Tuesday, July 29, 2014

Danger! 3rd Party Data Sharing Threatens Little Red Riding Hood!

We may share your personal information …
In the war over our privacy rights, many people fail to remember that companies are not blindfolded superficial entities. They can be hundreds, thousands, to tens of thousands people deep.

No, businesses do not simply handle your information in the manner prescribed through their verbose privacy policies. And people are the bane of privacy rights.

Nothing about our privacy is simple, and company policies are anything but user friendly. Intended to explain the companies’ responsibility of use and ultimately relieve them of misuse, privacy policies are akin to the danger of a wolf in sheep’s clothing – and we are Little Red Riding Hood.

Particularly mystifying is the extended use of your data by third parties … who are these mysterious “users” of your life’s DNA? The initial company to which you provide information is merely the tip of the iceberg endangering your data.

Your information passes through many hands (and computers) for every item you buy, doctor you visit, repair service performed, and subscriptions to everything from magazines to social networking sites.

We often only hear about data breaches when a public company is “hacked.” So is hacking responsible for most of it? Not even.

What is ignored regarding privacy statements, is companies are not robots. They are comprised of people (at least most, for another few years) – individuals with human foibles and various, sometimes nefarious, motives towards others, while handling sensitive data.

A June 2013 Techs Trick World article by Atish Ranjan, made the connection. “Many companies spend a lot of money trying to protect data from hackers. However, they sometimes ignore the threat of data breaches posed by their own employees.”

Consider that EVERY institution that collects personal information employs people who often may not have any sort of character blemish, at hiring. However, bills pile up, an illness ensues, or any number of life scenarios could cause a normally honest and upright employee to become careless, or even barter private data for dollars.

Companies are people … people are unpredictable … and your personal information is at an all-time, wildfire-hot high risk.

One company to which I subscribe for a service included this privacy policy disclaimer (in part): We may share your information with third parties … These providers are required to keep [our] member information confidential, and to use the information only to offer the contracted products or services to [our] members. (Red font color is mine, for emphasis.)

Do the providers swear on a stack of Bibles to do so? Do their employees? “Goldman Sachs Group Inc warned customers of a data breach that occurred [sic] when an outside contractor emailed confidential client data to a stranger's Gmail account by mistake.” (Privacy Rights)

More of the disclaimer: We may share your information with companies we hire to provide certain administrative services such as processing address labels, managing databases and sending mailings.

Notice the plural “third parties,” above. How many? One? Three? Ten? Likely dozens, if not hundreds – for each company in which your information is held – and how many employees do they contain? Try to multiply the possibilities of where your information is going and it will boggle the average brain.

Advisen data show that reports of third-party data breaches skyrocketed to a seven-year high in 2013, after rising steadily since 2005. Slight drops in case count were observed in 2009 and 2012, but the number of reported vendor breaches as tracked by Advisen remains well above the level of just a decade ago.” (“Third-party vendor data-breach cases skyrocket”; Erin Ayers for Cyber Risk Network, May 28, 2014; the bolding is mine.)

Granted, nearly every business we deal with utilizes third party companies to handle billing and mailings. It’s our misfortune that in today’s society those tasks are no longer in-house activities, which would limit our data exposure.

Third party alliances are the norm. But what of their policies – and the people who administer them (or not)? How can we possibly monitor them? We don’t even know who they are.

Adding insult to injury we must contact the initial company(ies) to STOP the insanity of spreading our data around like a viral disease. Do you have time for that? I don’t. And according to the example company above, it could take them up to four months to make it happen.

I wish I could offer a magic action or tip that would help you protect your privacy – but we are too far into this vortex of life formed by the Internet. There is no going back. And everyone is vulnerable.

If only to provide a sense of control (however thin), I would like to see a law passed that requires we be given the opportunity to opt out of data sharing before it’s done – rather than the current after-the-fact practice – and that opting in NOT be a requirement to do business with a company.

Maybe then I could pretend the big bad wolf didn’t get all my muffins …