Digital privacy

Startling New Ponemon Research Uncovers 74% of Consumers Say They Have Little Control Over the Personal Information Collected on Them

Retrieved on: 
Tuesday, July 28, 2020
Privacy, Social issues, Data security, Terms of service, Policy, Identity management, Human rights, Internet privacy, Digital privacy, Information privacy, Medical privacy

The research points to a privacy gap between the consumer data protection individuals want and what industry and regulators provide.

Key Points: 
  • The research points to a privacy gap between the consumer data protection individuals want and what industry and regulators provide.
  • Dr. Larry Ponemon, chairman and founder of Ponemon Institute, said, "This research revealed much of the tension surrounding digital privacy today.
  • Based on my polling experience, these findings make a compelling case for the important role identity protection products and services play in protecting consumers' privacy.
  • Split Responsibility: More consumers (54%) say online service providers should be accountable for protecting the privacy of consumers, while 45% say they themselves should assume responsibility.

New Cybersecurity Initiative Finds That a Majority of Canadians Have Been the Victim of a Cybercrime

Retrieved on: 
Thursday, July 9, 2020
Cyberwarfare, Articles, Politics and technology, Computer security, Computer network security, Cybercrime, Cyber-security regulation, Technology, Privacy, Digital privacy

The report sheds light on Canadians' online experiences and their priorities related to cybersecurity and digital privacy.

Key Points: 
  • The report sheds light on Canadians' online experiences and their priorities related to cybersecurity and digital privacy.
  • "We need urgent national policies that protect our security and digital privacy, while ensuring equal access for all.
  • That is why we developed CPX--to be a platform for debating and advancing cybersecurity policy that is of critical importance to all Canadians."
  • The Cybersecure Policy Exchange is a new initiative from Ryerson University, dedicated to advancing effective and innovative public policy in cybersecurity and digital privacy.

Social Media Platform 2cents Dedicated to Protecting Privacy

Retrieved on: 
Wednesday, May 27, 2020
Digital media, Law, Terms of service, Digital rights, Human rights, New media, Web 2.0, Social issues, Privacy, Internet privacy, Digital privacy, Microblogging

DALLAS, May 27, 2020 /PRNewswire/ -- 2cents, a micro blogging platform, offers a responsible approach to social media by not abusing the privacy of its customers.

Key Points: 
  • DALLAS, May 27, 2020 /PRNewswire/ -- 2cents, a micro blogging platform, offers a responsible approach to social media by not abusing the privacy of its customers.
  • 2cents believes in digital privacy, which encompasses information privacy, communication privacyand individual privacy.
  • 2cents encourages a healthy discourse on all topics and because it verifies each user and has no fake (bot) accounts.
  • 2cents is setting a more transparent and honest social media experience.

Building a secure digital future: educating cybersecurity professionals

Retrieved on: 
Sunday, April 5, 2020
Data security, Social issues, Articles, Law, Digital rights, Human rights, Cyberwarfare, Privacy, Computer security, Internet privacy, Digital privacy, Medical privacy

Speech by Assistant Commissioner, Dispute Resolution, Andrew Solomon, to the National Cybersecurity Summit, University of New South Wales in Sydney [Note: This is an edited version of the address for web publication]I’ll cover:the human factor in digital privacy; the impact and the costwhat privacy means, our office’s role and some of the challenges we’re facing in the current environment, andhow privacy is interlinked with cybersecurity. In other words, what do you need to know as our cyber leaders about keeping our personal information safe, and earning the trust of the people who share it with you?On behalf of the Australian Information Commissioner, Angelene Falk, Im very pleased to be able to contribute to this important summit on cybersecurity education.

Key Points: 


Speech by Assistant Commissioner, Dispute Resolution, Andrew Solomon, to the National Cybersecurity Summit, University of New South Wales in Sydney [Note: This is an edited version of the address for web publication]

  • I’ll cover:
    • the human factor in digital privacy; the impact and the cost
    • what privacy means, our office’s role and some of the challenges we’re facing in the current environment, and
    • how privacy is interlinked with cybersecurity. In other words, what do you need to know as our cyber leaders about keeping our personal information safe, and earning the trust of the people who share it with you?
    • On behalf of the Australian Information Commissioner, Angelene Falk, Im very pleased to be able to contribute to this important summit on cybersecurity education.
    • The education and skills development of the next generation of cybersecurity professionals is of great personal interest to the Commissioner and she acknowledges Professor Richard Bucklands considerable efforts in advancing that agenda.
    • The theme of building a secure digital future goes to the heart of our offices vision, that is, increasing public trust and confidence in the protection of personal information.
    • So today, Id like to talk about how everyone here has a crucial role to play in securing our digital privacy, both now and into the future.

    The human factor

      • In our data-driven economy, our personal information is an essential and valuable economic input.
      • And its people who are behind the cyberattacks and who cause the human errors and some say even the system faults that result in data breaches.
      • In the context of data breaches, its what we have been calling the human factor.
      • While businesses reputations and finances may be affected, we cant ever forget that its people who suffer the ultimate consequences.

    Impact of a data breach

      • That is when there is unauthorised access or disclosure or loss of their personal information.
      • The costs can be significant not just in time and money, but the emotional toll.
      • One Queensland case thats been widely reported involved a womans personal information being accessed through a police database and leaked to her abusive former partner.
      • This was a data breach that created great distress, significant safety fears and material harm to the individual involved, including the cost of relocating her family.

    Impact on people

      • It involves more than 60 individual tasks and its up to the consumer to perform almost 50 of these steps themselves.
      • These include tasks like changing an email address, changing a phone number, changing log-ins, replacing identity documents, cancelling and replacing credit cards the list goes on.
      • The impact of navigating the multiple organisations and tasks required to remedy the effect of the breach can be significant.
      • The impact of a data breach can also be delayed, in ways that can exacerbate the harms experienced by the affected individuals.

    Some statistics on the costs of data breaches

      • According to an Attorney-General's department report in 2016 identity crime and misuse results in costs of $2.6 billion a year.
      • This includes direct and indirect losses incurred by individuals and government agencies, the costs recorded by police and the costs of seeking to prevent and respond to identity crime.
      • And the cost of a data breach to business is growing now an averageof $3 million per incident in Australia according to the latest Ponemon Institute Survey.
      • Where businesses fail to take reasonable steps to protect personal information, significant regulatory costs or fines may also follow.

    What is privacy?

      • Not just as a legislative concept, but what it means to the individual.
      • Privacy is a fundamental human right recognised in theUN Declaration ofHuman Rights.
      • It can be anything from your name to your most sensitive medical records.

    Privacy rights

    • Australia’s Privacy Act1988 gives us rights including:
      • To know why our personal information is being collected, how it will be used and who it will be disclosed to
      • to ask for access to our personal information, and
      • for organisations to properly secure the information and to make sure it is accurate before using or disclosing it.


      Personal information is highly valuable — to you, and to the organisations and government agencies we deal with.

    Securing personal information

      • As the value of personal information to the economy and to innovation has grown rapidly over recent years, so has the volume of that information that is being held by organisations.
      • People are moving more of their lives online and businesses of all sizes are collecting more and more information on individuals and aggregating it in data sets that give whole-of-life profiles of their customers.
      • Its why we are working closely with the Australian Cyber Security Centre and other agencies to share information on the risks and how to guard against them.

    Interface between privacy and cybersecurity

    • We need to avoid treating them as separate or discrete domains that are managed by different sets of stakeholders in an organisation.
      • Privacy governs how personally identifiable information should be collected, used, shared and retained and be accessible to the person it is about.
      • Security restricts access to the sensitive data and protects it from unauthorised access during collection, storage and transmission.
      • But the interface between privacy and cybersecurity warrants further consideration.
      • In this way the two areas work hand in hand, each informed by the other.
      • This is creating long-term challenges to our ability to meet our privacy and cybersecurity obligations and the communitys expectations.

    Notifiable data breaches

      • However, on a brighter note, a key measure that is driving improvements to organisations cybersecurity is the mandatory Notifiable Data Breaches (or NDB) scheme, introduced just over 18 months ago.
      • A primary goal of the NDB scheme is to give individuals early warning when their personal information has been compromised, so they can take action to prevent or minimize harm.
      • Its now a legal requirement for organisations to carry out an assessment within a short period whenever there has been an actual or suspected data breach.

    Assessing harm

      • Assessing possible harm is an essential capability in your cybersecurity toolkit.
      • But it can be more difficult to assess harm when contact details or health information is breached.
      • Organisations entrusted with personal information may need to take a longer term approach to monitoring and responding to the risk of harm to affected individuals in these circumstances.

    NDB Statistics 2018-19

      • We now have more than a years worth of evidence about the nature of breaches reported to us under the NDB scheme and there are some important conclusions to be drawn for all professionals working with data management and security.
      • Malicious or criminal attacks remain the predominant cause (62%).
      • Of these, two-thirds were linked to common cyber threats such as phishing, malware, ransomware, brute-force attacks, compromised or stolen credentials and other forms of hacking.
      • Whether its sending information to the wrong person or clicking on a phishing link, employees are centrally involved in many breaches.

    Data breach prevention — best practice

    • For us, best practice in preventing data breaches has five key components. They are:
      • Training your people in basic account and device security, strong password/passphrase use, and how to detect and report threats such as phishing. This should extend to data handling practices and how to report suspected privacy breaches
      • Having a comprehensive understanding of your data holdings, including personal information, and how a data breach could affect your customers, so you can quickly assess the impact when a breach occurs
      • Prioritising investment in preventative technologies and processes to strengthen the overall security posture of the organisation in line with known security risks
      • Thoroughly preparing and rehearsing different potential data breach scenarios so you can manage any incident that occurs and mitigate the impact, and
      • Putting the customer at the centre of your data breach response plan, being transparent and communicating clear facts and advice will help them navigate the situation — and help you restore trust.


      Now that the NDB scheme has established a clear baseline of evidence for organisations to act — we need cybersecurity experts to be our champions in helping make the case to boards and senior executives. Your role is critical in ensuring an organisation’s leaders and people are informed and take effective action to manage these risks. Because trust is an essential ingredient in the exchange of personal information.

    Global privacy landscape

      • At one time, the companys mantra was to Move Fast and Break Things clearly, that approach is not acceptable when it comes to privacy, to the community, government or regulators.
      • Last month, our Commissioner and her counterpart in the UK brought together privacy and data protection regulators from the US, Europe, Canada and elsewhere to jointly put Facebook on notice over its proposed Libra cryptocurrency system.
      • The Commissioners want assurances that Facebook is building in privacy protections from the ground up.
      • This is just one example of how privacy regulators around the world are working together to align best practice and work towards interoperable privacy standards and enforcement, in an era when personal information has no national borders.

    Looking to the future: cybersecurity education

      • From our experience with the NDB scheme, and your own experience at the coalface, its clear that cybersecurity awareness is increasingly important.
      • Its how we can try to manage the human factor and guard against the increasingly sophisticated cyber attacks we are seeing here and around the world.
      • So how can the cybersecurity professional become fluent in the language of privacy?
      • There are some core privacy considerations that should be part of the educational foundation for our next generation of cyber leaders.

    The information lifecycle

      • First, how to incorporate the information lifecycle in every aspect of online security.
      • A basic principle is to only collect personal information that is essential to requirements, and to be prepared to give a full and detailed justification about why it is being collected, and for sensitive information, getting informed consent to collect it.
      • Our experience is that cybersecurity professionals already give detailed attention to the safe and secure storage of personal information.
      • But you also need to consider how to manage the personal information when its no longer needed.

    Privacy by design

      • Just like security by design, this means building privacy into the design specifications and architecture of new systems and processes.
      • Its more effective and efficient to manage privacy risks proactively, rather than to retrospectively attempt to alter a product or service to address privacy issues that come to light.
      • Privacy by design also involves making privacy the default setting in all the systems and processes you build.
      • Individuals should not have to resort to self-help to protect their privacy; the default setting should be privacy preserving.

    How people interact with technology

      • As cyber experts you need to consider how people interact with technology, in order to anticipate the risks.
      • We may be impatient to achieve a result online and fail to take due care, or assume a site is safe because it appears to be safe.
      • We may take shortcuts such as using the same password for multiple sites.
      • So understanding human behaviour and how to work with the human-technology interface has to be part of your core training.

    Conclusion

      • I think the rapidly evolving challenges are what makes it such an exciting time to work in our fields of data protection and cybersecurity.
      • Cybersecurity professionals have never been in more demand, and your training and capabilities are essential to keeping our personal information secure.
      • The upcoming Consumer Data Right gives consumers more choice and control over their personal information held by particular organisations.
      • The Consumer Data Right offers great potential for business growth and innovation, provided consumers can have confidence in the way their data is handled.
      • Were building in strong privacy safeguards to the system to help make that a reality.

    • Orchid Launches Privacy Network, Marking New Class of Privacy Tool

    Retrieved on: 
    Thursday, December 19, 2019
    Security, Technology, Other Technology, Mobile, Wireless, Software, Networks, Internet, Terms of service, Social issues, Digital rights, Internet privacy, Privacy, Digital privacy, Law, Human rights

    The high focus on attack prevention makes Orchid a great choice for those whose privacy is at greatest risk.

    Key Points: 
    • The high focus on attack prevention makes Orchid a great choice for those whose privacy is at greatest risk.
    • The Internet increasingly consists of walled gardens and we are looking forward to Orchid taking root and growing into a must-have privacy tool for you and me.
    • Orchid takes a new approach to digital privacy with the first peer-to-peer, incentivized privacy network.
    • With its decentralized design, multi-hop architecture, and Open Source ethos, Orchid offers users unprecedented digital privacy in a trustless context.

    Kape Technologies Creating a Truly Global Digital Privacy Company

    Retrieved on: 
    Tuesday, November 19, 2019
    Internet, Security, Data management, Technology, Software, Internet privacy, Privacy, Kape, Digital privacy, Social issues, Articles, Humans, Kape (AIM: Kape), PIA

    Kape Technologies , a consumer security software business, is delighted to announce the transformational acquisition of Private Internet Access (PIA), a leading US-based digital privacy company.

    Key Points: 
    • Kape Technologies , a consumer security software business, is delighted to announce the transformational acquisition of Private Internet Access (PIA), a leading US-based digital privacy company.
    • This catapults Kape towards becoming the go-to privacy company for consumers, paving the way to dominating the rapidly growing digital privacy space, which is already worth US$24 billion in 2019 and is expected to grow by 50% by 2022.
    • Ido Erlichman, Chief Executive Officer of Kape, said: This is a game-changing moment for both Kape and PIA, transforming our vision of creating a truly global privacy company into a reality.
    • Kape is a cybersecurity company focused on helping consumers around the world to have better experience and protection in their digital life.

    ID Experts® Releases First Free Dark Web Scanning Product With Added Facebook Privacy Protection

    Retrieved on: 
    Thursday, August 8, 2019
    Digital media, Software, Operating systems, Terms of service, Digital rights, Human rights, Identity management, Internet privacy, Privacy, Facebook, Digital privacy

    LAS VEGAS, Aug. 7, 2019 /PRNewswire/ --Today,ID Experts announced public availability of its new free CyberScan dark web and social media scanning product.

    Key Points: 
    • LAS VEGAS, Aug. 7, 2019 /PRNewswire/ --Today,ID Experts announced public availability of its new free CyberScan dark web and social media scanning product.
    • Unlike other free dark web offerings, CyberScan not only perpetually scans all levels of the dark web surface, dark and deep for the user and provides them with ongoing monitoring and protection, but it reaches a third more of the dark web than other services.
    • CyberScan is part of the ID Experts MyIDCare family of digital privacy and identity protection services currently relied upon by millions of Americans.
    • By scanning the dark web, in conjunction with the Facebook network, ID Experts is better able to help consumers detect privacy issues before they become harmful.

    ID Experts® Urges Companies to Promote Privacy and Transparency, Cautions Consumers

    Retrieved on: 
    Monday, January 28, 2019
    Privacy, Information governance, Privacy law, Law, Terms of service, Security breaches, Identity management, Internet privacy, Medical privacy, Information privacy, Digital privacy, Data breach

    PORTLAND, Ore., Jan. 28, 2019 /PRNewswire/ --ID Experts, the leading privacy technology company in data breach and identity protection services, issued the following statement in honor of Data Privacy Day.

    Key Points: 
    • PORTLAND, Ore., Jan. 28, 2019 /PRNewswire/ --ID Experts, the leading privacy technology company in data breach and identity protection services, issued the following statement in honor of Data Privacy Day.
    • Tom Kelly, president and CEO of ID Experts:"The world of identity protection and digital privacy is changing, but is consumer awareness changing with it?
    • We urge companies to increase transparency and follow through on commitments to protect personal data.
    • ID Experts is the leading pure-play privacy technology company in data breach and identity protection services.