Digital Privacy Predictions for 2017

Happy New Year Everyone!

Fact: Your digital data will more than double in the next year. As we all acquire new devices, we create new data. This is often referred to as velocity of data.

My data predictions for 2017 include:

  1. New Policies governed by our legal system.
  2. Legal groups fighting for consumers’ data rights.
  3. Applications merging personal health data from multiple devices for new analysis.

#1: We need better laws and standards to protect our data. Large companies continue to get hacked leaving the individuals vulnerable to identify theft and other financial problems. Better measures are needed to ensure our data is captured, saved, used and destroyed safety. This would include audits and fines for companies that are not in compliance when collecting your data.

Data is collected on devices via GPS/time stamps, voice commands to always on devices, and (of course) web and application activity. 

Data collection for new apps, devices, etc are often defined in the fine print of the terms and conditions, but we quickly scroll through the text knowing we want to download the app regardless of the data price.

We have recently seen controversy over accessing smart phone data history (US government and iPhone) and now there is a murder case that wants access to the Echo/Alexa history for the night in question. What and how information is accessed is still in question for the general public. Which leads us to prediction #2.

#2: We will see multiple class action law suits involing data permissions. There will be a couple of companies that will be in the news and used to set the example. Data sharing is a quite side business that happens with most companies that creates or collects data (a retailer, social media group, web history). As more permissions are breached, customers will demand to know how or why their data was shared and will want full functionality to manage permissions on what data can be used and when.  Creating new features and options helping us manage our own data.

We have become so comfortable giving way our data in exchange for access to ‘free’ use of apps and software. But at what cost are we paying in the long run if this data is not protected and can cause significant financial lost if stolen.

#3: I also predict we will be smarter using our health data. Wether the data is from wearables, x-rays or lab results, new applications will make it possible to share and analyize data across application types to identifying new trends and health markers. Forecasting health problems quicker. This will open new opportunities for medicine.

 

 

 

 

Protecting your accounts (and money)

A couple of (easy) ways to protect your money in a digital world:

  1. 1.  Use a credit card, not a debit card. Most credit cards come with protected against unauthorized charges on your account. You will not be responsible for a charge that you did not authorize, online or otherwise. A debit card does not offer the same opportunity, any charges applied to your card are directly withdrawn from your funds in your (banking or savings) account.

  2. 2.  And to help reduce the risk of credit card fraud, most offer alerts to provide you with account activity quickly.

    Some people think credit cards are dangerous. But you can find a card that works best for you. If you are afraid of ‘overspending’ set your credit limit low, just enough to support your monthly normal charges. Or you can keep more than one card – one for every day spending and another for extra large purchases.  Also managing a credit card (with on-time payments) will help improve your credit score.

Last night a group of us went out for a ladies night. The bar was hopping and we all had fun. I had given my credit card to the bartender so that I could keep a tab open for my drinks.

Like I said the bar was crowded and there were multiple bartenders serving our group. When time came to cash out our tabs, we all received (inaccurate) checks. It took a couple of minutes to sort out who owed what. The bartender re-rang the checks and gave us the new totals.

My tab was small, only $22. When he handed me the bill my credit card was not with it. It took the bartenders more than 10 minutes to find the credit card I handed them when I ordered my first drink. The bar was crowded, but I sat in the same bar stool for most of the night.

One of the girls (Holly) commented to me to check my card when I got home, something fishy many be going on since they had to really search for my missing credit card. I told her I should be okay, I get alerts on my phone each time there is a charge on my card.

Ironically after everything was settled, it was Holly’s debit card number that was stolen and her account was drained. She didn’t know this until the 12 hours later when she was using her card to buy groceries the next day.

 

Public records

You can have access to many public records, if you know where to look and (sometimes) for a fee. The accessibility of public records varies widely from city to city, state to state, and country to country. Legal statutes are different too. Some records that are mandated to be public in one area may not be available to the public in other locations.

Vital Statics

Anyone who is born in the US is issued a birth certificate. Likewise, when you get married and when you die, the information is recorded. These used to be public records, and you were entitled to see them and get copies of them. Due to identity theft you now have to prove that you are the person whose record you’re seeking or a direct relative. If you don’t meet these qualifications, your best bet is to use a site like FamilySearch.org or the death index at Ancestry.com.

Court Records

Some locations make all court records available to the public; others limit access to civil actions. In all cases, the court may seal certain case files at its discretion, and cases involving children are almost always sealed.

Before you start a search of court records, you will need to know which of these records are available to the public in your area and where they are located.

FYI bankruptcy files are kept in the federal locations.

Licenses

If a person has a license issued by a government agency, in most areas is a part of the public record. Doctors, lawyers, nurses, automotive repair dealers, contractors, and cosmetologists are just a few examples of licenses you can find in public records.

Property records

Most real estate records are maintained in a city or county recorder’s office, clerk’s office, or some similarly named agency. Transfers of real property—including grant deeds, quitclaim deeds, and easements—are recorded and made available to the public. These documents contain information such as names of sellers and buyers, description of the property (including the address), and the date the transaction was recorded.

Property records also contain lien information. Construction liens, tax liens, and sometimes, even judgments from civil litigation can be filed against a piece of property. The lien information is added to the property record and remains there forever—even after the lien or judgment is settled and released.

Plot maps: when property is subdivided, the subdivision map must be recorded and preserved for posterity. Lot lines are also recorded.

Lot books keep a record of property values for tax assessment purposes. They contain the number of lot, the number of acres, the name of the property owner, a description of the property, the mortgage number, and the dollar value of the property and improvements. If your city or county has a historical society, contact it to see if it maintains a collection of public records.

There’s one other record that’s related to real estate: tax records. Your area undoubtedly has an assessor’s office, one that values (assesses) property and collects the associated taxes. If property taxes are unpaid or even paid late, the information is noted on the property owner’s record.

Public Works and Planning Records

Building permits and water and sewer records are preserved in case there are deviation from the original permit, or any easement that might be attached to a property.

Whenever a city, county, or state project goes out to bid, the entire bidding process becomes part of the public record. You can request copies of formal requests for bids, specifications, and the bids themselves. Look for departments of engineering, planning, construction, and environmental services.

Public Office Records

Campaign contributions: Candidates running for political office must file reports containing the names, amounts donated, addresses, and occupations of all those who contribute money or in-kind goods or services to the campaign. (An example of in-kind goods or services donations might be office supplies or free printing.) From these reports, you get an ideas of the people and groups that support a particular candidate.

Statement of Economic Interest: In most areas, public figures are required to file a form that reveals their assets and sources of income. They usually have to reveal their spouse’s assets and sources of income too. The reason for this is to prevent a public official from acting on an issue in which there might be a conflict of interest

Other required political reports can include campaign expenditures, campaign disclosure forms (which typically contain information on campaign officials), and reports to be filed by lobbyists.

If you were seeking a statement of economic interest from a city council person go to city hall. If you want a candidate’s statement from a statewide campaign, you would contact an office at the state capitol building.

Probate

When a person dies, the will had goes through the court system and be publicly administered. In other words, a court-appointed official would oversee the divvying up of the estate. All the decedent’s bequests then became part of the public record.  Most people with any significant assets transfer all of them into a private trust. Trusts don’t have to go through probate, so the disposal of the estate remains private. However, if someone dies without a trust in place or without a will, and the assets are more than a certain amount, the probate court takes over.

Agendas and Minutes

Every meeting conducted by public officials must contain two things: an agenda and minutes.

Freedom of Information Act (FOIA)

Government secrecy, real or perceived, has led several countries to enact Freedom of Information Acts. Australia, Canada, New Zealand, the United Kingdom, Ireland, and the United States have all passed FOIAs to allow public access to a wide array of government documents.

There is no form to submit when you make an FOIA document request. All you need to do is write a letter to the government agency that has the documents you want, and provide as much information about them as you can. Mark both the envelope and the letter “Freedom of Information Request.”

 

What is a Data Strategist?

As a DATA STRATEGIST I’m responsible for helping corporations (very large corporations) for planning action and creating policies around the data. This includes enterprise use, definitions, and governance. My career path lead me to focus on customer data which included email communications, loyalty programs even credit card programs (the amount of data generated and used for analytics is very valuable to retailers!).  In theory it may sounds so simple, but if it was, you wouldn’t receive mail with your name misspelled or receive emails from companies that can’t identify you as a regular customer. Data governance is also a big part of the job and includes security, rules and definition of each piece of data.

Managing your digital wallets.

We are all familiar with our bank, the brand, the account number, the balance. How familiar are you with your digital wallets – Paypal, Apple Pay, all those digital transactions that uses non-traditional monetary process?

We have changed the way we do business today, and with that we need to change the way think about our own digital assets. If you were to make a new will today, would there be digital accounts to be added to your estate? How easy are these digital accounts accessible if you are not available?

FaceTime for grandmas.

Do you have an iPhone, yet never used FaceTime?

My friend, who is a grandma of 4, is on her second iPhone yet has never used FaceTime. So for the grandmas out there, don’t be shy. FaceTime is a fun mobile app that you will enjoy using with your grandkids, especially if you don’ t get to see them often.

It is a real time video call. No recordings, no redos.

FaceTime is an Apple app that can only be used between Apple devices. It is similar to a telephone call but you are making a video call. You must also have an Apple ID to use FaceTime. When you set up your Apple device you are asked for details like phone number and email address. To make a call you need the other person’s phone or email address associated with their Apple ID.

A FaceTime call is also similar to a phone in the type of data that is collected during the call. The time and length of the call are captured. And although it uses your camera, the video and audio are not recorded. Of course, like a tape recorder, someone intentionally records the call.

It’s easy to use. There is a icon for the app on your iPhone. Open it, add a contact. NOTE: There is a contact list in FaceTime that is different than the Contact Apps. You can add contacts from the Contact Apps into your FaceTime contacts.

To make a FaceTime call you need either a cellular connection or a Wifi connection. The app may not be available on older Apple devices or devices in counties outside of the US.

Skype is other video call service. It uses your contact information associated with your Microsoft ID. (I signed up for Skype a long time ago and it is connected with gmail account.) Skype is available as a webpage or as an app, and you must be connected to a data plan.

Marketing is fuzzy – when it comes to using customer’s data.

My mom at the time was rocking 70. She recently had a check up that required a followup visit to a cancer doctor. The test were negative and she left the offices in good spirits. The next day she received a formal invitation from the same hospital group inviting her to join ‘the cancer support groups for those living with the illness.’ She went into a complete panic.

Did the doctor give her the wrong results? Does the support group know more about her health condition than she does?

Although the 2 events were completely unrelated, as far as the hospital marketing policies were concerned. Her visit to the doctor wasn’t the trigger to for the invitation for the support group. It was the fact she was a recent customer of the hospital group that triggered the invitation for the support group. Very fuzzy logic (the chicken or the egg).

But for a 70 yr women, who lost her mother to cancer, it didn’t feel like two unrelated events.

When she went in for her test, she ‘signed’ into the hospital. She agreed to receive marketing information from the hospital and other other fuzzy marketing efforts.

We are all familiar with HIPAA laws or at least the form we fill out at a doctor’s office.  They protect your test/results from being shared, not the fact you are customer of a hospital that specializes in (pick your medicine).

Standard terms and conditions for doctors and medical facilities:

We may use your medical information when conducting research projects, fundraising events and marketing campaigns, throughout the health system. We or our affiliates may also send out fundraising communications about our fundraising efforts to solicit your support.

If you wish to opt-out of these activities, you have the right to request to do so in writing.

 

What is reasonable marketing material and the data to support the content of that marketing material? What responsibility does an organization have to use the collected personal data (in this case) respectable way.

FYI – No HIPAA laws were broken in my mom’s case.

 HIPPA notice

the Privacy & Security Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides clear standards for protecting and securing patient information, while allowing the flow of necessary information for patient care and other important purposes.

 

What is PII (Personal Identifiable Information)

United States General Services Administration defines PII as

“any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.” So, for example, a user’s IP address as used in a communication exchange is classed as PII regardless of whether it may or may not on its own be able to uniquely identify a person.

Why is this important to you:

A company as the obligation to keep your name safe and secure from thieves (crooks, hackers, the bad guys).

Depending on the type of information lost/stolen, an individual may suffer social, economic, or physical harm. If the information lost is sufficient to be exploited by an identity thief, the person can suffer, for example, from a loss of money, damage to credit, a compromise of medical records, threats, and/or harassment. The individual may suffer tremendous losses of time and money to address the damage. Other types of harm that may occur to individuals include denial of government benefits, blackmail, discrimination, and physical harm.

Because of the power of modern re-identification algorithms (aka data science), the absence of PII data does not mean that the remaining data does not identify individuals.