That’s the way online firms treat it. We all accept it.
I have been critical on Twitter (@ITwithValue) of Evernote’s proposed Privacy Policy changes recently, but in fairness this has been a volcano building inside me for some time. Firms that store our every search request and unapologetically read our email blatantly (yes, I am calling you out, Google) for the sake of targeted advertising must be reined in. I am unnerved to see an advertisement from Amazon for something I just looked at while I am on Facebook. Not cool.
Yes, I understand the business model that many social media and online commerce firms use, and I diligently try to protect myself with privacy tools such as Ghostly, but it’s not enough. Stored information about our every online move is used to target us – and in some cases used in ways that would destroy our trust.
How is our data being used?
Do you read the license agreements carefully on the software you install? Do you accept the Terms and Conditions set forth with online merchants? Even my closest legally minded friends recognize it’s the price to play online. I truly believe a casual approach to privacy is the norm – and that is ok, but I am not comfortable the way it is hidden in an 80-page End User Licensing Agreement – it’s deliberate. We all deserve to know EXACTLY how our data is being collected, analyzed, sold, and its intended use and ultimate destruction.
ADNET has a team of highly trained security and compliance experts on staff for our services. In so many cases, we see available information with careless regard to privacy as the most significant risk to our clients. All of us with a “Meet Our Team” page on our website with members of our executive team identified are at risk – especially if we’ve gone so far as to distinguish who is the CEO and who is the CFO. This is how hacked emails to the CFO to transfer funds from the supposed CEO happens. It’s time to rethink what information we share and how we share it. Corporate privacy is as easily given up as personal privacy.
We have a choice in how we approach privacy, and awareness is one key factor. Another is legislation. European courts have led the way with clear rules with respect to what data is collected, and ensuring the data does not cross borders. The European Data Protection Regulation was among the first attempts at stronger privacy protection. The approach in the United States has been very limited, with an exception to California. The California Online Privacy Protection Act (2003) demanded that the privacy policies of commercial websites be prominently posted. Further attempts to strengthen privacy were attempted in California through the “Do Not Track” legislation, but the movement was defeated due to heavy lobbying by Google, Facebook and Microsoft. I am not shocked.
How do we protect ourselves?
That’s complicated. If you are new to the Online Privacy debate, a good first stop is online at the Federal Trade Commission consumer information web page (www.consumer.ftc.gov). I highly recommend all of our clients be cognizant of privacy, especially as it impacts any security risk. I also recommend to friends and family to pay attention. I will never again own an Android device until they change their privacy policy, always lock down my Facebook account, never use Gmail, and I use tracker defense tools for online work. This is a bare minimum for me. Seeing this week how Evernote changed its privacy policy by burying a very controversial change in a never-read terms and conditions document, I am once again vigilant. I know this approach is not for everyone, but it allows me to sleep well at night.
I welcome any conversation to help you sleep as well. There are many issues, and my team and I are available to belay your concerns. Contact me anytime (even online!).