The Personalization Conundrum (Part 2): How Can the Public Reclaim Control of its Data?

[Please see Part 1 of Wendy Glavin’s examination of The Personalization Conundrum: Balancing Consumer Data Use while Building Trust]

Many consumers who are non-techies feel a sense of fear, misunderstanding or indifference about their data and are reluctant to change behaviors.

Passively waiting for the government, companies, and associations to enforce new rules and regulations will take time, however, and there are simple adjustments that people can make to better protect their online and offline use of data.

The amount of data that can be accessed, correlated, and monetized is reaching a critical mass, and, as businesses realize the value of this personal data, so, too, have consumers. A key theme throughout 2019 will likely be a debate around the extent to which people have a right to their own data, how information about them is captured and when and where, and who gets to profit from that data. – SnapLogic, February 2019.

Companies Sell Our Data Without Asking for Permission

Privacy International discovered that 61 percent of apps automatically transfer data to Facebook the moment a user opens the mobile app. Privacy International looked at 34 different apps on Android, such as TripAdvisor and Kayak.The installed base for each of these apps ranged from 10 to 500 million. Of these 34 apps, 20 of them transmitted personal data to Facebook FB without explicit user consent. – CPO Magazine – January 2019.

Commonly used weather apps such as the Weather Channel, Weather Forecast, World Weather Accurate Radar, Accuweather and others not only obtain users’ permission to access their location but also to share and sell the information.

The Los Angeles city attorney’s office is suing the Weather Channel, claiming it collects, shares and sells users’ location data without their content. The lawsuit claims this data has been collected and sold for years under the guise that it’s being used to personalize forecasts.

“Location information can reveal some of the most intimate details of a person’s life — whether you’ve visited a psychiatrist, whether you went to an A.A. meeting, who you might date,” said Senator Ron Wyden (D-OR), Ranking Member of the Senate Finance Committee, who has proposed bills to limit the collection and sale of such data, which are largely unregulated in the United States. “It’s not right to have consumers kept in the dark about how their data is sold and shared and then leave them unable to do anything about it.”

Cell phone carriers also still sell and sharing their customers’ data. In 2018, AT&T T, Verizon VZ, T-Mobile TMUS, and Sprint S, four of the largest U.S. cell carriers, were caught selling and sending real-time location data of their customers to shady companies that then resold the data to big spenders who would use the data to track anyone “within seconds” for whatever reason they wanted.

Senator Wyden said, “Carriers selling customer location data is a nightmare for national security and the personal safety of anyone with a phone. And yet there’s no way to opt out — shy of a legislative fix — given that two-thirds of the U.S. population aren’t going to switch to a carrier that doesn’t sell your location data.”

“It turns out, you really can’t trust your cell carrier. Who knew?” — TechCrunch, January 2019.

Facebook enables users to target Custom Audiences for location, gender, employment status, interests and more. People can pay small fees to create ads. Advertisers pay huge dollars to custom-target audiences.

In December 2018, The New York Times discovered that Facebook shared its user data such as friends’ names, contact information and private messages with companies such as Spotify, Amazon AMZN, Netflix NFLX, Yahoo and Microsoft’s Bing MSFT.

What Steps Should the Public Take to Stop Companies from Sharing their Data?

Uninstall Apps You Don’t Use

Last weekend, I received continuous pop-ups on my laptop and called Apple AAPL Support for help. Upon screen-sharing, the customer rep determined I needed to download the latest operating system. My computer didn’t have enough hard drive space, however, and it took hours to delete old applications, photos and documents. After upgrading my computer, it ran much faster.

Next, I have to make the necessary enhancements to my smartphone. Despite the hassle and minimal expense, it’s a fairly simple fix. Also, I need to examine pre-existing settings, which may, by default, share unwanted personal data with the app creator, a wireless carrier or another party altogether.

Don’t Use the Same Passwords

It can be tough and a hassle to remember many different passwords, but having different passwords for each site, making them more complicated and changing them frequently will better ensure your data privacy. Don’t choose words that relate to what you search for online. An obvious example is if you’re a sports fan, don’t use your favorite team.

Many experts suggest using a password manager, which are programs that keep your log-in details in an online safety deposit box, but The Washington Post recently reported, “A new study has identified security flaws in five of the most popular password managers.” Now for some counterintuitive advice: I still think you should use a password manager. They’re critical tools for staying safe, because the No.1 most annoying thing about the Internet – passwords – leads people to make the No.1 security mistake – reusing passwords.

The article suggests, “Make yourself not worth hacking by: Updating software religiously, check computer malware, be cautious about installing software from places other than Microsoft, Apple and Google GOOGL, be cautious about pop-ups, and don’t store bitcoin private keys in password managers.”

Use Two-Factor (2FA) Authentication

The site, Have I Been Pwned enables you to safely check if your email address has been breached, and Pwned Passwords does the same with your passwords and helps you create stronger ones.

Answering detailed security questions and obtaining a secondary code helps prevent data breaches on websites. Typical questions including your mother’s maiden name and previous addresses may be less secure, however, so devise more complicated Q & A’s.

Don’t Use Unsecure Public Wi-Fi

When you’re out of the office or away from home, be careful about using public Wi-Fi. Often, doctor’s offices, restaurants, retail stores and airports are unsecure. Use websites that have HTTPS in the address which encrypts your information. Google Chrome shows you when sites are encrypted with HTTP rather than, “Not Secure.” Ensure that sites don’t have mistaken names. Typing the site’s URL into the search bar will help avoid clicking unsecure links.

If you absolutely must connect with public Wi-Fi, install a VPN or Virtual Private Network client which encrypts your data from laptops or phones and connects with a secure server.

Beware of Phishing Schemes

Phishing is a method of trying to gather personal information using deceptive e-mails, phone calls and websites. Examples include calls purportedly from the Social Security Office that say your SSN has been deleted. When this happened to me, I called the Social Security Administration, which referenced a known scam and asked me to report the cell number that called me.

Perhaps you’ve received emails that say, “Restart Your Membership from Netflix,” a bank notification saying that you have failed many login attempts or a notification about a UPS package delivery when you didn’t order anything. Do you respond automatically without examining the email and associated links? It’s important to be vigilant and think before you participate in and, in fact, enable what could be a security threat.

“Pretty much any data from personal information and bank details to email addresses and passwords can be attractive to cyber attackers,” according to ZDNet in February 2019. “They could take this information and sell it to others on the dark web. Strategies and hacking techniques that may have once required specialist expertise are now sold in easy-to-use bundles, complete with tutorials for the non-tech savvy.”

Maya Horowtiz, director of threat intelligence and research at security company Check Point Software, told ZDNet, “There’s an entire as-a-service ecosystem and it’s really everywhere. It started as malware as-a-service, but now there’s also phishing as-a-service, exploit kits as-a-service, botnets as-a-service. Anyone can mix-and-match their own attacks, almost without knowing anything.”

There are many other ways to protect your identity. Read books like Cyber Smart by Bart R. McDonough, which offers an in-depth discussion about the risks and methods that attackers use and recommendations to protect you, your family and your money. Other recommendations include, Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World, by Marcus J. Carey and Jennifer Jin, and Next Level Cybersecurity: Detect the Signals by Sai Huda. There are also numerous articles for C-Suite executives, technologists and the public to read on issues that will help you use products and services more safely that fit your lifestyle across a wide range of industry sectors.

Don’t Provide Personal Information to Social Media Sites

In the past, we didn’t think a lot about what we posted or said on social media. If you do a Google search on yourself, you may be surprised by what comes up. Often, your home address, family member’s names, blogs, social media posts, your age, and other sensitive information are all just a click away for anyone who’s looking.

Dating sites are huge targets for scammers who “catfish” for information, i.e., create a fake identity by copying someone else, such as a known figure, in order to earn someone else’s trust or gather personal data.Also, people try to connect on Facebook or Instagram for dates with newly created profiles and no friends. Other typical scams involve getting people to leave the anonymity of dating sites and communicate offline by providing a phone number or e-mail address.

On February 22, 2019, ABC aired, “The Deadly Ride,” about an Uber driver’s murderous shooting rampage in Michigan. Correspondents warned there are inherent safety issues with ridesharing and getting into a car with a stranger. Similarly, when we’re online, we’re often communicating with unknown people or visiting unsecure sites.

NPR recently published, “Ever Regretted Your Online Behavior? We Want to Hear from You” for an upcoming story. Respond by filling out the form: NPR Social Media Project

“Today, data is currency. Anyone who can sell it, leverage it, or manipulate it has power,” says Paul Kurnit, Clinical Professor of Marketing at Lubin School of Business at Pace University. “Power to influence people’s points of view, swing an election, or even topple a government. Following a momentary gasp and a brief stock slide, most people still use Facebook.

Privacy for many is a nice idea, but not a mandatory protection – until their paycheck is hacked or their identity stolen. It’s past time for social media to be reined in with real and readily transparent privacy standards to protect users.”

It’s both our right and responsibility to defend our privacy and security online and offline. Technology offers huge benefits and has changed our behaviors. Rather than feeling helpless, read and learn about what’s happening in the world of cybersecurity. After doing my own research, I learned a lot. All it takes is curiosity, research and a willingness to learn.

Hopefully, this information will make you think twice about what you provide. You’ve probably heard that once it’s on the internet, it doesn’t disappear. If we provide phone numbers, addresses, social media comments, credit card information, it’s critical to know who’s asking for it and why. Take the time to read through companies’ full privacy agreements before clicking yes. And don’t forget to educate your children about the risks and benefits. That’s your responsibility, too. Think twice, before becoming the next victim of hacking.