You and Your Company’s Data: Is it Private?

You and Your Company’s Data: Is it Private?

Facebook privacy issues

Public privacy is an issue we face today, globally. Additionally, a comparison between UK and US privacy awareness. Finally, as Chief Privacy Officers are increasing in the government sector, PETs are on rise too. 

We need a global right to privacy in public spaces

Nowadays, digital surveillance combined with A.I. has become more and more invasive. 

Fortunately, in-person surveillance is neither time-efficient nor cost-effective. However, our phones alone provide enough data to companies, whether is tracking our movements, our searches or our calls and texts. What’s worse, as facial recognition software develops, it will only become easier and easier to follow our every move.

Additionally, A.I. has boosted the invasiveness of public surveillance increasingly more, especially allowing recognition as we walk the streets.

Unfortunately, China is looking to harness this personal data for social control and behavioral engineering, in hopes to punish people for bad behavior and reward people for good behavior.

China is not alone, as there are other countries out there that are developing data harnessing technologies and selling them to government bodies to gain more control over their people.

Two major courses of action come from this: we need stronger controls on the production and sale of these tools and we need to define the rights to privacy in a public setting.

How employees and their organizations are prioritizing data privacy

It is now clear that UK is doing much better than the US in terms of data privacy, whether its a deeper understanding of the laws or better training opportunities.

In a survey conducted both in the US and the UK, to check employees knowledge of their organizations’ current stance on privacy regulations. It was found that about 60% of employees in both countries handle sensitive information every day. Additional results indicated that while only 17% of UK respondents were unaware of privacy laws, a stunning 52% of US respondents were unaware of their privacy laws dictating how their companies manage sensitive data.

Surprisingly, one year after the implementation of GDPR, 84% of UK employees feel they understand their professional data compliance obligations and  half  agree that their information is safer now with GDPR.

As we all know, privacy is a booming concern in our world. Thus, it is beneficial to us all to get up to speed with all the laws and compliance methods related to privacy regulations.

Privacy enhancing technology for data analysis

More and more government agencies are appointing CPOs, or Chief Privacy Officers, and with that, comes privacy-enhancing technology (PET).

What are PETs? They are technologies that enable agencies to leverage the increasing amount of data available for analysis, and at the same time, ensuring private information stays private.

To ensure privacy officers are familiar with PET, the Royal Society has recently published a report detailing five prominent PETs at the moment:

  • Homomorphic encryption
  • Trusted execution
  • Secure multiparty computation
  • Differential privacy
  • Personal data stores

These PETs help with secure access, but they also allow for joint analysis of data by several organizations and secured data outsourcing to the cloud.

Join our newsletter



CANON: Canadian Anonymization Network

CANON: Canadian Anonymization Network

Facebook privacy issues

CANON: Canadian Anonymization Network

The Canadian Anonymization Network (CANON) is a very big deal for Canada!

What is CANON? It is an unofficial network of data custodians from private, public and health, with a goal to promote anonymization as a privacy-mindful way to use data for economic gains. CANON has some of the largest data custodians all over the country!

What are CANON’s objectives?

  • Share and exchange information about internationally-evolving, legal, policy and technical standards on anonymization.
  • Develop a Canadian community of practice among stakeholders that rely on effective anonymization for the success of their organizations across the public and private sectors.
  • Educate the community at large about the effectiveness of alternative anonymization methods, and meaningfully contribute to discussions about risks and opportunities.
  • Identify emerging issues and challenges with anonymization, including re-identification risks, legal/policy constraints and ambiguities.
  • Advocate for balanced legislative and policy standards for anonymization that enable innovative and beneficial uses of data, while reasonably protecting against foreseeable privacy risks.

CryptoNumerics is pleased to join organizations like TELUS, Bell, TD, Microsoft, and IBM as part of CANON.

Key success indicators of the network include a better understanding of anonymization while not compromising the utility of data. Also, organizations will see a reduced amount of privacy risk and can thus be more confident in their analytical data usage.

While facilitated by stakeholders, this initiative aims to address many related concerns for the next few months.

For further information about CANON and its objectives, visit the CANON website.

Join our newsletter



Move Over GDPR and CCPA: Time for NYPA to Step in the Spotlight

Move Over GDPR and CCPA: Time for NYPA to Step in the Spotlight

Facebook privacy issues

Privacy regulations become more prominent as New York state considers their own version of CCPA. GDPR may help consumers and marketers more than you think. Facebook launching new app for data usage.

Move over CCPA? 

CCPA just became old news. Why? New York is considering a privacy act of their own: the New York Privacy Act, or the NYPA. Consumers protected in this act would receive a set of data privacy rights, and businesses affected by this act would receive a set of rules and duties to abide by.

Who does it affect? Similar to the CCPA, the NYPA applies to “legal entities that conduct business in New York” or that “intentionally target” residents of New York with their products or services.

Additionally, it will be an opt-in process where the user must provide express and consent.

Nonetheless, we look forward to seeing the status of this act progress from consideration to active leg

Why marketers and consumers should thank GDPR

Welcome to the new data privacy digital marketing reality.

It turns out, satisfying GDPR regulations not only helps the business stay compliant, but it also helps the business stay on the good side of the consumer.

Ad impressions have increased and costs have decreased. A marketer’s dream come true. One year after GDPR came into play, the results are informative and insightful. This new data privacy consciousness can be a win-win situation. Marketers can gain the insights and performance they need to achieve their objectives, while users can rely on privacy and greater control over their data. For example, Facebook users now have a new ‘clear history’ tool which anonymizes their off-Facebook web activity, and disables the Facebook tracking pixel. A happy consumer, is a happy government, is a happy business.

Facebook to launch new app for data collection

Facebook says the new app, called ‘Study’, will collect information about which apps people are using and for how long. Considering Facebook was under scrutiny for its previous two similar apps infringing on privacy, they have stated that this app is different.

Using the app, they plan to collect and analyze information including: which apps are installed on the user’s phone, user’s country, device and network type, as well as the time spent on each app.

“We have a responsibility to keep people’s information safe and secure. With this app, we’re collecting the minimum amount of information needed to help us build better products”, says Facebook product manager, Sagee Ben-Zedeff. “People often have a lot of apps on their phone, so we’ll periodically remind participants that they are a part of the program. They’ll also have the opportunity to review the information they’re sharing with us”.

Join our newsletter



Ontario Takes Action Against Privacy Breaches and GDPR After One Year

Ontario Takes Action Against Privacy Breaches and GDPR After One Year

Facebook privacy issues

Ontario looking into stronger privacy control to further protect citizens. Facebook under scrutiny once again over data privacy issues. Taking a look at GDPR one year later. 

Ontario takes action to protect privacy and personal data

79% of surveyed Ontarians believe data about people and businesses in Ontario need stronger protection. “Our government recognizes that the tremendous economic potential of emerging data technologies needs to be balanced with thoughtful and robust protections for the privacy and personal data of all Ontarians,” said Bill Walker, Minister of Government and Consumer Services. “We believe that Ontarians deserve to know and actively consent to the collection of data, how that data is used, and by whom”.

Three areas of focus include:

  • Promoting public trust and confidence
  • Creating economic benefit
  • Enabling a better, smarter, efficient government

Walker states that the Ontarian government is making sure the prime focus is the protection of personal privacy. He hopes our municipal and federal cohorts will do the same.

Judge orders Facebook to turn over records on data privacy

Facebook has been asked to turn over internal records regarding data privacy and access to user data by a judge in Delaware. This was the result of a lawsuit accusing Facebook’s mismanagement of data breaches. Furthermore, Facebook’s counter argument claiming that the investors had not stated a proper purpose for searching the company’s records, was rejected.

One year on, GDPR helps EU combat data privacy concerns, raises bar worldwide

The world as we know it changed when the GDPR came into action. Companies that were using data seamlessly were forced to invest in data centres and to regulate their data collection processes.

GDPR has introduced many new guidelines into the European consumer-business scene, such as the right to be forgotten, which simply means the company has to completely remove the user from their system altogether.

Every country or region is now trying to implement their own versions suitable for their own citizens. India was the first to come out with a similar law, followed by Brazil, Vietnam, China, Japan, Thailand and South Korea.

This cascading effect from GDPR shows light to a promising future of consumer privacy and regulation against the misuse of data. We look forward to seeing what these laws will do for us!

Join our newsletter



The Privacy Risk Most Data Scientists Are Missing

The Privacy Risk Most Data Scientists Are Missing

Facebook privacy issues

Data breaches are becoming increasingly common, and the risks of being involved in one are going up. A Ponemon Institute report (an IBM-backed think tank), found that the average cost of a data breach in 2018 was $148 per record, up nearly 5% from 2017.

Privacy regulations and compliance teams are using methods like masking and tokenization to protect their data — but these methods come at a cost.
Businesses often find that these solutions prevent data from being leveraged for analytics and on top of that, they also leave your data exposed.

Many data scientists and compliance departments protect and secure direct identifiers. They hide an individual’s name, or their social security number, and move on. The assumption is that by removing unique values from a user, the dataset has been de-identified. Unfortunately, that is not the case.

In 2010, Netflix announced a $1 million competition to whoever could build them the best movie-recommendation engine. To facilitate this, they released large volumes of subscriber data with redacted direct identifiers, so engineers could use Netflix’s actual data, without compromising consumer privacy. The available information included users’ age, gender, and zip code. However, when these indirect identifiers (also known as quasi-identifiers) were taken in combination, they could re-identify a user with over 90% accuracy. That’s exactly what happened, resulting in the exposure of millions of Netflix’s consumers. Within a few months, the competition had been called off, and a lawsuit was filed against Netflix.

When it comes to the risk exposure of indirect identifiers, it’s not a question of if, but a question of when. That’s a lesson companies have continuously found out the hard way. Marriott, the hotel chain, faced a data breach of 500 million consumer records and faced $72 million in damages due to a failure to protect indirect identifiers.

Businesses are faced with a dilemma. Do they redact all their data and leave it barren for analysis? Or do you leave indirect identifiers unprotected, and create an avenue for exposure that will lead to an eventual leak of your customers’ private data?

Either option causes problems. That can be changed!

That’s why we founded CryptoNumerics. Our software is able to autonomously classify your datasets into direct, indirect, sensitive, and insensitive identifiers, using AI. We then use cutting-edge data science technologies like differential privacy, k-anonymization, and secure multi-party computation to anonymize your data while preserving its analytical value. Your datasets are comprehensively protected and de-identified, while still being enabled for machine learning, and data analysis.

Data is the new oil. Artificial intelligence and machine learning represent the future of technology-value, and any company that does not keep up will be left behind and disrupted. Businesses cannot afford to leave data siloed, or uncollected.

Likewise, Data privacy is no longer an issue that can be ignored. Scandals like Cambridge Analytica, and policies like GDPR, prove that, but the industry is still not knowledgeable on key risks, like indirect identifiers. Companies that use their data irresponsibly will feel the damage, but those that don’t use their data at all will be left behind. Choose instead, not to fall into either category.

Join our newsletter



Share Your Data to Live Longer. Companies Use A.I. to Protect Children.

Share Your Data to Live Longer. Companies Use A.I. to Protect Children.

Facebook privacy issues
Share your data to live a longer life. Build a complete privacy toolbox and stay privacy compliant. A.I. can now tell if a user browsing a site is an adult or a child. 

For a Longer, Healthier Life, Share Your Data

Share your data with others. Wait. What? You read it correctly. We don’t mean all of your data, just your health-related data.

According to data scientist, Luke Miner, from the New York Times’ Privacy Project, privacy-protection regulations are hindering AI programs in their quest to diagnose severe illnesses and even scan for genetic disorders. He says that we may not understand “that the scarcity of health care data imposes a significant cost on society” and that “A.I. has the potential to advance medicine across a broad range of subfields”.

Imagine what AI and health data combined can do for us. We could widen our knowledge of the human genome, segment cancerous cells, and even improve diagnoses accuracy. However, the HIPAA, or the Health Insurance Portability and Accountability Act, has made it difficult for medical professionals and hospitals to share their data with researchers and the fees associated with compliance of that data are extremely unreasonable.

Build the Complete Privacy Toolbox

Avoid data breaches and bad publicity by constructing a solid toolbox. Privacy breaches are not just about fines, they are also about deteriorating reputation, as customers are now becoming more and more aware of their rights and options.

The truth is, knowing how to apply different privacy management and privacy techniques at different times for different problems is very crucial. For example, tokenization is ideal for credit card data but it is not effective when protecting dates of birth.

Live by these principles and make privacy easier to manage:

  1. Centralized privacy policy
  2. De-identified and masked data
  3. Controlled and managed data linkages
  4. Strong data governance

Not only do your customers benefit, but so do you, as a business. Your reputation remains untarnished and your customers start trusting you, thus enhancing retention. Data privacy is bigger than ever – are you ready for it?

Is that kid browsing? AI can now tell…

CEO Dylan Collins, of company known as SuperAwesome, which makes safe internet products for children, says ticking a box to confirm you’re an adult is not enough these days. Of course kids will tick that box pretending to be adults!

There are many problems with this. First off, their privacy is now at risk. Secondly, they are now being tracked unnecessarily. In response to that, the company claimed that they have been undergoing testing on an AI system that detects whether a child or adult is browsing, thus eliminating the need for the skewed tick-box results.

“The signals we use range from the physical device to the nature of the content and how the content is being interacted with, to where on the screen is being tapped,” Collins said, at the Collision Conference in Toronto this week. “If it determines the person browsing is a child, the company can then decide to trigger additional privacy controls that prevent it from collecting browsing information or soliciting personal data from the child on the site, allowing it to remain compliant with federal law”.

Join our newsletter