September 8th, 2015
Targeted behavioral advertising is where a user’s online activity is tracked so that ads can be served based on the user’s behavior. What began as online data gathering has expanding — now there’e the online and offline data collection and tracking of the habits of consumers. There have been numerous news stories about this privacy and surveillance issue. There is a fundamental issue about targeted behavioral advertising that divides industry and consumer advocates: opt-in or opt-out. Opt-in, the choice of consumer advocates, puts the burden on companies to have strong privacy protections and use limitations so consumers will choose to share their data. Opt-out, the choice of the majority of ad industry players, puts the burden on consumers to learn about what the privacy policies are, whether they protect consumer data, whom the data is shared with and for what purpose, and how to opt-out of this data collection, use and sharing.
Companies can also buy information on individuals from data collectors. At times, the information can be wrong, causing problems for individuals. Read a previous post for more about data brokers.
What happens when data is gathered as a person browses the Internet? It can lead to innocuous advertisements for cars when you’re searching for a new vehicle or boots when you’re considering replacing ones that wore out last winter. Or it can lead to a more difficult situation when you’re faced with ads strollers and car seats showing up on Web sites that you visit even though you had a miscarriage a month ago. It’s easy for advertisers to connect the dots when someone starts searching for infant safety gear or reading parenting Web sites and the person is unable to opt-out of targeted behavioral advertising. Read more »
August 19th, 2015
I’m taking some time off and will resume posting here in September. I’ll be posting sporadically on Twitter, so follow me there @privacylives if you want privacy news.
July 15th, 2015
There have been myriad data breaches and security problems recently with private and public sector systems. As more sensitive data is passed through more hands — corporate and government — there needs to be an emphasis on security.
Although the Consumer Financial Protection Bureau is focused on financial data, its call for privacy protections to be built into systems from the beginning is valuable for all sectors. In the case of the CFPB, it has set out guiding principles of data privacy and security for the creation of new payment systems.
These new systems are aimed at reducing “pocket-to-pocket” payment times between consumers and businesses or other entities. The CFPB wants to ensure any new payment systems are secure, transparent, accessible, and affordable to consumers. The systems should also have robust protections when it comes to fraud and error resolution. [...]
The CFPB wants to ensure that consumer protections are at the forefront as new and improved payment systems are developed. The protections recommended in today’s Consumer Protection Principles relate to privacy, transparency, costs, security, and consumer control. They also relate to funds availability, fraud and error resolution protections, and payment system accessibility. Read more »
June 4th, 2015
Update on June 7: There’s news that the Office of Personnel Management was hacked and the unencrypted personal data of 4.1 million current and former federal employees was accessed. It has been nine years since an unencrypted laptop and hard drive containing sensitive data on 26.5 million current military personnel, veterans, and their spouses were stolen from a Department of Veterans Affairs’ employee’s home. That security breach led to a push for the use of encryption throughout the federal government, and I hope this breach leads to stronger data protections.
For years, security and privacy professionals have been urging companies to encrypt their data so that when there are security breaches, there is less damage to individuals whose data is accessed. Yet we continue to read reports about companies failing to use this basic tool to secure information.
For example, California-based U.S. Healthworks recently revealed (pdf) that a password-protected yet unencrypted laptop was stolen from an employee’s vehicle. The health-care service provider told employees, “We determined that the laptop may have contained files that included your name, address, date of birth, job title, and Social Security number.”
Financial services company Sterne Agee and Leach was recently fined $225,000 and required to review its security protocols by the Financial Industry Regulatory Authority after a 2014 incident where a Sterne Agee employee lost an unencrypted laptop after leaving it in a restroom. The laptop included “clients’ account numbers, Social Security numbers and other personal information,” according to a news report. Read more »
May 20th, 2015
We’ve talked before about the various ways in which businesses have been tracking their employees. For a while, there was increasing focus on the practice by some employers of requiring job applicants or employees to hand over their passwords or allow access to their private accounts on social-networking sites in order to gather personal data when the social-networking profiles are closed to the public. States including California, Delaware, Illinois and Maryland passed laws to protect employees from such prying by employers; Maryland’s law includes exemptions for employers for some investigations into possible wrongdoing by employees.
Employers are also using key-logging technology to monitor workers’ keystrokes and Internet-tracking software to log the sites that employees visit. And business have also been tracking the movements of their workers. Read more »
April 22nd, 2015
I’ve written before about the increasing use of “digital signage.” What is “digital signage”? Most people have heard of the term connected with billboards or other screens that have cameras (and facial-recognition technology) to watch people watching ads in order to target advertising toward individuals. The data-gathering and surveillance practices raise substantial privacy questions.
The Los Angeles Times reported on the expansion of these digital billboards and their use of facial-recognition biometric technology in casinos, Chicago-area bars and more. USA Today and the New York Times have detailed safety problems that can arise from these digital billboards. BBC News has reported on the use of digital billboards in the United Kingdom. The Wall Street Journal has reported on digital signage use in Japan.
Now, Wired reports on the more widespread use of software from the artificial intelligence startup Affectiva that “will read your emotional reactions” in real time. “Already, CBS has used it to determine how new shows might go down with viewers. And during the 2012 Presidential election, [Affectiva's chief science officer Rana el Kaliouby’s] team experimented with using it to track a sample of voters during a debate. Read more »