Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the signing on Jan. 28, 1981 of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is now observed annually on Jan. 28.
The National Cyber Security Alliance (NCSA), a nonprofit, public-private partnership, assumed leadership of Data Privacy Day from the Privacy Projects in August 2011.
Facebook adds Privacy Basics to help secure accounts
Facebook is celebrating Data Privacy Day by introducing the new Privacy Basics feature to control who see what its users share on the platform.
The features are meant to improve functionality and top basics based on the most frequently asked questions about privacy and security.
The platform offers 32 interactive guides in 44 different languages and provides tips for securing accounts, understanding who can see posts and knowing what a profile looks like to others with the goal of making it easier to secure account.
Facebook said it is joining state attorneys general and other policymakers who are sharing their own privacy information on Facebook, along with organizations around the world that are working to raise awareness to online privacy issues like the National Cyber Security Alliance (NCSA), the Electronic Frontier Foundation (EFF), and the Center for Democracy and Technology.
Data Privacy Day: Six parental tips
The National Cyber Security Alliance is using National Data Privacy Day as a platform to recommend to parents six tips to better protect their kids' personal information and limit their exposure online.
Share with care. What you post can last a lifetime: Help your children understand that any information they share online can easily be copied and is almost impossible to take back. Teach them to consider who might see a post and how it might be perceived in the future.
Personal information is like money. Value it. Protect it. Information about your kids, such as the games they like to play and what they search for online, has value ‒ just like money. Talk to your kids about the value of their information and how to be selective with the information they provide to apps and websites.
Post only about others as you would like to have them post about you. Remind children and family members about the golden rule and that it applies online as well. What they do online can positively or negatively impact other people.
Own your online presence. Start the conversation about the public nature of the Internet early. Learn about and teach your kids how to use privacy and security settings on their favorite online games, apps and platforms.
Remain positively engaged. Pay attention to and know the online environments your children use. In the real world, there are good and bad neighborhoods, and the online world is no different. Help them to identify safe and trusted websites and apps. Encourage them to be cautious about clicking on, downloading, posting and uploading content.
Stay current. Keep pace with new ways to stay safe online: Keep up with new technology and ways to manage privacy. Visit staysafeonline.org or other trusted websites for the latest information about ways to stay safe online. Talk about what you discovered with your family, and engage them on a regular basis to share what they know about privacy.
Privacy violators: Beware the Ides of March
Google requires app developers to clearly present data policies.
App developers are on notice: If your app collects user data and does not have a valid privacy policy, it might be removed from Google Play.
The developers have been given until March 15 to resolve the issue, otherwise, the notice stated, the “visibility” of the app will be limited or it will be removed.
The notice is targeting so-called “zombie apps,” the countless offerings on the Play Store lacking lucid privacy policies. Many of these products are half-baked, with many nothing more than clickbait to generate ad revenue or phony versions of more popular apps – with the protection of user data an unlikely concern. So, many app vendors applaud the move as clearing out junk from the online marketplace, which will increase visibility for their offerings.
Google requires app developers to clearly present data policies, not only displayed to users but also as part of its registration process where it must be input into a template field in the Play Developer Console. The company also requires that apps process user data using modern cryptography, including via HTTPS.
“Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information,” the notice reads. “Your app requests sensitive permissions (e.g. camera, microphone, accounts, contacts, or phone) or user data, but does not include a valid privacy policy.”
If the app developers fail to offer a link on their Store Listing page to a valid privacy policy adhering to Google's rules, the notice states their app will be obscured from view on Google Play or deleted. A privacy policy must also appear within the app itself.
A spokesperson at Google told SC that the update to Google's privacy policy (in the Google Play Developer Program Policies) was actually made last August and is consistent with industry practices. “Since then, we have been sending regular reminders to developers to comply with this change,” the Google spokesperson told SC. “This is part of our effort to improve policy awareness with developers and reduce any preventable disruption to their app's availability on Play.”
Mozilla delivers browsing privacy
Mozilla's contribution to Data Privacy Day 2017 centers on its privacy browser Firefox Focus is now available for iOS in 27 languages benefitting millions of users worldwide.
The company said this launch is part of
its ongoing campaign to give users more control over their web experiences. In this case the ability to erase their web history. The initial rollout of Firefox Focus took place in November 2016 and from that the company said it realized there were a huge number of people who wanted to wander through the web anonymously.
This launch now enables many more people to take advantage of this capability.
“After serving up many millions of searches on Firefox Focus, we wanted to give users the choice to use it in their native language,” Mozilla's Nick Nguyen wrote in a blog.
Cross-device tracking by advertisers is invading user privacy
Research shows different ways of how advertisers track internet users without their consent.Are your users aware of the effects of cross-device tracking?
A new study by researchers from the School of Information Studies (iSchool) has shown that the majority of consumers do not realize their private data is being sold to advertising networks and third-party entities in order to provide them with targeted ads.
According to the research, when people find out they are constantly followed and monitored, many start worrying about their privacy, and the research claims that consumers are most often not informed about what kind of information is being collected about them.
Moreover, advertisers are using cross-device tracking, which introduces additional privacy and security risks. In cross-device tracking, ad companies and publishers try to build a consumer's profile based on their activity throughout computers, tablets, smartphones, smart watches and various IoT devices.
Online and offline factors are often combined too– such as browsing history with physical location, retail purchases with watched TV programs, commute to work and vacation travel and so on.
The research says behaviors of this nature are an invasion of internet users' privacy – whenever the users have not given their consent. For example, one family member might be browsing “privately” on their smartphone, but the rest of the family might see ads on their home computer related to the other person's mobile browsing history.
Or, worse yet, a woman who has suffered the trauma of miscarriage is often still persecuted by pregnancy ads, following her from once-visited pregnancy sites.
There is also the security issue too. The collection of unfathomable amounts of data about people's interests and habits can fall into the wrong hands. If such data landed in the hands of someone with malintent, the internet user's information could then be used to steal their identity, access bank accounts or medical records.
While some advertising companies already offer the ability to opt-out from behavioral targeting, most often internet users are not given an explanation/disclaimer about how they are being tracked.
The issue of advertiser tracking is not new: The Federal Trade Commission (FTC) has ruled that electronics firm Vizio has to pay $2.2 million in fines after it transpired that the company's TVs had spied on users.
The complaint was raised by the state of New Jersey, whose case claimed Vizio was violating privacy regulations by collecting data on the viewing habits of users of 11 million television sets across the U.S. without warning or asking for permission.
According to a letter written by New Jersey's state attorney general to the FTC, from February 2014 to March 2016, Vizio collected data – such as what TV shows were being watched – and resold that information to third parties, which mostly consisted of advertising firms.
And the winner is...
At the SC Awards 2017, held on Feb. 14 in San Francisco, we recognized the National Cyber Security Alliance (NCSA) with the Editor's Choice Award for its efforts in promoting privacy issues and cybersecurity awareness – not just for large enterprises but for home users as well.
The nonprofit was founded in 2001 as a public-private partnership, working with the Department of Homeland Security (DHS) and a range of partners to educate and empower digital citizens to more safely use the internet and the burgeoning universe of mobile devices.
The group leads the celebration of Data Privacy Day. This past January, it hosted a day-long event streamed live from Twitter's headquarters in San Francisco featuring discussions focusing on privacy issues. This annual event brings together industry, government and nonprofit collaborators to spread knowledge about better protecting personal information. The theme for 2017's Data Privacy Day centered on “Respecting Privacy, Safeguarding Data and Enabling Trust.” As always, the event intends to help consumers learn more about managing their privacy and protecting their personal information, as well as encouraging businesses to be more transparent about how they collect and use data, according to the site.
“With so many of our day-to-day activities carried out online, Data Privacy Day reminds everyone to manage their digital lives with concrete, simple and actionable steps,” Michael Kaiser, executive director of NCSA, said in a statement. “We can only build a safer, more trusted internet if everyone works in collaboration to make respecting and protecting personal information a priority.”
Kaiser and the NCSA work to unite government, corporate, nonprofit and academic organizations to promote the importance of cybersecurity. Since coming on as director of the alliance in September 2008, Kaiser has strengthened partnerships with the U.S. Department of Homeland Security and other federal government agencies and fostered new ones with state and local governments. In 2009, Kaiser was named one of SC Magazine's information security luminaries. He is a tireless advocate for privacy and cybersecurity, appearing on numerous panels and at trade shows.
And his diligence is increasingly necessary as the complexity of our tethered activity online only increases. “IoT is really the Internet of Me,” he said. “As we continue to acquire devices and apps to make our lives more convenient and efficient, we need to be aware that the cadence of our lives is being digitally captured. Data Privacy Day is a time for all digital citizens to carefully consider the data they continuously generate about themselves and others and take steps to protect their personal information and manage their privacy.”
While he acknowledges that awareness around cybersecurity and privacy issues has improved, there is still a need for more education around how our data is collected, managed and used, he said. “Personal information has value – just like money. It's critically important for everyone to continue to learn about the data use practices of the companies, websites and devices with which they interact and consider how they can better manage their digital lives.”
