Tag Archives: Privacy Breach

Reality Check

Reality Check: Is Your Personal Data Safe Online?

Video Leave a comment

The Facebook scandal involving personal data mishandled by Cambridge Analytica has raised concerns over the privacy of the information we share on our social media accounts.

Some countries have gone as far as to legislate Internet data privacy with laws granting the “right to be forgotten.”

Yet Facebook CEO Mark Zuckerberg says we don’t need such regulations here in the states. Is he right?

This is a Reality Check you won’t get anywhere else.

It’s an unsettling thought: your personal data, being manipulated on a global scale. Where you live, what kind of car you drive, how many children you have, what food you eat, how much you money you earn, what clothes you wear, how you exercise, the list goes on and on.

While other countries are tightening laws on Internet privacy and how corporations can use your data, such as the UK’s data protection law with its “right to be forgotten,” the United States seems to be stuck in the 1980s on the issue.

In California, privacy is a right in the state constitution. “Privacy” was added to the state’s “inalienable rights” by the legislature in 1972.

And though California has been a leader in privacy, the last meaningful update to the state’s privacy laws was in the 1980s, long before today’s technology.

For context, Census data shows that in 1989, 15 percent of American households owned a computer.

Today, according to Pew Research, 77 percent of Americans have a smartphone—a computer in their pocket or purse.

And in 2015, those smartphone owners used about 27 smartphone apps per month, according to Statista.

Just think about all of the information you give to the apps on your smartphone. Do you read their terms of use?

You know you don’t. And yet, a California-based group called the Californians for Consumer Privacy has raised concern about how our information is collected and sold.

From that group came the California Consumer Privacy Act. The act is intended to not only hold major corporations making $50 million per year or more responsible for their consumers’ data, but also giving Californians the right to know where and to whom their data is being disclosed or sold, and if their data is being properly protected.

There’s nothing in California today that allows users see what data has been collected on them. And data is being collected everywhere you go.

From the checkout at Target, to your Facebook account, browsing the Internet or even just walking on a city street—credit cards are being swiped, messages are being shared, and cameras are recording.

So are the rules of how businesses use your data fair and respectful of your privacy?

One of the key aspects of the California Consumer Privacy Act is a right of action against companies that store data but have not taken reasonable steps to secure that data. That means consumers can sue companies that didn’t protect their data.

What exactly “reasonable steps” means needs to be fleshed out in the courts, but there are plenty of examples of companies that didn’t take “reasonable steps” until after data was compromised.

From December 19, 2013, “Target says hackers breached its system and stole 40 million credit card numbers.”

From September 18, 2014, “Almost immediately after word broke that Home Depot had been hacked, security experts were noting that the breach was likely even worse than the massive Target that had preceded it.”

From October 2, 2014, “JP Morgan just revealing that an August data breach could affect 76 million households.”

From February 5, 2015, “One of America’s largest health insurers, Anthem, this morning confirmed a massive data breach. Reports say hackers may have stolen up to 80 million records. No credit card or medical information is in danger, but Social Security numbers, birthdays and addresses may have been compromised.”

What you need to know is that when we provide information to a corporation, we establish a relationship.

We believe the corporation will use our information for the purpose of their service. Once your information is outside of the intended use, it’s nearly impossible to control it.

And third party sharing of your data allows it is be used, shared and disseminated without any control on your part. Big data is powerful force in the United States. But should big data be allowed to do whatever it wants with your information. If not, how do we, as the public, get some control back?

Let’s talk about that, right now, on social media, while someone collects our data.

International, Politics, US

Personal Details Of G20 Leaders Accidentally Leaked By Australia’s Immigration Department

Leave a comment

Australia’s immigration department mistakenly disclosed personal information of world leaders who attended last November’s G20 Summit in Brisbane, according to a new report from The Guardian.

The leak forwarded the personal details of 31 attendees, including President Barack Obama, Russian president Vladimir Putin, German Chancellor Angela Merkel, Chinese president Xi Jinping, Indian prime minister Narendra Modi, Japanese prime minister Shinzo Abe, Indonesian president Joko Widodo, and British prime minister David Cameron.

In a November 7th, 2014 email from Australia’s Department of Immigration and Border Protection obtained by The Guardian in a freedom of information request, personal details of the attendees, including “the name, date of birth, title, position nationality, passport number, visa grant number and visa subclass held”, were accidentally sent to an organization committee member of the 2015 Asian Cup international soccer tournament.

The leak was caused by an “isolated example of human error,” according to the email. An immigration department employee “failed to check that the autofill function in Microsoft Outlook had entered the correct person’s details into the email ‘To’ field.” The recipient of the information, a member of the Asian Cup local organization committee, quickly notified the immigration department that the email had been sent to the wrong person.

The email reveals that the Asian Cup’s local organization committee deleted the sensitive email and did not “believe the email to be accessible, recoverable or stored anywhere else in their systems.”

The Immigration and Border Protection officer went on to recommended that the G20 summit attendees not be informed of the leak. “Given that the risks of the breach are considered very low and the actions that have been taken to limit the further distribution of the email, I do not consider it necessary to notify the clients of the breach,” the officer wrote.

“As mentioned above, this was an isolated example of human error, but I will nonetheless take the opportunity to remind staff of their obligations in relation to private client data and how to treat this. I will also reinforce the need to double check email recipients before sending emails.”

News of the leak follows last week’s passage of mandatory data retention laws by the Australian Senate, which now requires telecommunications and internet service providers to store their customers’ metadata for a minimum of two years.