On January 28, many Canadians (along with online citizens from around the world) will mark Data Privacy Day 2016, and they plan a number of activities to raise awareness about privacy and data protection issues, and to promote practices that best support and protect our privacy and security online.
In other words, people will be battling not just cybercriminals and identity thieves, but retail and consumer outlets, product developers and gadget makers, government agencies and law enforcement officials, even their own bodies.
In a recent Equifax Canada survey, more than half of Canadians surveyed said they worry about identity theft when shopping online (Equifax says it gets more than ten report about corporate data breaches every month) and those concerns are only getting worse.
Meanwhile, an Ontario Superior Court judge warned recently that personal information from “hundreds of thousands, if not millions” of Canadians was likely to be affected when police agencies request a so-called “tower dump” of mass cellphone records, or when technologies that capture record and analyze mass cell phone communications are used. In his court decision, Justice John Sproat ruled that police services in Ontario were in breach of the Charter of Rights and Freedoms when they asked Rogers and Telus to hand over the personal information—including deeply-revealing metadata—of over 40,000 customers.
The case makes a direct connection between the importance of privacy principles and Charter rights, noting that privacy is impacted not just by criminal interests, but commercial, jurisdictional and in fact operational issues as well.
For example, in yet another example of high-tech products and services being widely available and in use at the same time as known flaws exist in their security profile, vulnerabilities in mobile operator networks using the SS7 signalling protocol have been known to exist for a long time, but they only became headline news due to revelations made by ethical hackers at high profile security conferences.
Attacks on network operators and individual subscribers are enabled by the fault, through which mobile service subscribers can be located down to street level, their calls and messages tapped, and their subscriber profiles tampered with.
In spite of the many strategic, systemic or built-in threats to personal data privacy and online security, there are steps individuals can take to mitigate the risks, and the Office of the Privacy Commissioner of Canada is staging public discussions and providing tips about privacy and the risks that may result from the proliferation of personal information online, and our seeming willingness to ‘give it up’.
The OPC points out, for example, that many of today’s online business models (used by retail outlets, social media networks and streaming music services) depend on the users’ willingness to trade their personal information (i.e. data usage, personal contacts, social interests, last surfing experiences, even body functions and metabolism rates, etc., etc.) for benefits or access to services. In essence, personal information has become a commodity, the OPC notes, and big business is finding ways to profit from our information.
Understanding the inherent value in our data (not the ease with which we can share it) is one step to protecting it.
It’s one of many “best practices” being touted on Data Privacy Day, and privacy advocates at Ryerson University echo the sentiment, be aware (of the value) of what you share, and they have posted some Top Tips to enhance privacy protection.
A more comprehensive list of privacy tips and free tools that can help protect our data has been posted at Fried.com, where managing director Chris Beattie and site founder Jordan Fried have posted a 10,000+ word piece featuring must-know privacy tips. They also list over 150 free tools that can be used to protect users from unwanted surveillance and data malfeasance.
The folks behind Data Privacy Day have such a site, of course, and it also lists a number of direct links to ways update the privacy settings on many popular devices and online services. There’s also a social media campaign, #PrivacyAware, where other privacy tips are in the conversation.
Yes, as has been noted here before, in many ways having a day to ‘celebrate’ privacy is like having a day to celebrate, well, the Great Pumpkin, or the fact that Santa is coming! It’s a children’s fantasy, a moment of feel-good make-believe.
Data Privacy Day seeks to “empower and educate people to protect their privacy and control their digital footprint” but many tech observers have come to the realization that we are all co-conspirators in our own privacy violation.
That’s not just the result of our carelessness or inattention or bad online password practices, it is as the result of going online in the first place!
From cyber-criminality to targeted advertising, from corporate spies to commercial retailers, from government agencies to technology developers, it seems almost everyone is looking at our online activity. And not just looking: our digital fingerprints are being are being tracked, collected, stored, analyzed, cross-referenced and re-purposed, often without our knowledge and often by entities unknown to us.
Many people do not worry about data privacy: ‘I’ve got nothing to hide’, they say. Hoping it will make a difference and open some eyes, others ask, ‘Do you have nothing to protect? What about your name, address, charge card, vacation plans, medical history, physical whereabouts, friends’ privacy, daughter’s school records, personal bank account?’
So personal privacy officers and data protection advocates want you to observe the best practices online, not because they think you have something to hide, but because there is much of value online, a lot of it is yours, and we all want it protected.