You and Your Company’s Data: Is it Private?

You and Your Company’s Data: Is it Private?

Facebook privacy issues

Public privacy is an issue we face today, globally. Additionally, a comparison between UK and US privacy awareness. Finally, as Chief Privacy Officers are increasing in the government sector, PETs are on rise too. 

We need a global right to privacy in public spaces

Nowadays, digital surveillance combined with A.I. has become more and more invasive. The public’s privacy has now been of concern.

Fortunately, in-person surveillance is neither time-efficient nor cost-effective. However, our phones alone provide enough data to companies, whether is tracking our movements, our searches or our calls and texts. What’s worse, as facial recognition software develops, it will only become easier and easier to follow our every move.

Additionally, A.I. has boosted the invasiveness of public surveillance increasingly more, especially allowing recognition as we walk the streets.

Unfortunately, China is looking to harness this personal data for social control and behavioral engineering, in hopes to punish people for bad behavior and reward people for good behavior.

China is not alone, as there are other countries out there that are developing data harnessing technologies and selling them to government bodies to gain more control over their people.

Two major courses of action come from this: we need stronger controls on the production and sale of these tools and we need to define the rights to privacy in a public setting.

How employees and their organizations are prioritizing data privacy

It is now clear that UK is doing much better than the US in terms of data privacy, whether its a deeper understanding of the laws or better training opportunities.

A survey of 794 out of 1000 respondents in the UK was conducted both in the US and the UK, to check their knowledge of their organizations’ current stance on privacy regulations. It was found that about 60% of employees in both countries handle sensitive information every day. Additional results indicated that while only 17% of UK respondents were unaware of privacy laws, a stunning 52% of US respondents were unaware of their privacy laws dictating how their companies manage sensitive data.

Surprisingly, one year later, 84% of UK employees feel they understand their professional data compliance obligations and about half of the UK employees agree that their information is safer now with GDPR.

As we all know, privacy is a booming concern in our world today. Thus, it is beneficial to us all to get up to speed with all the laws and compliance methods related to privacy regulations today.

Privacy enhancing technology for data analysis

More and more government agencies are appointing CPOs, or Chief Privacy Officers, and with that, comes privacy-enhancing technology (PET).

What are PETs? They are technologies that enable agencies to leverage the increasing amount of data available for analysis, and at the same time, ensuring private information stays private.

To ensure privacy officers are familiar with PET, the Royal Society has recently published a report detailing five prominent PETs at the moment:

  • Homomorphic encryption
  • Trusted execution
  • Secure multiparty computation
  • Differential privacy
  • Personal data stores

These PETs help with secure access, but they also allow for joint analysis of data by several organizations and secured data outsourcing to the cloud.

Join our newsletter



CANON: Canadian Anonymization Network

CANON: Canadian Anonymization Network

Facebook privacy issues

CANON: Canadian Anonymization Network

The Canadian Anonymization Network (CANON) is a very big deal for Canada!

What is CANON? It is an unofficial network of data custodians from private, public and health, with a goal to promote anonymization as a privacy-mindful way to use data for economic gains. CANON has some of the largest data custodians all over the country!

What are CANON’s objectives?

  • Share and exchange information about internationally-evolving, legal, policy and technical standards on anonymization.
  • Develop a Canadian community of practice among stakeholders that rely on effective anonymization for the success of their organizations across the public and private sectors.
  • Educate the community at large about the effectiveness of alternative anonymization methods, and meaningfully contribute to discussions about risks and opportunities.
  • Identify emerging issues and challenges with anonymization, including re-identification risks, legal/policy constraints and ambiguities.
  • Advocate for balanced legislative and policy standards for anonymization that enable innovative and beneficial uses of data, while reasonably protecting against foreseeable privacy risks.

CryptoNumerics is pleased to join organizations like TELUS, Bell, TD, Microsoft, and IBM as part of CANON.

Key success indicators of the network include a better understanding of anonymization while not compromising the utility of data. Also, organizations will see a reduced amount of privacy risk and can thus be more confident in their analytical data usage.

While facilitated by stakeholders, this initiative aims to address many related concerns for the next few months.

For further information about CANON and its objectives, visit the CANON website.

Join our newsletter



The Privacy Risk Most Data Scientists Are Missing

The Privacy Risk Most Data Scientists Are Missing

Facebook privacy issues

Data breaches are becoming increasingly common, and the risks of being involved in one are going up. A Ponemon Institute report (an IBM-backed think tank), found that the average cost of a data breach in 2018 was $148 per record, up nearly 5% from 2017.

Privacy regulations and compliance teams are using methods like masking and tokenization to protect their data — but these methods come at a cost.
Businesses often find that these solutions prevent data from being leveraged for analytics and on top of that, they also leave your data exposed.

Many data scientists and compliance departments protect and secure direct identifiers. They hide an individual’s name, or their social security number, and move on. The assumption is that by removing unique values from a user, the dataset has been de-identified. Unfortunately, that is not the case.

In 2010, Netflix announced a $1 million competition to whoever could build them the best movie-recommendation engine. To facilitate this, they released large volumes of subscriber data with redacted direct identifiers, so engineers could use Netflix’s actual data, without compromising consumer privacy. The available information included users’ age, gender, and zip code. However, when these indirect identifiers (also known as quasi-identifiers) were taken in combination, they could re-identify a user with over 90% accuracy. That’s exactly what happened, resulting in the exposure of millions of Netflix’s consumers. Within a few months, the competition had been called off, and a lawsuit was filed against Netflix.

When it comes to the risk exposure of indirect identifiers, it’s not a question of if, but a question of when. That’s a lesson companies have continuously found out the hard way. Marriott, the hotel chain, faced a data breach of 500 million consumer records and faced $72 million in damages due to a failure to protect indirect identifiers.

Businesses are faced with a dilemma. Do they redact all their data and leave it barren for analysis? Or do you leave indirect identifiers unprotected, and create an avenue for exposure that will lead to an eventual leak of your customers’ private data?

Either option causes problems. That can be changed!

That’s why we founded CryptoNumerics. Our software is able to autonomously classify your datasets into direct, indirect, sensitive, and insensitive identifiers, using AI. We then use cutting-edge data science technologies like differential privacy, k-anonymization, and secure multi-party computation to anonymize your data while preserving its analytical value. Your datasets are comprehensively protected and de-identified, while still being enabled for machine learning, and data analysis.

Data is the new oil. Artificial intelligence and machine learning represent the future of technology-value, and any company that does not keep up will be left behind and disrupted. Businesses cannot afford to leave data siloed, or uncollected.

Likewise, Data privacy is no longer an issue that can be ignored. Scandals like Cambridge Analytica, and policies like GDPR, prove that, but the industry is still not knowledgeable on key risks, like indirect identifiers. Companies that use their data irresponsibly will feel the damage, but those that don’t use their data at all will be left behind. Choose instead, not to fall into either category.

Join our newsletter



Weekly News #7

Weekly News #7

Facebook privacy issues
Share your data to live a longer life. Build a complete privacy toolbox and stay privacy compliant. A.I. can now tell if a user browsing a site is an adult or a child. 
For a Longer, Healthier Life, Share Your Data

Share your data with others. Wait. What? You read it correctly. We don’t mean all of your data, just your health-related data.

According to data scientist, Luke Miner, from the New York Times’ Privacy Project, privacy-protection regulations are hindering AI programs in their quest to diagnose severe illnesses and even scan for genetic disorders. He says that we may not understand “that the scarcity of health care data imposes a significant cost on society” and that “A.I. has the potential to advance medicine across a broad range of subfields”.

Imagine what AI and health data combined can do for us. We could widen our knowledge of the human genome, segment cancerous cells, and even improve diagnoses accuracy. However, the HIPAA, or the Health Insurance Portability and Accountability Act, has made it difficult for medical professionals and hospitals to share their data with researchers and the fees associated with compliance of that data are extremely unreasonable.

Build the Complete Privacy Toolbox

Avoid data breaches and bad publicity by constructing a solid toolbox. Privacy breaches are not just about fines, they are also about deteriorating reputation, as customers are now becoming more and more aware of their rights and options.

The truth is, knowing how to apply different privacy management and privacy techniques at different times for different problems is very crucial. For example, tokenization is ideal for credit card data but it is not effective when protecting dates of birth.

Live by these principles and make privacy easier to manage:

  1. Centralized privacy policy
  2. De-identified and masked data
  3. Controlled and managed data linkages
  4. Strong data governance

Not only do your customers benefit, but so do you, as a business. Your reputation remains untarnished and your customers start trusting you, thus enhancing retention. Data privacy is bigger than ever – are you ready for it?

Is that kid browsing? AI can now tell…

CEO Dylan Collins, of company known as SuperAwesome, which makes safe internet products for children, says ticking a box to confirm you’re an adult is not enough these days. Of course kids will tick that box pretending to be adults!

There are many problems with this. First off, their privacy is now at risk. Secondly, they are now being tracked unnecessarily. In response to that, the company claimed that they have been undergoing testing on an AI system that detects whether a child or adult is browsing, thus eliminating the need for the skewed tick-box results.

“The signals we use range from the physical device to the nature of the content and how the content is being interacted with, to where on the screen is being tapped,” Collins said, at the Collision Conference in Toronto this week. “If it determines the person browsing is a child, the company can then decide to trigger additional privacy controls that prevent it from collecting browsing information or soliciting personal data from the child on the site, allowing it to remain compliant with federal law”.

Join our newsletter



Weekly News #6

Weekly News #6

Facebook privacy issues

Smart homes are not so smart when it comes to protecting privacy. WhatsApp gets hacked by Israeli spies. Intel notifies customers about security flaws with chipNew regulations hint companies toward having better data management. Australian data breach affects 10 million civilians.

Smart Homes: Not so Smart

Smart homes definitely reduce effort and make life easier, but it comes at a cost. You and your family’s privacy is put at risk because of the trade-off between productivity and safety.

One of the most popular forms of a smart home is the digital assistant. Google Home and Alexa are the major players in this area. These devices are continuously listening for “activation” words or phrases and thus, your entire conversation history is saved in their server. As a result, many scary and embarrassing stories have surfaced, and yes, even from Amazon and Google products. 

If consumers do their part and take the necessary security steps, they should be able to enjoy the benefits of their smart home without paying a price. Here are some ways you can secure your smart home:

  • Review and delete your voice history from time to time.
  • Secure your network.
  • Change your wake or activation word or phrase.
  • Delete old recordings.
  • Strengthen your passwords.

Do everything you can to secure your home from being vulnerable to attacks.

WhatsApp Gets Hacked

WhatsApp, an app used by millions of people worldwide, has been compromised. On Tuesday, an Israeli spy firm injected malware into targeted phones to steal data, by simply placing a call. Recipients did not even need to answer the call. What’s worse, the call could not be traced in the log. The company states that only a select few have been affected, as they don’t know the exact number.

Intel Chip Suffers Security Flaws

In other news, Intel, also known as the worldwide computer chip maker, has just notified the world about a security flaw that can essentially prove to be harmful to millions of PCs. Attackers are able to get their hands on any data that a victim’s processor touches. Not scary at all.

New Regulations Call for Better Data Management

With privacy laws such as the GDPR and CCPA in place, businesses now need to allow for firmer data privacy enforcement. 

Every company we interact with uses our data-from The Weather Network to IBM. “The companies used the data to calibrate advertising campaigns to potential customers’ preferences, a type of personalization 90 percent of consumers say they find appealing,” says, Eric Archer-Smith, from BETA News. Although it helps with preferences and marketing, if found in the wrong hands, it could prove to be dangerous. Thus, companies today must find the perfect balance between personalization and privacy when collecting consumer data for analysis.

Australian Data Breach Affects 10 Million Civilians

The Office of the Australian Information Commissioner (OAIC) recently reported over 10 million people were hit in a single Australian data breach. Although the report did not specify the origin of the breach that affected these people, the breach was disclosed to be between January 1, 2019, and March 31, 2019. Furthermore, private health was yet again the most affected sector.

 

Join our newsletter



Weekly News #4

Weekly News #4

Facebook privacy issues

Nearly half of U.S.-based employees unfamiliar with emerging California Consumer Privacy Act (CCPA), which could affect businesses and innovators. Zuckerberg explains how Facebook gets ‘privacy-focused’, including how they will work with the online education site, Udacity. Similarly, Microsoft 365 to offer tighter security and privacy controls.

The CCPA basically oversees the collection and usage of data. Unfortunately, 46% of US workers do not know what CCPA is. Additionally, since experts expect the law to apply to more than 500,000 U.S. companies, more work is needed to train U.S. employees of this regulation.

Recently, a survey testing privacy knowledge was conducted on 1000 employees. Reports suggest that 12 percent of employees said they were unsure if they should report a cybercriminal stealing sensitive client data while at work. This issue demonstrates that there is a strong need for privacy awareness training in protecting sensitive information. That being said, a national data privacy standard must be addressed by Congress this year. However, there are risks involved, for example, if data rules are not done properly, it could harm startup culture and have a negative effect on innovators.

In other news, Zuckerberg’s plans to become more privacy-focused include end-to-end encryption for Messenger conversations and secure WhatsApp statuses that only friends can see. They are spending $3 billion to cover possible fines from the Federal Trade Commission over privacy violations in the past. In the future, they plan to emphasize private messaging and attain a bigger role in communities. Additionally, they will remove groups that have harmful content, supporting their motto, “The future is private”.

Facebook wants AI researchers to figure out privacy. They are currently working with Udacity, which is an online learning site, to try to enable AI research that doesn’t affect or harm privacy. As an incentive, they are offering scholarships to 5,000 people to encourage them to take a new Udacity course called Secure and Private AI. The idea is for people to learn how to apply techniques that AI powers are using.

Microsoft is also gearing towards better security, by strengthening security options available to Microsoft 365 customers. With access to new data controls, businesses will be able to better manage encrypted emails, prevent sharing of sensitive information, and investigate possible data errors. Using these controls, people can hone in on specific security issues, such as data leakage or phishing attacks. On top of that, Microsoft 365 is also adding a feature called Secure Private Channels, to help protect sensitive information from being unintentionally shared or leaked.

With large companies working to protect their consumers’ personal data, and CCPA working to enforce consumer rights, privacy has never been more prominent.

Join our newsletter