Data Privacy - D200

From New Media Business Blog

Jump to: navigation, search

In today's day and age, personal data is becoming increasingly valuable to third-party stakeholders, with some holding it above oil. For businesses, data is their best insight into the behaviour of consumers and potential consumers, creating a direct relationship with profit and more effective decision making.

Personal data is any information relating to you, whether it relates to your private, professional, or public life. In the online environment, where vast amounts of personal data are shared and transferred around the globe instantaneously, it is increasingly difficult for people to maintain control of their personal information.

The following wiki highlights threats to consumer privacy in the forms of cybercriminals, data brokers, and businesses. It also provides concrete action that can be taken to protect your personal data.


Contents

Types of Data

Personally Identifiable Information

Personally Identifiable Information (PII) is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context [1]. To name a few, this includes full name, address, email address, passport number, drivers license, date of birth and phone number. The internet-based practice of researching and broadcasting private or identifiable information about an individual or organization is called Doxing [2]. With the majority of information held online, this is becoming more valuable and a common way to obtain highly sensitive data.

Financial and Payment Card Information

Financial information is proven to be the most valuable due to the ability to quickly gain a quick profit. Often times, cybercriminals buy pre-paid visa and gift cards through online purchases. Payment card details can be stolen through malicious software that records the keystrokes a user puts into the keyboard over a period of time. More often, financial information is stolen by people storing the information in an insecure manner. Cybercriminals use PII and Financial Information to apply for loans or credit cards, create counterfeit cards, pay bills, transfer money illegally, use information for blackmail/extortion, and to steal identities.

Credentials and Healthcare

Social media usernames and passwords, business email addresses, and other unique and private credentials hold high value to cybercriminals. This is due to the ability to then gain access to further information, especially with businesses. Healthcare facilities are known for their weak security systems, making them a vulnerable and a high target for attacks. Medical data is worth higher than credit card data with higher returns since it takes a much longer time for people and their providers to find out that their medical information has been duplicated; unlike banks who immediately stop transactions and cancel credit cards when fraudulent activity is detected.

Cybercrime

Cybercrimes are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet[3]. The type of attack varies from stealing an organization or governments intellectual property, bank account information, spreading viruses, posting confidential business information, or disrupting a country’s national infrastructure or political plan. Overall, the most common result of an attack is the use or misuse of information [4]. The most costly cyber crimes are those caused by denial of service, malicious insider and web-based attacks. These account for more than 58% of all cybercrime costs per organization on an annual basis [4]. PwC reported that the economic crime rate has been increasing year over year, with it currently at 49% in 2018, compared to 36% in 2016 [5]. As cybercrime rates rise exponentially and the rewards become more attractive, it will become an enterprise and market of itself. It is “practically infiltrating every sector of society”[6] and every person around the globe needs to take precautions to minimize the effect a cybercriminal can have on them and with their information.

Rise of economic crime [5]

According to a Symantec report in 2018, there has been a 600% increase in attacks against IOT devices since 2017 [7] This is caused by the ability to exploit the connectedness of these devices. In the past hackers would attack routers and modems. Although now, they are using it to attack a series of devices. IOT devices are highly vulnerable due to their poor security features, unpatched vulnerabilities by companies, and weak passwords by users. As well, IOT devices are a large target due to the increase in malicious coin mining by hackers.

Cybercriminals

Cybercriminals commit cybercrime. Cybercriminals are individuals who use technology to commit malicious activities on digital systems with the intention of stealing sensitive data and generating a profit [8]. There are many different types of cybercriminals, although the most common are hackers, ransom artists, and phishers. They primarily focus on platforms or programs that have a large number of users to victimize; very rarely do they focus on single individuals. The difference between cybercriminals and regular hackers are that acts are performed with malicious intent; while a hackers main purpose is to find new and innovative ways to use a system.

Top 10 countries affected by targeted attack [7]

Cybercrime Targets

Millennials are the highest target to cybercriminals, at a rate of 75%. This is due to their high number of accounts on various sites for online activities and their willingness to share more information than their older generations. As well, they are the most vulnerable due to their minimal awareness of the potential impact if their information were to get stolen or devices were to get hacked. In the second place, Males are most vulnerable at 71%. And lastly, employees at 64%. Employees are a highly valuable target due to the amount of information hackers can get from companies. As well, if they hold the company ransom, the payouts can be quite high if the information is confidential [9].

The originating countries of attacks [7]

The top 5 countries that were affected by targeted attacks are USA, India, Japan, Taiwan, and Ukraine [7]. USA’s large gap in first place is due to its powerful status, high population, and vast businesses that make it highly vulnerable. Although, attacks aren’t always for financial profit. They are often to know political agendas of certain countries. Thus, countries with regional tensions are frequently attacked as well.

The top 5 countries where attacks have originated from are China, USA, Brazil, Russia, and India [7]. China is known for stealing valuable technology blueprints and intellectual property to put their country ahead of others. Russia’s hackers often interfere with politics in several nations, steal political agendas, and assist the ones they support to come into power. With this in mind, some of these countries are considered safe havens for cybercriminals where authorities allow them to commit their actions.

International CyberSecurity Agreement

The French government has launched a Paris Call for Trust and Security in Cyberspace [10]. It is a coordinated effort to get countries to agree on a set of international rules for the cyberspace. This includes principles that would stop cyber attacks on critical infrastructure such as electrical grids and hospitals; combat intellectual-property theft online; improve the security of digital goods and services; and outlaw the use of cyber mercenaries to hide the real culprits behind attacks. This agreement is necessary since governments often stop investigations when a cyber attack goes through different countries since it is out of their bounds for investigation. It will result in more timely and effective global cooperation between businesses, governments, and society when dealing with cyber attacks and the rules governing international spaces. It has been signed by more than 50 states, European Union members, and technology giants such as Microsoft and Facebook. Although, the countries stated above as most involved in cyber attacks did not sign it. This includes Russia, China, USA, Iran, and Israel. This proves that even though many countries and companies can want changes, although the main actors in the cybercrime market will be the ones that need to make changes.

The Cybercrime Underground Market

Cybercriminals use the data they obtain in two ways. Either they exploit the data themselves for profit, or sell the data in the dark web. The dark web is a series of encrypted networks hidden from view that can only be accessed via special software. Users can surf the dark web with anonymity, thus the buying and selling of illegally obtained data can take place [11]. The cybercrime underground market is highly organized and hosts expert hackers. It allows hackers to sell their services to be used by others for an organized attack. It is also used for hackers to sell the information they have obtained through an attack. The FBI has stated that the cybercrime economy represents an underground market of $114 billion and explain that it operates like a legitimate global economy [12]. The annual cost of the cybercrime economy is reported by Mcafee to be $600 billion USD worldwide [13]. This is a large increase from the stated $445 billion USD in 2014. It is due to the growing number of hackers and their increase in technical knowledge and skills. As well, the cybercriminal industry has become more attractive to hackers due to its sophistication and high paybacks. The CTO of Mcafee stated, “We are seeing the bad actor community taking advantage of the innovation in the technology industry”[13]. As technology advances and is adopted by more of society, it is creating a secondary purpose by criminals in the cyberspace and used to their advantage.

Wannacry Ransomware Attack

Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid [14]. In May 2017, a worldwide cyberattack by the WannaCry ransomware cryptoworm was targeting computers running with the Microsoft Windows operating system. It was encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It infected 300,000 computers and demanded payments of $300 to $600 USD. Law enforcement had stated to not make payments as those who paid were not getting their information decrypted. The organization behind the attack was linked to team of expert hackers working for the North Korean Reconnaissance General Bureau [15]. From an investigation by Kaspersky labs, the most affected countries by the ransomware attack were Russian, India, Taiwan and Ukraine. These countries align with the countries stated above as the most targeted by cybercriminals. The breach was

Data Brokers

Data brokers are companies that collect personal information about consumers from public and non-public sources and resell the information to other companies [16]. A large purpose of this data is to assist businesses with targeted advertising and promotion strategies. Data collected is “anonymized”, meaning scrubbed of any personal identifiers, which is why the data broker economy is generally unknown to consumers. Despite this, data brokers pose various considerable privacy threats.

Overview of Data Collected[17]

Where do brokers get your information?

Rather than directly from consumers, data brokers gather information from third-party sources[18]. It is then aggregated and sold at a markup to interested parties, often businesses seeking information on their target markets for advertising purposes. Sources of data include the following:

Government

Data brokers collect information both from federal and local government agencies. Much of this information is publicly available online, thus coming at no cost to the brokers themselves. As a result, they can achieve considerable profit margins.

Key areas include:

  • Demographic information
    • Distributions of ethnicities, ages, education levels, household makeups/incomes, occupations, and commute times.
  • Geographic information
    • Roads, addresses, congressional districts, and boundaries for cities, counties, subdivisions, and school and voting districts.
  • Lists of individuals who are ineligible to receive government contracts or other benefits.
  • Lists of individuals/organizations who have filed for bankruptcies.
  • Address standardization and change of address information.
  • Professional licenses (eg. pilots, doctors, lawyers, architects)
  • Recreational licenses (eg. hunting, fishing)
  • Property and assessor records
    • Taxes, assessed value, mortgage releases, square footage, number of bathrooms and bedrooms.
  • Motor Vehicle and Driving Records
  • Court Records
    • Criminal records, civil actions and judgments, birth, marriage, divorce and death records.
Sources of Data[1]

Commercial Sources

Commercial sources are a major source of data for most brokers. In this case, they purchase transactional information about individuals from retail or catalog companies, which is then aggregated and sold to businesses at a markup. Data variables including the following [18]:

  • Purchase Type
  • Dollar Amount of Purchase
  • Date of Purchase
  • Type of Payment Used
  • Mailing List Information
    • Consumer Name
    • Email Address
    • Postal Code
  • Clickstream data
  • Self reported data
    • Marketing surveys
    • Warranty registrations
    • Contest entries

Public Sources

Public sources of data include all other information available publicly online. This is a result of consumers who create personal accounts on websites and do not set their privacy settings to restrict access to their information. Several social media sites provide data brokers with access to this information.

  • Social Media Profiles
  • Blogs

Notably, Facebook recently terminated their relationship with third-party data brokers[19] following consumer protests regarding privacy concerns. While they continue to use the data internally, the move drastically impacted shares of many data brokers including leader partner, Axciom, which saw a 16.8% decreased stock price overnight [20]. Other key retailers and customers do not seem to have followed suit, but this does indicate a possible downturn in the data broker industry in the future as customer awareness increases and action is demanded.

Major International Brokers

Due to minimal regulations, the FTC has reported that they are unclear how many data brokers exist in the world [21]. The following are the major data brokers that are well known internationally [22]:

  • Acxiom
  • eBureau
  • Epsilon
  • Equifax
  • Experian
  • Corelogic
  • Datalogix
  • ID Analytics
  • Intelius
  • PeekYou
  • Rapleaf
  • Recorded Future

Many brokers have long-standing partnerships with certain retailers, catalogues, or banks. Furthermore, a comprehensive study done by the Federal Trade Commission in 2014 found that brokers obtained a substantial portion of their data from other data brokers rather than directly from an original source. This indicates that in today’s privacy landscape, it may be virtually impossible for a consumer to determine how a data broker obtained his or her data; the consumer would have to retrace the path of data through a series of data brokers[23].

B2C Data

Perhaps one of the most intriguing aspects of the data brokerage industry is how widely accessible it is, yet generally unknown to the public. Major data broker, Epsilon Targeting, is one of few organizations to release a centralized database open not only to businesses but the average consumer. By accessing wwww.lists.epsilon.com[24], you can preview mailing list data for over 200 million U.S. consumers, ranging from music preferences to charitable donors. Data is grouped by demographics, financial, lifestyle, market trend, market indicator, and trigger variables. Prices range from, on average, $25-$75 per million instances of data [25].

Case Study: Ancestry.com

Uses of Healthcare Data[2]

Companies like Ancestry.com[26] and 23andme[27] have made millions on gathering customer DNA samples (saliva) and in turn providing genetic and ethnic background information [28]. This is referred to as Direct-to-Consumer (DTC) Genetic Testing, which promises to provide risk assessments for a variety of health conditions without the requirement of health care provider involvement which can be costly in some areas [29]. There has been recent controversy around the ownership of this genetic data. Their general privacy policy states that all biological samples are stored to be available for future testing. Upon further research, Ancestry.com states that you may phone in and ask for your saliva sample to be thrown away, and you can also delete your report from their database. However, they have included a clause stating that any research studies executed using your data before you make these requests will remain under their ownership [30]. Without strict regulations regarding ownership of DNA data, key future stakeholders include employers and health insurance agencies. The accessibility of personal healthcare information opens the doors to possible discrimination from these third parties. Unlike credit card or mailing information, genetic information is deeply personal and can not be changed in the event of a privacy breach. As a result, heavy research and assessment of corporate privacy policies are encouraged before submitting DNA to genealogy websites.

Privacy Concerns

Re-identification

A primary risk associated with the collection and sale of anonymized data is re-identification. Currently, individuals are legally protected against the disclosure of "personally identifiable information" which contains primary identifiers such as name, social security numbers, and medical conditions [31]. These primary identifiers can be linked back to one unique individual.

Data brokers purchase "scrubbed data", which removes the primary identifiers from each instance resulting in the data being "anonymized". There is no regulation against “anonymized” data: it can be sold to anyone and used for any purposes. The theory is that once the data has been scrubbed, it cannot be used to identify an individual person and is therefore safe for analysis.

Unfortunately, scrubbed data can often be re-identified by combining two or more sets of data to find the same user in both. This allows scrubbed data to be traced back to the individual user to whom it relates.

Alongside this, it is difficult to ensure that data brokers are receiving thoroughly scrubbed data due to the anonymity and lack of legal regulation surrounding common processes and procedures within the industry. Re-identification of data is a key privacy threat surrounding how data brokers operate today.

Attraction of cybercriminals

Data brokers are an attractive threat to cybercriminals, considering the mass amounts of consumers data they hold from a variety of different retailers and sources. Rather than just targeting one organization, cybercriminals may find it appealing to gather a range of consumer data for possible de-scrubbing and sale.

It is again unclear to the average consumer the level of security technology data brokers have against cybercriminals, as well as how seriously they consider these threats.

Both these issues stem from a lack of legal regulation, with considerable efforts being made by third-parties to introduce new Bills and Acts dedicated to protecting consumer privacy.

Legal regulations

The practice of compiling and selling individuals personal information for profit raises various privacy concerns. Regulations are critical for individuals to understand how they can gain control of their information, and for brokers to support consumer control and transparency. Unfortunately, both Canadian and American jurisdictions on the topic are quite outdated and have not supported the immense growth of the industry, as well as its implications on national citizens. [32]

American Laws

A single comprehensive privacy legislation does not exist in the United States, however there is an overlap of multiple state and federal statutes, regulations, and common law torts that make up the national privacy and data security requirements. A key entity to note is the Federal Trade Commission, an independent agency of the United States government whose purpose it to promote consumer protection and eliminate anticompetitive business practices. They have been actively researching the implications of data brokers on consumer rights for the past several years. [33]

Since 2002, all states have mandated statutes that require government notice upon data breaches. This also includes Third-Party Notice, where if you maintain covered information on behalf of another entity, you must notify them immediately following discovery [34]. While an important law, this response should be considered the bare minimum expected of data brokers when handling valuable consumer data.

Section 5 of the Federal Trade Commission Act empowers the Federal Trade Commission to act against organizations for “unfair or deceptive acts or practices in or affecting commerce”. The authority is limited to the following three-part test:

  1. the act or practice caused or is likely to cause substantial injury to consumers;
  2. the injury was not outweighed by countervailing benefits to consumers or competition; and
  3. the injury was not reasonably avoidable by consumers.

As this act is not tailored to the data brokerage industry, the scope of action that can be taken by the FTC is also limited.

All statutes and bills in the United States are limited to some extent by the freedom of speech clauses included in the First Amendment. This has empowered data brokers in the United States with the assumption that their free speech rights will counteract most efforts to regulate their use of data.

Future Legal Implications:

Several efforts have been made to introduce bills specifically aimed at the data broker industry to congress. Most notably is Bill S.1815[35], Data Broker Accountability and Transparency Act of 2017, which requires the following :

  1. Data brokers must establish procedures to ensure the accuracy of the personal information they collect, assemble, or maintain, and provide individuals a cost-free means to review their personal or identifying information.
  2. Individuals may dispute the accuracy of their personal information with a written request that the data broker make a correction.
  3. Data brokers must provide individuals with a reasonable means of expressing a preference to exclude their information from being used, shared, or sold for marketing purposes.


After being introduced on September 14, 2017, the bill has been read twice and referred to the Committee on Commerce, Science, and Transportation. It is unclear when or if further action will be taken by the United States Government on introducing more comprehensive regulations to this industry.

Canadian Laws

In Canada, the Personal Information Protection and Electronic Document Act (PIPEDA)[36] applies to all organizations that collect, use and disclose personal information in the course of commercial activity.


The purpose of PIPEDA is to establish rules to govern the collection, use and disclosure of personal information while balancing both individual privacy rights and legitimate business needs. It ensures that organizations provide individuals with the opportunity to control the collection of their information by ensuring protection over the broader lifecycle of information by data brokers.

One point to note is that PIPEDA focuses on personal information which refers to information that can be directly traced back to an individual using personal identifiers. Bill S-4[37] was introduced in 2014, which proposes to amend PIPEDA to expand on this definition to provide a more comprehensive view of the information used by data brokers, however at this point no action has been taken to pass the Bill.

Targeted advertising

Businesses purchasing data from brokers often use this for targeted advertising. By gathering an idea of who their target customers are (things like their demographics, interests, and spending habits), they are able to display more relevant ads to draw a higher purchase conversion rate. The industry is expected to only grow as consumer profiles become more interconnected through the rise of IoT technologies such as smartphone interfaces [38]. Some consumers prefer targeted advertising, saying it allows them to find “exactly what they’ve been looking for” while on the other hand it may be found irritating or make consumers uncomfortable.

With an understanding of consumer behaviour in mind, targeted advertising has an explicit potential for encouraging certain attitudes or decisions. Humans are triggered by events in their day to day lives which draw actions, not excluding repetitive resurfacing of advertisements.

There has been some discussion around discrimination in online targeted advertising, for which it is critical to have an understanding. One study investigated instances such as the ability to exclude people based on their "ethnic affinity" when targeting ads related to housing, which Facebook later banned in 2017 [39]. Earlier in 2018, it was found that certain keywords could be typed into Google's ad platform which would run your ads next to racist searches [40]. Again, this was only disabled after flagged to the organization's attention.

There is a fine line between marketing and discrimination for advertisers using targeting strategies. Key players like Facebook must establish an understanding of these threats and focus their resources on creating policies and proactive software features to respond accordingly. On a smaller scale, fortunately, there are ways to opt out of targeted advertising on most platforms if this bothers you:

Opt Out of Targeted Advertising on Google
Google - Block Certain Ads [41]

Protect Yourself From Data Brokers

There are concrete actions that can be taken to prevent data brokers from gathering your information. While the following list does not cover all the potential brokers expanding internationally, it provides a drastic increase in personal privacy. Awareness is key as more risks are addressed and landscapes change in the future.

  1. Opt Out of as many data brokers that collect your personal information. A full list of opt-out links can be found at StopDataMining.me.
  2. Stay logged out of online services such as Google or Facebook when browsing the web.
  3. Limit who has your real email. Use disposable email accounts for one time online services.
  4. Make sensitive online purchases with a gift card or disposable credit card.
  5. Use a VPN (virtual private network) to encrypt your data.

The Future of Data Brokers

As more and more consumers grow aware of the risks associated with publicizing their data and opt out, there may come a point where data brokers lack the supply of high quality data they need to create value for businesses.

The PDATA token ecosystem[42] predicts that in the future, businesses will need to purchase data directly to fill the imbalance of supply on the market. It is the first Ethereum blockchain based marketplace for the secure and transparent buying and selling of consumer data. Opiria-Platform enables you to earn money by selling your data, where companies can buy data directly from you and compensate you with PDATA tokens. While this shift realistically seems to be a few years away, with many consumers still unaware just how valuable their data really is, it is an interesting trend to keep an eye out for.

We can also assume that data brokers will make efforts to increase transparency in an attempt to reduce pushback from consumers. Acxiom, an industry leader, has begun leading this initiative by allowing consumers to view personalized data reports and make edits on aboutthedata.com[43]. While the site seems to leave out many data elements that Acxiom claims to provide it's corporate clients (such as whether a person is a "potential inheritor", or a household has "senior needs"), Acxiom executives state that first version of the site includes what it considers its core data about consumers, but that they plan to add information categories to the site on a regular basis [44].

Businesses

The phrase ‘data is the new oil’ is becoming more and more ubiquitous [45]. Technology like big data and machine learning has enabled for businesses to capture and analyze a business’ data in order to create insights and better understand their consumers. Extracting data from customers has become a huge focus for companies. The ability to capture information and store large amounts of data in a consumer base is becoming more and more integral to businesses. Companies are even building their business model around consumer data whether they sell to a third party or design advertisements for their given platforms. A few examples of how companies use data as a resource commodity include: mining for market trends, predicting employee success, guiding your next purchase, discovering lifestyle changes, maximizing in-app purchases, and crawling email for interests [46]. In particular, tech giants, including Facebook and Google have become notorious for their data collection. Here are the ways in which Facebook and Google capture user data, what they do with the information and tips on maximizing your privacy on the respective platform.

Facebook

Today it is common knowledge that Facebook has some type of our information to be able to be on the platform such as our basic information, photos, and interests. However, Facebook has much more data on people than most of realize. Facebook is constantly collecting the personal data put on the platform; from relationships status to user likes. Personal information is the fuel for their organization as they aggregate this data to understand who you are. Here are a few examples of how Facebook is using consumer data today:

  • Facebook tracks an enormous amount of locational data, where you visit, where you work, where you live, and uses this information to target local advertisements at you. Locational data on Facebook can also compromise who lives with you -- even if you have no affiliation with them on Facebook.
  • Facebook uses the same set of data to target you with ads on Instagram/Messenger that is uses to target you with ads on Facebook
  • Facebook and the platform's integrated entertainment, such as the personality quizzes or games, may seem harmless to engage with. However, all your Facebook content is shared with third party affiliates. These include applications that are layered on top of Facebook as they have access to your personal data.
  • Facebook shares your data with businesses or advertisers (ie. Uber, Spotify)
  • More recently, Facebook also has the ability to use existing data to predict life outcomes with predictive analytics and machine learning. From health, political interests and life events, advertisers on Facebook know a lot about you.

According to new research, your Facebook profile and online indentity can be monetized in the dark web. A report by Fractl found that all that personal data from Facebook and other accounts are being illegally sold on the dark web for little more than a few dollars. For instance, the firm found Facebook logins sold for $5.20 each while credentials to PayPal accounts went for an average of $247 [47] [48]

Facebook Privacy Tip

Facebook has seen a lot of criticism of how it uses and shares our personal data with others, especially after the Cambridge Analytica Scandal. Data privacy is not a new topic and should be considered carefully. The first form of data cleanup and response technique is to download all your archived Facebook data. This data includes almost every single interaction you've had with the social network since you joined and is the information advertisers use to learn more about you. Facebook allows you to download all of your data [49] which is the first way to do an intensive data cleanup.

Google

One could argue that Google is a basic human need. Google currently has seven unique products with over one billion monthly active users each [50]. However, Google is more than just a search engine, or even an Android platform. People are the foundation of Google’s product. Without consumer data, Google’s platform would have no value. The collection of data by Google is said to be for the betterment for their products and the retention of data help the organization to prevent spam and fraud. Google arguably has more information on users than Facebook. They can see a user’s emails, search history, payment information, location, and much more. Here are a few examples of what Google knows about you and how they use this data to ensure their product remains as state-of-the-art.

  • Google knows what you search, including your deleted searches. It allows users to tap into and see what the rest of the world is searching through their service called Google Trends [51].
  • Google knows your location, the length of time spent in a vehicle, and the routine routes you take.
  • Google has an advertisement profile design for you and knows exactly what you are interested in. Understanding people who use Google is what makes Google Ads so successful and appealing to advertisers.
  • Google knows the information in the apps and services your Google Account is linked to. Depending on the apps and services used, the types of information revealed to Google may include purchasing behaviour from your Amazon account or more access to photos through an online photo-editing app.
  • Google knows your entire YouTube Search and Watch history.
  • Google knows when you say its name. Therefore, some argue that Google is always listening.

Limiting information on Google

While Google has a lot of information on users, the good news is that they are extremely transparent with the data they use and hold. Like Facebook, Google also allows you to download your own archive of everything you have stored in Google's services. [52]

Here some ways to limit the certain types of information Google holds:

  • For searches, while they can’t be deleted they can definitely be managed. Under the Google Web & Activity Page [53] and go to "manage activity” in order to limit what Google stores.
  • For location, on the bottom of the "Location History Page" under Google Maps, tap the "Pause Location History" to prevent Google from further tracking.
  • For advertisements, in your Google Account, there is a section where you can Manage Ads Settings. In the top of the Manage Ads Settings Page, toggle the button to turn off "Ads Personalization." [54]

Digital Will

With all this information that businesses, data brokers, and criminals possess, it is important to note how our data is used now but in the future. A digital will is a document that instructs loved ones on how to manage your digital presence and assets after you’re gone [55]. A digital will seems necessary in today’s day and age as data has the innate ability to outlive the human race. While we have less access to the data that reaches the hands of criminals and data brokers, tech giants have provided a few opportunistic ways for us to manage our social legacy ahead of time.

Planning your digital legacy

  • Google: You can add up to 10 trusted contacts, who will receive an email that bequeaths files stored on a Google service if your account is left unattended between three and 18 months.
  • Facebook: You may nominate a legacy contact to manage your profile after your death. This could be memorializing the page, or closing it.
  • Instagram: Provides an option to memorialize an account, which means nobody can log in or change it. To memorialize an account, anyone can provide a link to an obituary or news article reporting the death. You can also request account closure.
  • Twitter: The only option is to deactivate the profile by submitting a form with information on the deceased, including a death certificate.
  • LinkedIn: Executors, colleagues or friends of the deceased can notify LinkedIn that someone has passed away, so their account can be closed and the profile removed. [55]

Authors

Sara Behrouzian Farah Kianipour Harmeen Khosa
Beedie School of Business
Simon Fraser University
Burnaby, BC, Canada
Beedie School of Business
Simon Fraser University
Burnaby, BC, Canada
Beedie School of Business
Simon Fraser University
Burnaby, BC, Canada

References

  1. https://en.wikipedia.org/wiki/Personally_identifiable_information
  2. https://en.wikipedia.org/wiki/Doxing
  3. https://en.wikipedia.org/wiki/Cybercrime
  4. 4.0 4.1 https://www.ponemon.org/local/upload/file/2012_US_Cost_of_Cyber_Crime_Study_FINAL6%20.pdf
  5. 5.0 5.1 https://www.pwc.com/gx/en/forensics/global-economic-crime-and-fraud-survey-2018.pdf
  6. https://resources.infosecinstitute.com/cybercrime-and-the-underground-market/#gref
  7. 7.0 7.1 7.2 7.3 7.4 https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf
  8. https://www.trendmicro.com/vinfo/us/security/definition/cybercriminals
  9. https://www.symantec.com/content/dam/symantec/docs/security-center/archives/istr-13-april-volume-18-en.pdf
  10. https://www.diplomatie.gouv.fr/en/french-foreign-policy/digital-diplomacy/france-and-cyber-security/article/cybersecurity-paris-call-of-12-november-2018-for-trust-and-security-in
  11. https://sysnetgs.com/2018/06/what-do-cybercriminals-do-with-the-data-they-steal/
  12. https://www.investopedia.com/financial-edge/0113/the-underground-internet-economy-of-cybercrime.aspx
  13. 13.0 13.1 https://phys.org/news/2018-02-global-cybercrime-bn-annually.html#jCp
  14. https://en.wikipedia.org/wiki/Ransomware
  15. https://en.wikipedia.org/wiki/WannaCry_ransomware_attack#cite_note-2
  16. https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf
  17. https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf
  18. 18.0 18.1 https://www.visualcapitalist.com/much-personal-data-worth/
  19. https://venturebeat.com/2018/03/28/facebook-ends-data-broker-partnerships-in-blow-to-targeted-ads/
  20. https://uk.reuters.com/article/us-acxiom-stocks/acxiom-shares-tank-after-facebook-cuts-ties-with-data-brokers-idUKKBN1H520U
  21. https://www.forbes.com/sites/bernardmarr/2017/09/07/where-can-you-buy-big-data-here-are-the-biggest-consumer-data-brokers/#767c3d1d6c27
  22. https://qz.com/213900/the-nine-companies-that-know-more-about-you-than-google-or-facebook/
  23. https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf
  24. http://lists.epsilon.com/
  25. https://epsilon.com
  26. www.Ancestry.com
  27. https://www.23andme.com/
  28. https://www.businessinsider.com/dna-testing-ancestry-23andme-share-data-companies-2018-8
  29. https://geneticseducation.ca/educational-resources/gec-ko-on-the-run/direct-to-consumer-genetic-testing/
  30. https://www.ancestry.com/cs/legal/privacystatement
  31. https://georgetownlawtechreview.org/re-identification-of-anonymized-data/GLTR-04-2017/
  32. https://www.priv.gc.ca/en/opc-actions-and-decisions/research/explore-privacy-research/2014/db_201409/#heading-003
  33. https://www.ftc.gov/
  34. https://www.dwt.com/statedatabreachstatutes/
  35. https://www.congress.gov/bill/115th-congress/senate-bill/1815
  36. https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/
  37. http://www.parl.ca/legisinfo/BillDetails.aspx?billId=6524311&Language=E
  38. https://www.gsma.com/iot/mobile-iot-introduction/
  39. http://proceedings.mlr.press/v81/speicher18a/speicher18a.pdf
  40. http://fortune.com/2017/09/15/google-facebook-racist-ads/
  41. https://support.google.com/ads/answer/2662922?hl=en
  42. https://opiria.io/
  43. https://aboutthedata.com/portal/login
  44. https://www.nytimes.com/2013/09/05/technology/acxiom-lets-consumers-see-data-it-collects.html
  45. https://www.cbc.ca/news/technology/data-is-the-new-oil-1.4259677
  46. https://www.villanovau.com/resources/bi/8-ways-companies-can-use-your-data/
  47. https://www.marketwatch.com/story/spooked-by-the-facebook-privacy-violations-this-is-how-much-your-personal-data-is-worth-on-the-dark-web-2018-03-20
  48. https://nypost.com/2018/10/01/hackers-are-selling-facebook-logins-on-the-dark-web-for-2/
  49. https://www.cnbc.com/2018/03/23/how-to-download-a-copy-of-facebook-data-about-you.htm.l
  50. https://techcrunch.com/2017/05/17/google-has-2-billion-users-on-android-500m-on-google-photos/
  51. https://trends.google.com/trends/
  52. https://takeout.google.com/settings/takeout
  53. https://myaccount.google.com/activitycontrols
  54. https://adssettings.google.com/authenticated
  55. 55.0 55.1 https://www.intheblack.com/articles/2018/06/01/why-have-digital-will


Personal tools