cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

The State of Data Security and Privacy – Things Are Getting Worse

Level 10

The concern for individual privacy has been growing since the 19th century when the mass dissemination of newspapers and photography became commonplace. The concerns we had then -- the right to be left alone and the right to keep private what we choose to keep private -- are now echoed in conversations carried on today about data security and privacy carried on today

The contemporary conversation about privacy has centered on, and ironically also has been promulgated by, the technology that’s become part of our daily life. Computer technology in particular, including the internet, mobile devices, and the development of machine learning, has enriched our lives in many ways. However, the advances of these and other technologies have grown partly due to the collection of enormous amounts of personal information. Today we must ask if the benefits, both individual and societal, are worth the loss of some semblance of individual privacy on a large scale.

Keep in mind that privacy is not the same as secrecy. When we use the bathroom, everyone knows what we're doing, so there's no secret. However, our use of the bathroom is still very much a private matter. On the other hand, credit card information, for most people, is considered a secret. Though some of the data that's commonly collected today might not necessarily be secret, we still must grapple with issues of privacy, or, in other words, we must grapple with the right to share or keep hidden information about ourselves.

An exhaustive look at the rights of the individual with regard to privacy would take volumes to analyze it's cultural, legal, and deeply philosophical foundation, but today we find ourselves doing just that. Our favorite technology services collect a tremendous amount of information about us with what we hope are well-intentioned motives. Sometimes this is done unwittingly, such as when browsing our history, or when our IP address is recorded. Sometimes these services invite us to share information, such as when we are asked to complete an online profile for a social media website.

Seeking to provide better products and services to customers is a worthy endeavor for a company, but concerns arise when a company doesn't secure our personal information, which puts our cherished privacy at risk. In terms of government entities and nation-states, the issue becomes more complex. The balance between privacy and security, between the rights of the individual and the safety of a society, has been the cause of great strife and even war.

Today's technology exacerbates this concern and fuels the fire of debate. We're typically very willing to share personal information with social media websites and in the case of retail institutions, such as e-commerce websites and online banks, secret information. Though this is data we choose to give, we do so with an element of trust that these institutions will handle our information in such a way as to sufficiently ensure its safety and our privacy.

Therein lies the problem. It's not that we're unwilling to share information, necessarily. The problem is with the security of that information.

In recent years, we’ve seen financial institutions, retail giants, hospitals, e-commerce companies, and the like all fall prey to cyber attacks that put our private and sometimes secret information at risk of compromise.

Netflix knows our credit card information.

Facebook knows our birthday, religion, sexual preference, and what we look like.

Google knows the content of our email.

Many mobile app makers know our exact geographic location.

Mortgage lenders know our military history and our disability status.

Our nations know our voting history and political affiliation.

We almost need to share this information to function in today's society. Sure, we could drop off the grid, but except for that sort of dramatic lifestyle change, we've come to rely on email, e-commerce, electronic medical records, online banking, government collection of data, and even social media.

Today, organizations, including our own employers, store information of all types, including our personal information, in distributed databases sometimes over the world. This brings in another layer of complexity. With globally distributed information, we must deal with competing cultures, values, and laws that govern the information stored within and traversing national borders.

The security of our information, and therefore the control of our privacy, is now almost completely out of our hands, and it's getting worse.

Those of us working in technology might respond by investing in secure, encrypted email services, utilizing password best practices, and choosing to avoid websites that require significant personal information. But even we, as technology professionals, use online banking, hand over tremendous private and secret information to our employers, and live in nations in which our governments collect, store, and analyze personal data on a consistent basis.

  

The larger society seems to behave similarly. There may be a moment of hesitation when entering our social security number in an online application; nevertheless, we enter and submit it. Private and public institutions have reacted to this by developing both policy and technological solutions to mitigate the risk associated with putting our personal information out there. Major components of HIPAA seek to protect individuals' medical information. PCI-DSS was created to protect individuals' credit card information in an effort to reduce credit card fraud. Many websites are moving away from unencrypted HTTP to encrypted HTTPS.

So it seems the climate of data security doesn't seem to be centered much on limiting the collection of information. The benefit we gain from data collection and analysis precludes our willingness to stop sharing our personal and secret information. Instead, attention is given to securing information and developing cultural best practices to protect ourselves from malicious people and insecure technology. The reaction, by and large, hasn't been to share less, but to better protect what we share.

In mid-2017, we see reports of cyber attacks and data breeches almost daily. These are the high-profile attacks that make the headlines, so imagine how much malicious activity is actually going on. It's clear that the current state of data security and therefore our privacy is in a state of peril. Cyber attacks and their subsequent breeches are so commonplace that they've become part of our popular culture.

That aspect of data security is getting worse exponentially, and since we're mostly unwilling or unable to stop sharing personal information, we must ensure that our technology and cultural practices also develop exponentially to mitigate that risk.


14 Comments
MVP
MVP

Part of the issue here is that all that data is a commodity.  People make money off of it..  All the tools out there that track us via apps on our phones for targeted marketing, building profiles of your shopping habits, traffic data...everyone wants that data because it can make them money for good or for bad.  That creates incentive to gain access to that data either for good or for bad.  In the current trend of being connected for ease of access...just feeds the machine and exposes all of us to potentially bad things.

MVP
MVP

Knowing the information is one thing, but Google actually has a very specific left lean agenda and uses that to "direct" people's browsing. I'm sure others do as well, but all those "suggestions" are not just a computer algorithm trying to match your habits to what you are actually looking for, but are filtered to help you find your way to the things Google wants you to see/believe/support. Yes, I know that paid ads rank higher in search results, but I'm talking about intentional Bias.

Ah, this sounds like the mice have arrived at the conclusion that the cat should wear a bell for their protection.

Who will bell the cat?  Or, who will commit to working toward (and funding) cultural and technological modifications to mitigate risks associated with private information, data theft/loss, etc.?

And what chance is there for success?

MVP
MVP

Nice article

Level 16

Twenty years ago I though it would be nice to get Outdoor Life magazine delivered to a summer cottage in rural northern Michigan. I put up a mailbox, and placed my order.

Over time the amount of mail began increasing and at first I thought great I have fire starter being delivered straight here! Then I showed up one weekend and I had a notice from the postmaster that

I had so much accumulated mail that I needed to pick it up in person at the post office. At that point I decided it wasn't worth the 30 mile round trip drive to go get my magazine. I pulled the mailbox.

So somewhere my information was shared again and again and again... and that was quite early on in the information age.

This seems to me trying to close the stable door after the horse has bolted.

Level 20

It is a little scary how much some companies have on us.

Level 13

Let's become a colony again. 

Level 12

Privacy and the rights to control what is known and by who is key, although admittedly in the tech heavy world we live in is very hard to keep control over. There are some excellent points in this article, most i agree with, however I think one of the largest flaws today where personal data privacy/security is concerned is that many people are unaware of what their rights are, what protection they already have, some may feel that they do not have the right to question why data is needed how it is stored and who is accessing it. I understand that if your wish to use certain social or online sites a portion of that personal information will be out there (floating around forever), but few people seem to question why.

With regards to Governments (All levels) and the information that they gather there is a lack of standardized laws (at least in this country), enforcement and transparency, this seems to be intentional, removing the responsibility of them, their agencies or agents when data leaks or is freely given out. The understanding seems to be that most people will not challenge these agencies nor are in a position to do so. Look at the recent British Columbia triple delete debacle, yes some changes have been announced, but this stuff goes on every day, this one in particular just happened to get out. Reports came out soon after this that Government ministries began adopting a no email/digital data policy, not documenting anything and only going by voice or phone. Major Corporations could also be equally in position to abuse or fail to put in sufficient measures to protect sensitive data.

How does this get fixed? I believe it has to come back to all of us demanding our elected representatives, update current laws to reflect the technological world we live in, Our rights, protections where Personal information and PID is concerned need to be brought into the 21st century. Those holding or requesting this data need to provide clear information,(the why, where and who's) to those whose data it is (and perhaps the ownership of that data should always be retained by the person whose data it is and never relinquished legally?). As stated above, I believe it is each of our responsibility to know our rights and protections, and to stop freely giving our data (or rights) away in exchange for a few minutes on Facebook (or whatever).

MVP
MVP

Part of the issue here is that all that data is a commodity.

Great observation Jfrazier

Facebook is the same.

Especially during the election, but at all times, Facebook has been caught manually adding and removing trending news stories.

Level 12

I have been dealing with a perfect example of this the last 6 months now. I have federal student loans. I also have my cell phone registered on the do not call registry. Every day, and I am not inflating the numbers at all on this, I get 2-3 calls from companies offering student loan stuff. These range from consolidation services to loan forgiveness programs to just informing me that the Trump is coming to take away all forgiveness programs. It is horrible. I have had these loans for 7 years now. Suddenly 6 months ago when we got a new president I started getting all these robo calls and it has not stopped at all.

Level 12

Yes Governments (both sides of the border) have long been known to be the worst for selling/leaking PID, and worst of all there is very little that you can do about it other than putting pressure on your elected officials. There is, as the article states, big money in your data in the wrong hands, and those with access to it know it.