Earlier this week, we published the first part of our blog, “The Wild Ride That Is Data Privacy” where we went over the systems in place in society that are designed to put your privacy at risk. We continue the article today. Please visit our blog to re.
In the first part of our look at data privacy, we went over how robocallers get your information. Today we continue to look at what you need to know to keep your private data and personal information safe.
When you install an application or sign up for a service, they typically have to spell out for you what they do with your information. With Android apps, for example, you need to opt in to what an application has access to on your phone.
Take Instagram for example. Instagram requests access to your device’s camera (pretty obvious) and access to photo storage (again, nothing surprising there). It can also request access to view and access contacts, SMS, location, microphone, and phone calls.
Granted, most of this is to improve the service. Instagram uses geotagging for photos if you want to share an image based on the location it was taken, and it wants to encourage you to connect with your contact list on Instagram.
Even so, the app could be using some of the data it collects to deliver personalized ads to you, and it could be giving other organizations free range to this data. We saw something like this unfold back when Facebook was in the news for sharing personal information of its users with Cambridge Analytica, who then used it to attempt to influence user behavior during the 2016 presidential election. It’s also worth noting that Instagram is owned by Facebook.
I’m not saying Instagram is definitely spying on you or sharing your information, but millions of other apps collect the very same data and it’s incredibly likely they aren’t keeping it safe, and there’s a good chance some of it is getting shared or sold.
All of this personal data helps marketers pinpoint exactly when, where, and how to trigger advertisements that get our attention (although if you ask me, targeted ads annoy me). The truth is though, they work, and are an effective way to get in front of your audience.
If we go back to the example with Dave, that robocaller wasn’t going to sell him health insurance, but out of the thousands and thousands of other calls that were made to random recipients, someone picked up and pulled out their credit card. When a business has the technology to get in front of millions of people for pennies on the dollar, it doesn’t take many sales to make it worth the shady practice. That said, when a business can pay money to target only their most ideal customers with all this personal data available, it’s also likely to be pretty profitable.
All of this data that we share, both knowingly and blindly, fuels the machine. For you business owners out there, ask yourself; if you had access to a list of potential customers who you knew would be right for your products or services, and have shown an interest in similar products/services, would you take advantage of it?
You most certainly would.
It’s a double-edged sword. On one side, we get some pretty good experiences using apps and websites that cater to our behavior and location, and we can even possibly use some of this data ourselves to grow our own businesses. On the other side, we don’t necessarily know where this data comes from, who has access to it, and whether or not it was given with consent.
Although it’s not impossible that a cybercriminal could intercept the data that an app or website might collect and use it for nefarious purposes, it’s the fact that you probably don’t know for sure what data is getting collected, who has access to it, and where it ends up. We’ve already seen plenty of cases where a big organization gets hacked and millions of customer records get stolen and leaked online. Sony, Target, Marriott, and Equifax are just some examples where legitimately collected personal data was stolen.
It’s not unreasonable to think a cybercriminal can’t scrounge up a few thousand dollars to buy personal data and then sell it for a profit on the dark web.
After tumbling down this rabbit hole, you might think that I’m going to delete my social media accounts, drill holes in my smartphone and throw it in a river, and live in a cabin in the mountains (okay, some days that does sound pretty appealing).
My answer is no. I don’t think the answer is extracting myself from the system. I don’t think that is a good answer for anyone. Am I going to be more mindful of how I share data and what services I use? Yes.
I personally don’t like the fact that all of this data gets passed around without my knowledge and is often used just to target advertisements to me and the people I associate with, but I certainly understand why using targeted ads is a big game changer for a lot of companies.
In some cases, as users, we have very little control over what a business or service does with our information, much in the same way that we can’t guarantee that we won’t get mugged walking down an ally. It’s out of our control unless we, as I mentioned before, totally leave the grid and live in the mountains.
Fortunately, we could start seeing more policies come into play, much like the EU’s GDPR, which has stringent guidelines on user data and privacy that put people in greater control over their data. On the other side of the coin, the GDPR has also caused havoc for businesses that simply couldn’t afford the efforts to comply to it.
I want to help people become more aware of their privacy and the data that is out there. That was a huge concern of mine while going on this wild ride.
The best place to start is, again, understanding what you are agreeing to. In many cases, data collection is inevitable, so at least take efforts into understanding and trusting entities you give data to. Finally, it’s important to know if personal information does get stolen and sold. The best way to determine this is by running a dark web scan for your information to see if it is available for sale.
We’ve invested in tools and resources to do this. We can search the dark web for your email and pull up a list of stolen passwords for various accounts online. If any of the accounts we find are accurate, you’ll definitely want to adjust them. You’d be surprised what can be found in these scans.
Reach out to us at (415) 246-0101 if you would like to talk more about data privacy, and be sure to ask us about scanning the dark web for your personal information. I also want to thank you for reading this and going on this journey with me. It has definitely been eye opening and I’m really glad I was able to share it with you. If you think anybody else might find this useful, be sure to share it. Thanks!