This is Data Privacy Day, so here’s advice for consumers — take control over your privacy — and businesses — be transparent to customers.
Welcome to Cyber Security Today. It’s Monday January 28th. To hear the podcast, click on the arrow below:
 |
 |
 |
Today is Data Privacy Day, dedicated to raising awareness and promoting data protection best practices. Organizations are obliged under federal and provincial law in Canada, and state laws in the U.S., to protect personal information. But you have a great deal to do with ensuring control over your personal information online, and I’m going to talk about that today.
So before I get to things like, ‘Make sure you don’t give away too much while cruising the Internet,’ start with the basics: The best way to protect your privacy is through security. That means making sure your computer and smart phone have the latest versions of the operating system and applications, so they don’t get hacked. It means having anti-malware software on your computer. It means having safe passwords to login to your devices. It means using a password manager to generate those safe passwords. Or, create passwords out of easy to remember three-word sentences. It means using two-factor authentication in addition to a username and password for sensitive applications like your email, bank and social media. It mean having a different password for every sensitive site. It means when using your personal or office email or text messages to be careful of opening attachments and clicking on links in messages.
What about the right to privacy? There have been lots of news stories about Facebook, Twitter, Google, Amazon and others vacuuming up huge amounts of information about you and when you’ve been online. Sometimes they resell that data to others and heaven only knows how they use it.
Well, you have some responsibilities. You can ask companies how much data about you they collect and what they’re doing with it. It’s easy when installing an application to just click through the user licence and say, ‘I agree.’ Why not do some investigating about a company’s privacy policy before buying an app? If you don’t understand what the company is doing, find another app. You can demand a company be more clear before you give consent to the use of your data. Let the organization know you’re not happy. It works. Last year Statistics Canada decided the law allows it to compel banks to hand over customer spending data for analysis. The agency promised once it had the data it would be anonymized. That didn’t stop a lot of Canadians from protesting. Now the federal privacy commissioner is investigating.
Once online, use some common sense: Be wary of gambling sites, erotica sites and sites promising sales of products that are too good to be true. Think before you give away things like your birthday and phone number. Regularly review the privacy settings on your browser and apps — sometimes apps reset their privacy configurations after updates. And parents, teach your kids about how to be safe online.
For more see getcybersafe.ca as well as Stay Safe Online. And join a privacy group like Privacy International, or Canada’s Public Interest Advocacy Centre.
As for companies, the Internet Society has this advice: Be transparent to customers about your privacy practices, and show you’re sticking to what you promise. Establish clear safeguards for handling personal data. Commit to periodic independent security and privacy audits When something goes wrong, fess up.
And stop using user consent to excuse bad practices. Companies should not rely on. ‘Well, users give us consent to do this,’ to justify the legitimacy of their data handling practices. They should openly demonstrate that their practices are lawful, fair and in the interests of the user before seeking user consent. Users should not be asked to agree to data sharing practices that are unreasonable or unfair, or that they have no hope of understanding.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon.