Tuesday, September 25, 2018
Until recently, I thought I was a pretty private person who minded my own business and foolishly believed that no one was really interested in my private life. To paraphrase Bob Dylan, you learn that privacy is something you can sell or give away, but you cannot buy back or retrieve. Today’s world seems not to take privacy very seriously. Loss of privacy worries me. The level of intrusiveness that loss of privacy can lead to was brought to light recently in case I was handling. But before I get to the case, I want to provide a bit of background.
In 1974, Congress passed the Privacy Act (5 USC S552 a). In summary, it provides some protections for citizen privacy when the government obtains personal data. It also created 12 exceptions to the meagre protections it offered. Since then, there have been additional exceptions added, most notably for the Homeland Security agency in the form of Passenger Name Records (PNR) and the Arrival and Departure Information System (AIDS). There are other examples too numerous to review. The government threat of abuse is real and as Ben Franklin said: “They who give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” Recall, if you will, the breach of privacy of thousands of Government employees that occurred in 2017.
In addition to the risk of loss of privacy by the government is the risk posed by the private sector. In light of the Equifax breach one year ago, 145,000,000 people’s data history was put in jeopardy. The news cycle was hot for about a week; the Senate said it had to do something (although nothing has been done). The consumer protection board has also done nothing. A year later, the public at risk seems to be in a coma about breaches of privacy. Some writers call this “breach Fatigue” due to the frequency of incidences. Even the recent US Census Bureau survey indicates that fewer people are concerned about loss of privacy today than 3 years ago.
The European Union and the states of Colorado and California amongst other have enacted privacy laws to protect individuals from not only government but also from predatory businesses trying to capitalize on “Big Data” or, more pertinently your personal data. In general, personal data is any data that can be used to identify you. The state enacted privacy laws are a step in the right direction but fall way short of the goal of actual protection of personal data.
Part of my concern stems from the indiscriminate use of social media, like Twitter and Facebook, which leaves trails of information back to the individual. Posting pictures on Facebook is the groundwork for digital facial recognition that may have all kinds of consequences. Or think about your use of LinkedIn where you provide your resume of life details including your employment record. It is not only social media that is concerning. Credit card companies now have data on where you are, where you are traveling to, your buying preferences and how much you spend on a monthly basis.
As a result of the various recently enacted state statutes, business must now adopt policies and procedures that “safeguard” the personal information they collect intentionally or unintentionally. They must also report leaks or breaches of security in a timely manner. As an example of this new requirement for business, a multinational heavy equipment manufacturer has, over the years, collected personally identifiable information about the maintenance people who would maintain their equipment for their customers. The manufacturer did so to align their warranty programs with the proper persons on the customer’s side. The manufacturer had no real interest in who these people were, but they must now adopt robust policies and procedures to protect the privacy of those people.
In the case I previously mentioned, I was retained to collect an overdue account. I went to my standard sources and found the incorporators of the business, its standing with the Secretary of State and the address of the business. I checked the business Facebook and LinkedIn pages where I found a bit more information on the owners. The icing on the cake, however, was a search service. For $29.95 and in less than one hour, I was able to do a criminal records search, a property ownership search including liens, which led to a form of credit search, nearest relatives and their addresses, litigation history, judgments and outstanding warrants. The debtor is a small mom and pop business and what I have learned, all derives from public record. These poor people, I suspect, would be aghast at what is of record, their record, in advance of any litigation without their knowledge or consent.
I am also appalled at the false sense of security peddled by companies that claim that they can protect your credit card and bank account, or at least notify you when there is a breach. They essential do what I did and check some internet traffic on the web for a lot more than $29.95.
So much for privacy.
Do you have a data privacy story?