Defending The Kingdom

Companies that collect your data won’t act responsibly until they are financially affected by their sloppy and thoughtless privacy practices. When you get the chance, read this fascinating overview of the condition of privacy controls among US companies:

At its core, protecting privacy is an information management issue. With the cost of computer storage plummeting, companies are maintaining more and more data, for longer periods of time, at rock-bottom prices. Executives are driven by the idea that any morsel of information about customer purchases, browsing habits and preferences could someday be valuable, so they simply can’t bring themselves to erase anything. Consequently, personal information and less sensitive details exist side-by-side in the same databases, often accessible by multiple programs throughout the organization, many of which have long been forgotten. Without a complete, up-to-date inventory of what data they possess and how it is being used, which data should be segregated and which can be freely shared, many companies are making privacy breaches a foregone conclusion. (continue reading…)

Selling your phone? Consider destroying it instead. To be sure you’re not passing on sensitive information stored in your cell phone, the only remedy is to mince it with a meat hammer and dump the pieces in the garbage.

Take a look at what some are finding on second-hand cell phones:

Selling your old phone once you upgrade to a fancier model can be like handing over your diaries. All sorts of sensitive information pile up inside our cell phones, and deleting it may be more difficult than you think.

A popular practice among sellers, resetting the phone, often means sensitive information appears to have been erased. But it can be resurrected using specialized yet inexpensive software found on the Internet. (continue reading…)

Wired News has a list of ten privacy screwups that made the world cringe.

America Online fired two employees and its chief technology officer because of the release of user search data earlier this month, says the New York Times:

‘This incident took place because some employees did not exercise good judgment or review their proposal with our privacy team,’ Miller said in a second memo. ‘We are taking appropriate action with the employees who were responsible.’

Accountability is a good thing when it comes to enforcing privacy requirements in any organization, and AOL seems to be taking it seriously. The company is taking several steps to ensure that this never happens again, such as keeping tighter controls on employee access to data, educating employees about privacy issues, and reviewing data retention and privacy policies.

I hope other companies that harbour large collections of user data are paying close attention. Then again, AOL didn’t take the hint from privacy fiascos that came before it (for example, it has been just over a year since ChoicePoint, a company that gathers and sells data about consumers, announced that it gave up sensitive information on more than 160,000 people to criminals posing as ChoicePoint customers – the media coverage on the story was extensive). (continue reading…)

The order to stop the NSA’s wiretapping operation has been stayed, although it is unclear (at least to me) for how long. Of course, the government has appealed the ruling and everyone is wondering if it will hold.

One of the Wired News Blogs reports that at least one expert is not hopeful: (continue reading…)