Data Privacy Month

#PrivacyProject

What do the apps you use collect about you? How much control over your device and your information are you giving when you download them?  Are you concerned?  Should you be?  Do you take a look at their Privacy Notices or Statements before you download?

Take a look at this video from the #PrivacyProject:

The message: read those Terms & Conditions and Privacy Statements that apps publish before you download or give permission for an app to do something.  If you cannot find a privacy notice or a statement about how they use data or what control you are giving over, think twice before downloading or do more research about that app before using it.

I have Anthem. What should I do?

anthemvarvelcartoon
Cartoon by Gary Varvel

So since the Anthem data breach occurred, several people who either currently have or have had Anthem coverage have asked me what they should do.  To the best of my knowledge, Anthem has not yet sent out any notification letters informing individuals that their specific information was breached.  But, Anthem seems to know the universe of individuals whose information may have been compromised, and this is what they are using to notify the general public about the scope of the breach that has occurred. Anthem has set up a website to provide information about what happened and what data may have been compromised. For the time being, they are saying that if you are or have been a client of Anthem’s affiliated health plans and/or a member of other independent Blue Cross and Blue Shield plans in the last 10 years (essentially since 2004), you may be impacted.  Many companies who offer insurance through Anthem have posted links or emailed their employees about the fact that the breach occurred.  For my colleagues here at UConn, you may have seen that Kevin Lembo, the Comptroller for the State of Connecticut, has posted a notification to State Employees about the breach on the Office of the State Comptroller’s website.

So back to my post from yesterday:  I have just learned that my information may have been compromised in the Anthem Breach; what do I do?  Well, first I would start with Anthem’s informational website they created about the breach.  Anthem is offering an option for individuals who may have been impacted by the breach to protect themselves for the next 24 months (and some of the services carry over beyond 24 months depending on what you choose to do).

More information about what Anthem is offering through AllClear ID can be found here. But to get you started, AllClear ID is offering a couple of different options to those impacted by the Anthem breach:  AllClear Secure and AllClear PRO.  The services are very different.

So should you consider the services offered through AllClear ID?  Is AllClear ID reputable?  Is taking a wait-and-see approach and using AllClear Secure if you find your identity has been harmed later the right approach? What about the fact that you would have to give AllClear ID your social security number to enroll in AllClear PRO?

Enrolling in services such as those provided by AllClear ID is a personal choice.  If you are not opening up new credit any time soon (i.e., buying a car, opening a credit card, buying a home), you may be comfortable waiting or monitoring your credit on your own. If you are going to be opening up new credit, or do not want to monitor your credit on your own, you may want to consider AllClear PRO as an option.

Yes, AllClear ID is a known entity.  They have handled numerous of the large breaches.  In full disclosure, they are the vendor that UConn has used when we have had data breaches in the past. There are certainly other reputable companies in the marketplace that offer credit monitoring and/or identity repair services.  Your bank and credit card companies likely offer services as well.  Again, how you personally monitor your credit and your own sensitive information is a personal choice.

BUT, be aware that there are also scam artists out there looking to further take advantage of the vulnerability you are now feeling.

So here are my suggestions:

  1. Read the notifications you receive from your employer, on Anthem’s general breach information websites and should you receive one, direct notification to you from Anthem.
  2. Read the options that Anthem is offering through AllClear ID.  Call AllClear ID at 877-263-7995 and ask questions of their advisors if you feel you need more information about the services available.
  3. Think about your own personal situation.  Decide what (if any) sort of credit monitoring, protection, insurance and/or assistance might be useful for you.
  4. And again, going back to my blog post from yesterday, visit the Federal Trade Commission’s (FTC) identity theft information page, the Better Business Bureau, your State’s Attorney General (here is Connecticut’s) or Consumer Protection agencies, and the credit bureaus (Experian, Transunion, Equifax) for more information and other options to assist you.

I’ve just learned I’m a victim of a data breach. Now what?

So when I start writing most blog posts, I try to come up with an interesting blog title to grab your attention.  See above.  Check!  Next, I search the web for a great graphic (usually I Google it!) to add to the post.  For this post, I Google’d the phrase “data breach victim.”  Try Google’ing that and see what comes up.  I was hoping I might find a cartoon of a person looking defeated or scared.  Something witty by a cartoonist or journalist who could really capture what a data breach victim feels after learning his or her identity has been stolen.  But instead (spoiler alert!), what came up was a page full of brand marks of several of the largest corporations hit by hackers and data thieves in the last year or so. Here are just a few of the first ones that came up:

targetimage neimansimage michaelsimage anthemimage1 homedepotimageApparently, and quite properly, humor (and even sarcasm) are not the first reactions by anyone, including the cartoonists, when it comes to data breaches.  I scrolled through more than a hundred images (mostly breached company logos) before coming to one cartoon.  Serious stuff.

The first cartoon that came up kinda summed it up nicely, though:

homedepotexposedcartoon

You shop at a major retailer.  You work for a large corporation.  You are a client of an insurance company.  And you learn that the organization you shop at, your work for or who helps insure you that you trusted with your personal and/or financial information has been hacked.  You feel victimized.  You feel, well… exposed.  So what do you do next to protect yourself?

First, take a deep breath.  You may be frustrated, angry at the organization who you trusted to protect your data or wondering if your credit has been or will be compromised. Data breaches have become so common, that fortunately there are many resources to help you.

One of the most concise resources I found that summarized the steps you should take immediately, and then later if you do find your stolen data has been used is from the Federal Trade Commission (FTC).  There is a wealth of good information on the FTC’s page, including information about particular types of identity theft (medical, tax, children, etc.) and forms and sample letters to help you navigate various options to protect your information, or restore your identity if it has been harmed.  But assuming you have just learned that your information was involved in a data breach, here is the best way to get started according to the FTC:

Identity Theft

Identity theft happens when someone steals your personal information and uses it without your permission. It’s a serious crime that can wreak havoc with your finances, credit history, and reputation — and can take time, money, and patience to resolve.

What to Do Right Away

Immediate Steps to Repair Identity Theft

Here’s how to begin to limit the harm from identity theft.

What to Do Next

Extended Fraud Alerts and Credit Freezes

Placing both extended fraud alerts and credit freezes on your credit reports can make it more difficult for an identity thief to open new accounts in your name.

Repairing Your Credit After Identity Theft

Here are step-by-step instructions for disputing fraudulent charges and accounts related to identity theft.

Lost or Stolen Credit, ATM, and Debit Cards

Federal law limits your liability if your credit, ATM, or debit card is lost or stolen, but your liability may depend on how quickly you report the loss or theft.

There are many other great resources out there to guide you as well.  The Better Business Bureau, your State’s Attorney General (here is Connecticut’s) or Consumer Protection agencies, and the credit bureaus (Experian, Transunion, Equifax)  are great places to start from tips and road maps as well.

 

Privacy Tips for 2015

They say a picture is worth a thousand words.  I think this graphic really speaks for itself. We will be posting tips like this throughout the month of February as part of the Data Privacy Month initiative.  For now, what do you think of the tips in the graphic below?  What would you add as your Top Privacy Tips for 2015?

Privacy Tips for 2015
Courtesy of staysafeonline.org.

 

It’s Data Privacy Day!

TodayISDPD

Happy Data Privacy Day, everyone!  Just what is this Data Privacy Day?   Data Privacy Day is an international initiative led by the National Cyber Security Alliance, a non-profit, public private partnership focused on cyber security education for online citizens across the world.   Data Privacy Day began in the United States and Canada in January 2008. However, it was celebrated long before that as Data Protection Day in Europe.  The Data Privacy Day (and its predecessor Data Protection Day) commemorates the 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.  It is celebrated annually on January 28th around the world.  Extensive information about Data Privacy Day itself, and events being held regionally, in the U.S. and worldwide can be found on NSCA’s Official Data Privacy Day website.

So what can YOU do today to celebrate and recognize Data Privacy Day?  Think about your digital footprint.  What do you want your legacy to be online?  Think about what you share about yourselves, your family and your friends online.  Stop.Think.Connect.

If you spend time on social media, look for the following hashtags: #DPD15, #DPM15,#DataPrivacyDay, #Stop.Think.Connect.

Maybe even post some of these hashtags yourself.  And think about taking the ‪#‎datainnovationpledge‬ by posting “I Will Promote the Ethical and Innovative Use of Data! #datainnovationpledge ‪#‎DPD15‬” on your social media accounts today.

Happy Data Privacy Day, everyone!

Around the Water Cooler

watercooler

Ever wonder what privacy officers in higher education think about?  Here’s your opportunity to find out.  Today EDUCAUSE is hosting its final webinar of Data Privacy Month entitled, “Privacy Officers Around the Virtual Watercooler.”  Join 3 of my amazing colleagues from around the country as they discuss current privacy challenges on campus: Merri Beth Lavagnino of Indiana UniversityJane Rosenthal of University of Kansas and Kent Wada of UCLA.

Event Details

  • Date: January 30, 2013
  • Time: 1:00–2:00 p.m. (ET)

To join this webinar, simply go to the Adobe Connect  website: https://educause.adobeconnect.com/eduweb and select “Enter as a Guest.”

Feeling Social?

social networking
Photo credit–Security Office at the University of Arizona. Click on the graphic for more social networking privacy & data security tips from our peers in Arizona.

During this last week of Data Privacy Month (can you believe that January is almost over???), we are focusing on social networking.  Websites and Apps such as Facebook, Twitter, LinkedIn and others have become an integral part of the social and professional lives of many of us.  It is easy to connect with friends and colleagues, and to network and find new opportunities.  It is important to remember, however, that creating an online presence can create a reputation, for the positive or the negative.  It can also lead companies and advertisers to know your buying history, or identity thieves to figure out your passwords, credit card data and other sensitive information.

Here are some things to consider when engaging in social networking and sharing information about yourself online:

  • Think about what you share online on a typical day.  Do you really know what you are sharing and with whom?  Do you know how others might be using your information or collecting data about you?  (On that note, check out this article in this month’s Travel + Leisure Magazine!)
  • Once posted, always posted:   Assume that what you post (or what others post about you!) is permanent.  Think twice before posting pictures you wouldn’t want your parents or grandparents to see!
  • Protect your reputation on social networks.  Would you want a future employer to see that picture or know what you posted to a website?  Many employers and job recruiters run searches of applicants and future employees on search engines and social networking websites.  Take charge of your overall online reputation.
  • Know and manage your online “Friends.”  Be cautious of accepting a ”friend request” from people that you do not know.  Be wary of folks who may post photos or information about you that you might not want posted.
  • Be sure to review and update your privacy settings on a regular basis.  Social networking sites are known to change their privacy settings, privacy practices and terms of use, so keep up to date on what those networks are doing with data, and what your privacy options are.
  • Be cautious about clicking on ads on social networking sites and links posted by friends.  Many companies use social network advertising for data tracking and behavioral targeting.
  • More information about keeping a clean presence online while social networking can be found at staysafeonline.org.

Happy Data Privacy Day!

Below is a press release from the National Cyber Security Alliance (NCSA) about Data Privacy Day and events happening today around the world and online.  If you are interested, NSCA and others are sponsoring a colloquium in Washington, D.C. that is being streamed live on Facebook this morning and should be available later for replay.

DPDbanner

Celebrate Data Privacy Day Today and Focus on Personal Data Protection Year-Round

WASHINGTON, DC, January 28, 2013 – The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is officially kicking-off Data Privacy Day today along with Federal Trade Commissioner Maureen Ohlhausen and other privacy and security experts from AT&T, Facebook, Intel, MasterCard, Microsoft and the federal government during a forum at The George Washington University Law School from 8-11:30 a.m. ET. The event will be broadcast via Facebook Live from 8:30-11:30 a.m. ET at: http://bit.ly/privacyday2013.

The forum will explore respecting privacy, safeguarding data, privacy innovation and the implications for personal information in the digital age and the mobile environment. Daniel Solove, John Marshall Harlan Research Professor of Law at The George Washington University School of Law is the host of the event.

Data Privacy Day is celebrated across the United States, Canada, Council of Europe member countries, and a host of other countries across the globe. The day constitutes an international collaboration and nationwide effort to educate and raise awareness about data privacy, stewardship of data and protecting the privacy of personal information.

For the past five years, the U.S. Senate has designated January 28th as National Data Privacy Day.  Again this year, U.S. Senator Jay Rockefeller (D-West Virginia) is sponsoring a Senate resolution to encourage more people nationwide to be aware of data privacy and take all necessary steps to prevent data loss and respect privacy. The resolution calls on state and local governments, educators, privacy professionals, and corporations to observe the day with appropriate activities and initiatives that raise awareness about data privacy protection.

“Data Privacy Day highlights a year-round effort for all of us to improve measures to protect our personal data,” said Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA). “We want all digital citizens to feel like they have a choice in how their data is being collected, stored, and consumed and that starts with being educated about the privacy policies of online companies and Web properties. As society increasingly becomes more wired, it’s imperative we understand how to best protect our data.”

To mark Data Privacy Day 2013, Microsoft Corp. has also released new data reflecting consumers’ perceptions about how their information is used online. A main finding of the survey, which polled 1,000 American adults, is that forty-five percent said they have little or no control over the personal information companies gather about them while they are browsing the Web or using online services – such as photo-sharing, travel or gaming. More information about the survey and a series of short videos called “Privacy in Action” is available at: http://www.microsoft.com/yourprivacy.

Also in conjunction with Data Privacy Day, an updated edition of the best-selling digital citizenship book lol…OMG!, by Matt Ivester, tailored specially for high school students will be available for FREE download from Amazon until 11:59 p.m. PT on January 29th. lol…OMG! empowers students to clean up and maintain a positive online presence and to become responsible digital citizens. Intel and Reed Elsevier are underwriting the promotion. The free download of the book is available at: http://www.lolomgfree.com/.

For anyone interested in getting involved with Data Privacy Day in other ways, the Web portal offers tips and resources for parents, teachers, educators, businesses and others at: http://www.staysafeonline.org/dpd. Keep pace of Data Privacy Day happenings on Facebook and Twitter at: https://www.facebook.com/DataPrivacyNCSA and www.twitter.com/DataPrivacyDay and the DPD Twitter hashtag is #DPD13.

About Data Privacy Day

Led by the National Cyber Security Alliance, Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108 – the first legally binding international treaty dealing with privacy and data protection.  Intel is a Platinum sponsor of Data Privacy Day. Gold sponsors include AT&T, Facebook, Microsoft and Google. Intuit, MasterCard and The George Washington University Law School are Silver sponsors and Reputation.com is a Small Business Sponsor.