You and Your Company’s Data: Is it Private?

You and Your Company’s Data: Is it Private?

Facebook privacy issues

Public privacy is an issue we face today, globally. Additionally, a comparison between UK and US privacy awareness. Finally, as Chief Privacy Officers are increasing in the government sector, PETs are on rise too. 

We need a global right to privacy in public spaces

Nowadays, digital surveillance combined with A.I. has become more and more invasive. The public’s privacy has now been of concern.

Fortunately, in-person surveillance is neither time-efficient nor cost-effective. However, our phones alone provide enough data to companies, whether is tracking our movements, our searches or our calls and texts. What’s worse, as facial recognition software develops, it will only become easier and easier to follow our every move.

Additionally, A.I. has boosted the invasiveness of public surveillance increasingly more, especially allowing recognition as we walk the streets.

Unfortunately, China is looking to harness this personal data for social control and behavioral engineering, in hopes to punish people for bad behavior and reward people for good behavior.

China is not alone, as there are other countries out there that are developing data harnessing technologies and selling them to government bodies to gain more control over their people.

Two major courses of action come from this: we need stronger controls on the production and sale of these tools and we need to define the rights to privacy in a public setting.

How employees and their organizations are prioritizing data privacy

It is now clear that UK is doing much better than the US in terms of data privacy, whether its a deeper understanding of the laws or better training opportunities.

A survey of 794 out of 1000 respondents in the UK was conducted both in the US and the UK, to check their knowledge of their organizations’ current stance on privacy regulations. It was found that about 60% of employees in both countries handle sensitive information every day. Additional results indicated that while only 17% of UK respondents were unaware of privacy laws, a stunning 52% of US respondents were unaware of their privacy laws dictating how their companies manage sensitive data.

Surprisingly, one year later, 84% of UK employees feel they understand their professional data compliance obligations and about half of the UK employees agree that their information is safer now with GDPR.

As we all know, privacy is a booming concern in our world today. Thus, it is beneficial to us all to get up to speed with all the laws and compliance methods related to privacy regulations today.

Privacy enhancing technology for data analysis

More and more government agencies are appointing CPOs, or Chief Privacy Officers, and with that, comes privacy-enhancing technology (PET).

What are PETs? They are technologies that enable agencies to leverage the increasing amount of data available for analysis, and at the same time, ensuring private information stays private.

To ensure privacy officers are familiar with PET, the Royal Society has recently published a report detailing five prominent PETs at the moment:

  • Homomorphic encryption
  • Trusted execution
  • Secure multiparty computation
  • Differential privacy
  • Personal data stores

These PETs help with secure access, but they also allow for joint analysis of data by several organizations and secured data outsourcing to the cloud.

Join our newsletter



Move over GDPR and CCPA: Time for NYPA to step in the spotlight

Move over GDPR and CCPA: Time for NYPA to step in the spotlight

Facebook privacy issues

Privacy regulations become more prominent as New York state considers their own version of CCPA. GDPR may help consumers and marketers more than you think. Facebook launching new app for data usage.

Move over CCPA? 

CCPA just became old news. Why? New York is considering a privacy act of their own: the New York Privacy Act, or the NYPA. Consumers protected in this act would receive a set of data privacy rights, and businesses affected by this act would receive a set of rules and duties to abide by.

Who does it affect? Similar to the CCPA, the NYPA applies to “legal entities that conduct business in New York” or that “intentionally target” residents of New York with their products or services.

Additionally, it will be an opt-in process where the user must provide express and consent.

Nonetheless, we look forward to seeing the status of this act progress from consideration to active leg

Why marketers and consumers should thank GDPR

Welcome to the new data privacy digital marketing reality.

It turns out, satisfying GDPR regulations not only helps the business stay compliant, but it also helps the business stay on the good side of the consumer.

Ad impressions have increased and costs have decreased. A marketer’s dream come true. One year after GDPR came into play, the results are informative and insightful. This new data privacy consciousness can be a win-win situation. Marketers can gain the insights and performance they need to achieve their objectives, while users can rely on privacy and greater control over their data. For example, Facebook users now have a new ‘clear history’ tool which anonymizes their off-Facebook web activity, and disables the Facebook tracking pixel. A happy consumer, is a happy government, is a happy business.

Facebook to launch new app for data collection

Facebook says the new app, called ‘Study’, will collect information about which apps people are using and for how long. Considering Facebook was under scrutiny for its previous two similar apps infringing on privacy, they have stated that this app is different.

Using the app, they plan to collect and analyze information including: which apps are installed on the user’s phone, user’s country, device and network type, as well as the time spent on each app.

“We have a responsibility to keep people’s information safe and secure. With this app, we’re collecting the minimum amount of information needed to help us build better products”, says Facebook product manager, Sagee Ben-Zedeff. “People often have a lot of apps on their phone, so we’ll periodically remind participants that they are a part of the program. They’ll also have the opportunity to review the information they’re sharing with us”.

Join our newsletter



Weekly News #4

Weekly News #4

Facebook privacy issues

Nearly half of U.S.-based employees unfamiliar with emerging California Consumer Privacy Act (CCPA), which could affect businesses and innovators. Zuckerberg explains how Facebook gets ‘privacy-focused’, including how they will work with the online education site, Udacity. Similarly, Microsoft 365 to offer tighter security and privacy controls.

The CCPA basically oversees the collection and usage of data. Unfortunately, 46% of US workers do not know what CCPA is. Additionally, since experts expect the law to apply to more than 500,000 U.S. companies, more work is needed to train U.S. employees of this regulation.

Recently, a survey testing privacy knowledge was conducted on 1000 employees. Reports suggest that 12 percent of employees said they were unsure if they should report a cybercriminal stealing sensitive client data while at work. This issue demonstrates that there is a strong need for privacy awareness training in protecting sensitive information. That being said, a national data privacy standard must be addressed by Congress this year. However, there are risks involved, for example, if data rules are not done properly, it could harm startup culture and have a negative effect on innovators.

In other news, Zuckerberg’s plans to become more privacy-focused include end-to-end encryption for Messenger conversations and secure WhatsApp statuses that only friends can see. They are spending $3 billion to cover possible fines from the Federal Trade Commission over privacy violations in the past. In the future, they plan to emphasize private messaging and attain a bigger role in communities. Additionally, they will remove groups that have harmful content, supporting their motto, “The future is private”.

Facebook wants AI researchers to figure out privacy. They are currently working with Udacity, which is an online learning site, to try to enable AI research that doesn’t affect or harm privacy. As an incentive, they are offering scholarships to 5,000 people to encourage them to take a new Udacity course called Secure and Private AI. The idea is for people to learn how to apply techniques that AI powers are using.

Microsoft is also gearing towards better security, by strengthening security options available to Microsoft 365 customers. With access to new data controls, businesses will be able to better manage encrypted emails, prevent sharing of sensitive information, and investigate possible data errors. Using these controls, people can hone in on specific security issues, such as data leakage or phishing attacks. On top of that, Microsoft 365 is also adding a feature called Secure Private Channels, to help protect sensitive information from being unintentionally shared or leaked.

With large companies working to protect their consumers’ personal data, and CCPA working to enforce consumer rights, privacy has never been more prominent.

Join our newsletter



Weekly News #3

Weekly News #3

Facebook privacy issues

Experts predict that data privacy will take the center stage in 2019 and that organizations will have to fully embrace it. Google and other cloud providers are already jumping into the privacy wave by offering de-identification tools for healthcare data. 

Data privacy became a major topic in 2018. On one hand, GDPR came into effect in Europe affecting organizations from all over the world. On the other hand, massive cases of data breaches and data misuse where reported leading to customer concerns and legislators proposing new privacy laws.

2019 is expected to be a year in which organizations shift from considering privacy as a nice-to-have to a must-have. This shift will come in part from legislation but also from consumers demanding stronger data protection. Kristina Bergman, CEO of Integris Software Inc., predicts that in 2019 :

  • we will see the rise of the Chief Information Security Officer;
  • privacy and security will be seen as a continuum;
  • a growing conflict between privacy vs. the Data Industrial Complex;
  • the growth of data privacy automation.

In Canada, Howard Solomon interviewed four privacy and security experts, and these are their predictions:

  • David Senf, founder and chief analyst at the Toronto cyber consultancy Cyverity, predicts an increase in the demand of cybersecurity experts to protect against data breaches.
  • Ann Cavoukian, Expert-in-Residence at Ryerson University’s Privacy by Design Centre of Excellence, predicts that 2019 will be a “privacy eye-opener” with a growth of decentralization and SmartData.
  • Imran Ahmad, a partner at the law firm of Blake, Cassels & Graydon LLP, advises that HR should become more involved in preventing data misuse.
  • Ahmed Etman, managing director for security at Accenture Canada, warns that organizations have to be careful of cyberattacks against their supply chain.

Meanwhile, some organizations are jumping into the privacy wave by launching products to help their customers make better use of their data while protecting privacy:

One thing we can be sure in 2019 is that data privacy and security will continue to make headlines.

Join our newsletter



Weekly News #2

Weekly News #2

Facebook privacy issues

New information on Facebook’s user data misuse causes a $30 billion market-value loss. US senators propose the Data Care Act to regulate privacy across the 50 states. Reporting data breaches is now mandatory in Canada. The Department of Health and Human Services wants to modify HIPAA.

Facebook lost $30 billion in market value after the New York Times published on December 18 documents detailing different agreements that Facebook had with companies like Microsoft, Netflix, Spotify, Amazon, and Yahoo to access Facebook users’ data. For example, Netflix and Spotify could read users’ private messages. However, that was not everything. On December 14, Facebook notified its users of a bug in the Photo API that gave developers access to non-shared photos of 5.6 million users.

Pushed by the recent data breaches, 15 senators in the US proposed the Data Care Act on Wednesday to regulate privacy across the 50 states. The Data Care Act main guidelines are:

  • Duty of Care – Must reasonably secure individual-identifying data and promptly inform users of data breaches that involve sensitive information;
  • Duty of Loyalty – May not use individual-identifying data in ways that harm users;
  • Duty of Confidentiality – Must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual-identifying data;
  • Federal and State Enforcement – A violation of the duties will be treated as a violation of an FTC rule with fine authority. States may also bring civil enforcement actions, but the FTC can intervene;
  • Rulemaking Authority – FTC is granted rulemaking authority to implement the Act.

On November 1st, it became mandatory to notify data breaches in Canada. This is an important step for Canadian privacy regulation and is something that will require a shift in the operation of Canadian businesses because according to Statistics Canada only 10% of the businesses affected by a cyber attack reports it.

The Department of Health and Human Services (HHS) issued a Request For Information (RFI) for input on how to modify HIPAA on the following issues:

  • Encouraging information-sharing for treatment and care coordination;
  • Facilitating parental involvement in care;
  • Addressing the opioid crisis and serious mental illness;
  • Accounting for disclosures of protected health information for treatment, payment, and health care operations;
  • Changing the current requirement for certain providers to make a good faith effort to obtain an acknowledgment of receipt of the Notice of Privacy Practices;

After having a 2018 plagued with data breaches and important privacy regulation (GDPR), we can expect that 2019 will be a year in which protecting privacy becomes a must for public and private organizations. SC magazine has eight privacy predictions for 2019, most of them revolve around regulations and their impact on the behavior of organizations and consumers.

Join our newsletter