relationships and leading to higher levels of depression.
Be Aware Colleges are Watching: Students applying to universities should know college admissions officers are checking social media at an all-time high rate. Don't think it matters much? Well, social media negatively impacts a student's application 37 percent of the time, a recent study found.

You're Known by the Company You Keep: Gail Hand advises, "Let someone whose opinion you value highly (parents, favorite aunt, mentor, etc.) be connected to you on all of your social media sites... these people want you to be successful." This is particularly important as more decision makers, such as bank lending officers and university applications folks, use social networks to evaluate an applicant's trustworthiness. 

Even 'Trusted Sources' Can't Always Be Trusted
Advice becomes outdated in a fast-paced digital world
We used to advise our family and friends not to open an attachment or click a link unless they trusted the source. Well, that advice has to change. 


Because cybercriminals have gotten really good at spoofing the email addresses and social media accounts of legitimate people - people you know.
Spoofing is not hacking. At least not in the traditional sense. 

Whereas a hacker gains access to your account by learning your password, a spoofer just creates a look-alike account. He or she grabs just enough information about you off the web to help create the account and then goes after your contacts. Because your contacts consider you a "trusted source," they are more likely to click on embedded links or open attachments from the spoofer.
That's one of the myriad ways ransomware is finding its way onto the computers of more people. So stay alert.
QUICK TIP FOR COLLEGE KIDS: If you get a connection request from someone you are already connected with, take a closer look. Is there something off about the account? Maybe it's missing a profile picture, the name is slightly misspelled or the person doesn't have many contacts. If you spot these red flags, be careful. It's likely a fake. Make an actual call to your friend to let him or her know about the situation. 
Tracking More Than Fitness 
Exercise apps won't let you delete personal data
A friend who has recently renewed her commitment to exercise asked me to look into a couple fitness apps she's been playing around with. They were MapMyFitness, MyFitnessPal and Google Fit.
Whenever I jump into something like this, I always start with the privacy policy. So that's what I did with these apps, the first two of which are owned by Under Armour (UA).
UA's privacy policy did have quite a few loopholes that basically leave the door open for wide data use. The lack of specifics mean they are essentially using the data any way they want. Here are a few examples:
  • We also use the data to better understand Athlete preferences and to enhance our Services.
  • We and our business partners may use the Personal Data and Other Information we collect to conduct commercial or academic research on demographics, interests, and consumer preferences to gain insights about our Athletes, the products and services Athletes use and also to develop innovative products and services for our Athletes.
  • This analysis may be leveraged and shared outside of Under Armour.
In addition, there was a key topic missing from UA's privacy policy - there was no way to remove your data or to see what data they have on you. Interestingly, UA does give customers in other countries these abilities. Americans are not entitled to the same.
My advice to my friend was this: If you want to use a fitness app, go for one from a vendor focused on fitness only (not Big Data giants like UA or Google). Make sure they have a fully transparent privacy policy, will let you access your own data, will allow you to delete that data and will answer your questions directly without being vague.
QUICK TIP FOR COLLEGE KIDS: If an app you've downloaded won't let you see the data they have on you or allow you to remove it, pass. That's a poor practice and an indication the app's developer either 1) has a lot of data, and/or 2) it's data you would not want shared. 

Me with my boys on the Norwich University campus in 2007, where I've been an Adjunct Professor for the MSISA program since 2005
Privacy Professor On the Road & On the Air

On the road again 

One of my favorite things to do is visit with leaders in different industries - healthcare to energy and beyond. Below is a schedule of where I'll be over the next few months.
July 28: (Live Presentation) Internet of Medical Things conference, Princeton, New Jersey

October 24 - 26: (Live Presentation) "Vendor Management," Privacy + Security Forum, Washington, D.C.  
November 9 - 11: (Live Workshop) "Going Digital? Think Privacy Impact and Security Design," Data Privacy Asia Conference, Singapore
Taking to the air waves

CWIowa Live, a morning TV broadcast, regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out this online library to watch recent episodes. I will be visiting in-studio again later this month. 

In the news

Secure World has begun to republish the monthly Tips message. If you happen to miss one or the email filters file somewhere unknown, you might check there (or just give me a shout; I'm always happy to resend.)

Questions? Topics?

Have a topic I should discuss on the CW Iowa Live morning show? Or, a question I can answer in my next monthly Tips? Let me know!

Education has always been such an important part of my life. Here I am
with my dad on the day he received his Specialist in Education degree from the University of Central Missouri in Warrensburg, Missouri, USA.

Best of luck to those of you seeing your kids off to college soon. We are going through the same in my household as we speak. Three college visits planned for this summer! It's going to be an interesting, and exciting, few weeks. 
Wishing you a terrific summer!

Rebecca Herold
The Privacy Professor
Need Help?

Permission to Share

Want to repurpose the information contained in this Tips? Yes, please forward in its entirety. 

If you prefer to use only excerpts, please use this attribution:

Source: Rebecca Herold, Founder, The Privacy Professor®, privacyprofessor.org, privacyguidance.com, SIMBUS360.com, rebeccaherold@rebeccaherold.com 

NOTE: Permission for excerpts does not extend to images, some of which are my own personal photos. If you want to use them, contact me.