UD Celebrates Data Privacy Day on Jan. 28
The University of Delaware, alongside more than 300 other organizations worldwide, will be celebrating Data Privacy Day on Sunday, Jan. 28. Data Privacy Day is an annual, international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust.
Awareness of data privacy is crucial in a world where data is constantly being collected and distributed among people, devices and services. People voluntarily share their personal data through social media accounts, rewards programs and other applications, often without considering how that information may be re-shared or used. For example, many people list their birthday, address and other personal information on their profile pages, but leave this information publicly available rather than limiting it to their friends and family. In extreme cases, a hacker could trawl someone’s profiles for information that could be used to answer security questions (the name of their high school or pet) or craft a spear phishing message tailored to their victim.
For the sake of convenience, many people link their social media accounts to other applications to avoid creating new accounts and passwords. But the convenience comes with risk. Many of these apps will demand access to the contacts, biographic data, posts, photos, and other information in the linked profile, not all of which may be necessary. And if one account gets hacked, it’s possible that the linked accounts could also be compromised.
Especially now, in the era of smart devices, there are plenty of new ways your data can be gathered and shared.
In early December, the Commission Nationale Informatique et Libertes, a French data privacy watchdog, warned customers against purchasing a smart doll that had serious security vulnerabilities. The doll and its corresponding smartphone app could be hacked to record conversations from up to nine feet away as well as make the doll to speak back to the child with off-script messages. Conversations containing names, addresses, and other private information were sent to and stored in the cloud and were accessible to hackers.
With these kinds of stories circulating, people can end up feeling like their data is never safe. Often, people believe they have very little control over their data and that they have neither the time nor the resources to protect themselves. Some may even believe that maintaining privacy is futile in a time where data breaches are inevitable.
“There’s a phenomenon called ‘data breach fatigue’. A few years ago, a major company like Home Depot or TJ Maxx would have a breach and it would be a big deal on the news. Now, we hear about it all the time and people just consider it a normal aspect of business,” said John D’Arcy, professor in Management Information Systems.
Half of the battle in protecting personal data is being aware of threats. Ultimately, people have control over how their personal information is collected and shared.
Despite a general public tendency towards “data breach fatigue”, UD students are demonstrating greater awareness of personal privacy and online security.
“The awareness trend among students is very positive,” observes Starnes Walker, founder of the UD Cybersecurity Initiative — a partnership between UD, federal, state and private sector organizations that helps address the growing need for cybersecurity research and a security-literate workforce. “There is is always something happening in the world: breaches of data, loss of personally identifiable information, credit card theft—each of these things are given a high visibility for students to say, ‘I need to know something about this no matter what career I take.’”
According to Walker, protecting personal information just takes a little bit of common sense.
“Breaches and other security incidents are the result of not updating operating systems, not practicing good cyber hygiene, and clicking on things you shouldn’t have,” Walker explains.
Data privacy boils down to common sense. Most people would be skeptical if a stranger came up to them and asked for their name, address, date of birth, and Social Security number. The trick is to exercise the same skepticism for companies, social networks, and smart products.
Ideally, says D’Arcy, people refine and rely on this instinct to produce an “automatic response to deal with the threat. They don’t have to stop and make a conscious decision.”
Here are a few tips for protecting personal data:
- Check the privacy and sharing settings on social media accounts. Make sure that posts, pictures, and the personal information are visible only to the intended audience.
- Understand how companies will use data. AI assistants, smart toys, social media, and rewards programs all collect data. Understand what they’ll do with it before agreeing to give it to them.
- Don’t give out personal information unless absolutely necessary. The best way to protect personal information is to be selective about why, when, how, and with whom it is shared.
Additional resources for protecting your personal data on social media, e-commerce websites and browsers are available at Stay Safe Online.
Data Privacy Day began in 2008 and was founded by The National Cyber Security Alliance (NCSA), who also leads the annual National Cyber Security Awareness Month in October.