By Andrew Wild, CSO, Qualys
January 28, 2012 has been designated as "Data Privacy Day". This is an internationally recognized day established to increase awareness of privacy and the challenges that our technologically advanced, "big data" analytical world pose to our notions about privacy.
It is entirely appropriate that everyone should take a few minutes to consider the issue of privacy on Data Privacy Day. Technology and the significant changes to how we communicate and share information in the Internet age have fundamentally altered our understanding of privacy. The two greatest threats to our privacy today are extensive online social networking, and significant improvements in data analytics.
There are many different types of information that most of us would consider to be privacy information for which we would should know how and when this information is shared with others.
Some examples of privacy information could include:
- home address
- telephone number
- birth date, age
- photographic images
- physical characteristics (height, weight, hair color, eye color)
- personal financial information
- personal spending information
- health information
- physical mail
- voice conversations (POTS, Mobile/Cellular, VOIP, face to face)
- web browsing history
- online purchasing history
For many people that take advantage of Internet social networking like Facebook, Google+, LinkedIn, Twitter and many others, these tools are an essential way to develop and maintain important personal and professional relationships. The social networking tools provide an easy and efficient way to share information. However, with these advantages come some significant differences from the traditional interpersonal communication methods. It is important for users of Internet social networking tools to understand how information they share is controlled. Social networking tools have configurable privacy settings, and the configuration options can change, so users should frequently check the settings as well as the options available to ensure they are set in accordance with the user’s preferences.
In addition to information that we freely share with others through social networking sites, there is also information that we are sharing with others through the use of the Internet. Internet systems that we visit collect information about us and our computers. Some of this information is provided by us to the websites as part of a registration process to use the website. However, there are also many types of information that are in many cases collected without our full understanding. Websites collect technical information about our computers including IP address information which can be used to determine your location. It is also possible for websites to collect information about our activity on the website, and the Internet. The majority of this information is collected with the use of browser cookies, flash cookies, web beacons, and google analytics. It is important to understand the options available to manage some of these through the web browser configuration.
Finally, it is important to understand the profound effect the advances in data analytics have upon our privacy. In the past, we might not have given any thought to the information shared by us through the routine parts of our daily lives: telephone calls, store purchases (both online and physical), television shows watched, movies seen, air travel, library books borrowed, highway tolls, video surveillance and many others. While each of these actions, on its own may seem insignificant, the aggregate of all of these activities may constitute an image of us that we may not be comfortable sharing. It is quite possible that the collective sum of all this information could be used to predict our future actions. This is the threat that data analytics pose to our privacy. The advances in data analytics are used for good reasons in most cases, such as detecting fraud, and allowing companies to better understand their customers. It is important for governments to understand the threats to privacy from data analytics and to legislate appropriately to ensure this information is not used inappropriately.
In conclusion, each of us should spend some time to think out our privacy and the steps we should take to safeguard something that many of us take for granted, even in the face of increasing threats. Data Privacy Day 2012 is an excellent day for this. The National Cyber Security Alliance website is a great place to learn more: Data Privacy Day at StaySafeOnline.org