Andrew Wild, QTS Chief Information Security OfficerJanuary 26, 2017
A Look at Data Privacy in 2017
Did you know that Saturday, January 28th 2017 is Data Privacy Day (DPD)? It is internationally recognized as a day to reflect on privacy and data protection. It began as a strictly European commemoration of the signing of Convention 108, which was the first legal binding treaty on privacy and data protection. Events on DPD are focused on building awareness about the importance of privacy, data protection, and trust.
Privacy is recognized in most countries around the world as a fundamental human right and is afforded legal protection in most countries. However, advances in technology have significantly changed how we interact with each other as individuals, and as organizations. It’s no secret that the law struggles to keep up with the sweeping societal changes brought about by several technologies including the Internet, cloud computing, social networking, and big data analytics, and 2016 was full of many stories in which many people’s concept of privacy and the law were not aligned. Probably the biggest story in the 2016 was the legal battle between the FBI and Apple surrounding the FBI’s demand that Apple assist the FBI to gain access to an encrypted iPhone used by a man accused of conducting a terrorist attack in December of 2015 that killed 14 people in San Bernardino, California.
While probably not as well known, there were several other key events in 2016 that had significant privacy implications. Can the government compel an individual to provide biometric information to gain access to an encrypted device that is protected by biometric data? That question that is currently under review in the courts.
And it’s not just government actions that threaten our privacy, corporations have been increasing the volume of data they collect about each of us, as well as the retention periods for much of this data. As consumers, we are eager to use the latest technological device or service, but what is the potential impact to our privacy of using the device or service?
Most of us assume that there are laws to protect against corporations abusing the data we provide. Each of us have no doubt seen, if not read, the “privacy notifications” that are contained periodically in financial statements, or the privacy forms that we are required to complete when visiting a healthcare provider. However, the reality is that the laws as written never envisioned the ever-increasing amounts of data that is collected, combined with the advances in data analytics.
Take a minute to think of all the data, or “digital exhaust” that many of us are generating:
• Your car is likely equipped with many sensors that collect, store, and in some cases, transmits to a third part all kinds of data including your location and speed.
• Your mobile phone is constantly aware of your location, and thanks to the health and fitness monitors many of us wear, your heart rate and activity level.
• Furthermore, your mobile phone is constantly sending out wifi probes, which are somewhat unique and can be used by stores to track your movement within a store
• The new home automation device you bought likely contains a microphone that is always listening for the “wake up” word so that it can perform an action based your voice command.
• You share information on social network sites about where you are, what you ate, and who you’re with.
• Your thermostat monitors for activity in your home and it knows when no one is home and can save energy used for heating or cooling.
• Your bathroom scale is connected to the cloud and knows how much you weigh.
The amount of data that is now, and will be collected by networked sensors and IoT devices is huge and is growing. We must continue to ensure that our laws ensure that the access to, and use of this data is protected and understood. Each of us has a vested interest in ensuring the protection of our privacy.
For more information about Data Privacy Day, click here.
In my next post, I’ll describe what we can do as individuals to safeguard our privacy, and what organizations should do to ensure they are practicing good privacy practices.