The privacy of our data is a topic we should all continually become more familiar and with January 28 being Data Privacy Day, there’s no better time to start then now. First off, there’s a difference between the security of your data and its privacy. Both of these topics play within the same arena and are commonly misused as synonyms, but there’s a more subtle difference between the two of them. With security you’re looking to protect the confidentiality, integrity, and availability of you data from unauthorized individuals. With data privacy you’re more concerned with the groups you’ve given access to your data are acting in a way they’ve agreed upon when being trusted with it. Now that privacy’s becoming a bigger concern each year we’re noticing a few trends occurring that are pushing people to become more privacy focused.
There has been recent legislation in governments that focus on how the privacy of their citizen’s data is handled. We can see this today with the EU’s General Data Protection Regulation (GDPR) that looks to strengthen the data protection policies for all individuals residing in the European Union. This is an effort to give European citizens the ability to take back control of their data and how’s it used by businesses. This will also include how other, including American businesses, handle EU data. In contrast to this regulation the United States House recently voted to continue what many are calling a warrantless and loophole filled FISA Sec 702 policy that’s aimed at the way NSA collects and uses surveillance data. These regulations are directly focuses on how the privacy of citizens data is being handled.
Today we’re seeing the privacy of our data being thrown in the forefront in places we might not have assumed just a few years back. As an example, over the past year we’ve seen many children’s toys come under attack based off the way they were storing data about our kids. Particular toys and dolls were collecting data based of GPS, microphones, speakers, cameras and included registration information data like date of birth and address. Our children need to be protected against organizations using this data and it’s the main reason the Children’s Online Privacy Protection Rule (COPPA) was founded. In many instances this data was stored in the cloud and researchers found multiple cybersecurity risks regarding these vendors holding this data due to vulnerabilities and misconfigurations on a few of the backend systems.
As the cryptocurrency phenomena continues to grow we’re seeing more and more people become interested in what it can offer. With Bitcoin having exploded in value over the past couple months we’ve seen cybercriminals start using other currencies that offer them more privacy when it comes to their wallets and transactions. The Bitcoin blockchain was designed with security in mind, but leaves a few areas to be desired when it comes to privacy. Due to this concern cybercriminals have been noticed requesting Monero currency based off the way it also secures the privacy of the transactions. Having the ability to make a secure and private transaction is important but we’re also seeing how criminals abuse these features for malicious purposes.
Being educated about how technology, businesses, social media, and governments effect our digital privacy is important. Stay tuned to organizations like the Electronic Frontier Foundation (@eff) who do a great job at being hawkish about today’s privacy concerns and also have multiple tools that assist with protecting yourself online. We highly suggest you keep up with their advice as well.
Author Bio: Matthew Pascucci is a Security Architect, Privacy Advocate, Security Blogger, and is the Cybersecurity Practice Manager at CCSI. He holds multiple information security certificates and has had the opportunity to write and speak about cybersecurity for the past decade. He’s the founder of www.frontlinesentinel.com and can be contacted via his blog, on Twitter @matthewpascucci, or via email mpascucci@ccsinet.com.