How to process personal data in an Organization

From the series regarding how to better protect your privacy and (personal) data if you are either a private person or a business, E-Crime Expert presented How to protect hard copy & electronic private data, Video: How to protect your offline and online privacy and What a Data Protection Officer means for an Organization.

Because of the crucial importance of personal data and private information, and continuously interest and effort in providing good advice, E-Crime Expert is presenting  today a useful good practices guide for the processing of personal data in an Organization. This guide should help an Organization follow the legal requirements and foster a positive environment with regards to their employees, clients, contractors and business partners’ private information and data.

For these reasons, when processing personal data, the following basic principles should be followed:

-LAWFULNESS OF PROCESSING

Personal data must be processed fairly and lawfully, be adequate, relevant and not excessive in relation to the purpose for which they are collected and further processed, as well as accurate.

-PROCESSING OF SPECIAL CATEGORIES OF DATA

Data concerning health may be processed, namely in case of its extension due to a maternity and/or sick leave as it is necessary to comply with the controller’s obligations in the area of employment law. Furthermore, within the staff evaluation as such, data revealing trade union membership may be collected. These data may consist of information spontaneously provided in the self-assessment, such as information about membership in a joint committees.

The processing of such data may be justified since it would be considered either necessary for the employer’s compliance with specific rights and legal obligations and/or concern data already manifestly made public by the data subject him or herself or eventually be based on a freely given, specific and

informed indication of his or her wishes (consent of the data subject).

-DATA QUALITY

a) Proportionality:

The administrative and evaluation data processed in this context must be necessary for accomplishment of the respective procedure. In this respect, the collection of the following administrative data may be considered excessive for the purpose of staff appraisal:

– nationality,

– date of birth,

– details concerning previous education and career,

– as well as contact details of previous reporting staff.

Also, the collection of medical data within the respective probation reports is deemed unnecessary for the purpose of completion of the particular procedure.

It is recommended that the reason for the extension of the probationary period (sickness, maternity or accident) is provided in a separate note and that no information about the actual diagnosis is processed within the probation procedure.

b) Accuracy:

The data processed must be accurate, and where necessary, kept up to date, whereas every reasonable step must be taken to ensure that inaccurate or incomplete data are erased or rectified.

The accuracy of the administrative data processed in this context can be ensured by the nature of the procedure itself. Part of the data is provided by the data subjects themselves (in the self-assessment, as well as the applications for certification and attestation).

Also, the yearly repetition of appraisal and promotion procedures enables to ensure that the data processed are up to date.

The accuracy of the evaluation data processed is difficult to establish due to their subjective nature. In fact, the evaluation of the staff performance constitutes largely subjective judgments by the hierarchical superiors against specified predefined criteria.

In any case, data subjects must be provided with a possibility to add their comments directly on the respective reports. In addition, data subject rights of access, rectification and/or appeal contribute to the accuracy of the data processed

-DATA RETENTION

Personal data may be kept in a form enabling the identification of data subjects for no longer than

necessary for the purposes for which they were collected or further processed. Further storage of data for historical, statistical or scientific purpose is possible in anonymous form only.

The following evaluation related documents containing personal data are being kept in personal files for:

a) career development reports,

b) probation reports,

c) promotion/re-grading decisions, as well as letters confirming the final award of the respective points,

d) certification files of successful applicants (application, training attendance and exam results),

e) attestation decisions.

Promotion, certification, attestation decisions would in principle need to be kept during the career of the member of staff, but not all related documents should be kept after a certain period.

The files of unsuccessful applicants for certification and attestation can be kept until all appeal channels have been exhausted, including the time limits for appeals before Courts.

-COMPATIBLE USE / CHANGE OF PURPOSE

Personal data should be collected for specified, explicit and legitimate purpose and not further

processed in a way incompatible with those purposes.

Processing of data collected within evaluation report for subsequent career development, promotion or re-grading, renewal of contracts, as well as follow up of individual training.

-DATA TRANSFERS

Internal transfers: Data processed within evaluation procedures are mainly transferred to recipients within the same or to other organization or subsidiary.

Such transfers have to be necessary for the legitimate performance of tasks covered by the competence of the recipient who cannot process the data for any other purpose than for which they were transmitted.

External transfers: transfers to external recipients should to be necessary for the performance of a task carried out in the organization’s interest and with the DPO’s guidance.

-RIGHTS OF DATA SUBJECTS

In principle, within the evaluation procedures, data subjects are provided with a copy of their reports and are invited to make comments on them.

They can also obtain access to all the documents in their personal file.

The rectification of the factual data processed should be possible upon request to the controller, whereas the (by nature subjective) evaluation data can be rectified within the respective appeal procedures. In any case, it should be ensured that the revised reports are being added to the personal file.

-INFORMATION TO DATA SUBJECTS

In order to ensure transparency and fairness of the processing, the following

information should be provided to data subjects:

‐ identity of the controller,

‐ purpose of the processing,

‐ data categories,

‐ whether replies to the questions are obligatory or voluntary, as well as possible consequences of failure to reply,

‐ possible data recipients,

‐ existence of rights of access, rectification and recourse

‐  legal basis of the processing,

‐ applicable data retention periods.

– this information should be provided either at the collection of data or before their collection

‐ data protection clause in the respective report form, application form or messages sent to data subjects,

‐ specific privacy statement made available on the Intranet.

-PROCESSOR

Training instructors, external auditors and members of any Examination Boards should sign a ‘confidentiality note’, concerning the storage and hosting of personal data processed within their organization.

Short “Video-surveillance” guide for an organization, if such action is needed:

– provide privacy-friendly technology

– employ consultation of staff and other stakeholders

– indicate the purposes of the surveillance

– indicate the camera locations and viewing angles

– indicate the special categories of data

– avoid or limit the access to areas under heightened expectations of privacy

– provide if the organization has covert surveillance, and the reasons for this.

– indicate the retention period

– keep a register of recordings retained beyond the retention period, register of transfers and disclosures

– indicate the access rights, security measures, transfers and disclosures

– provide who has access to recordings, registers

– provide who is in charge and who is accountable

If you need the service of an external Data protection Officer  contact: dan@e-crimeexpert.com

Any questions about Data Protection Officer can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexpert.com

Does your Organization process personal data? Does your Organization has Internal rules in regards to the processing of personal data? Would you be interested in becoming a Certified International Privacy Professional (you can find out how here)?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

What a Data Protection Officer means for an Organization

As mentioned in yesterday’s post “Video: How to protect your offline and online privacy“, E-Crime Expert is presenting today what a Data Protection Officer is, what are his/her duties, why he/she is useful in an organization, how he/she can help protect your business, clients, private information, intellectual property.

The protection of personal data and private information is important for both: individuals and Organizations. For these reasons, E-Crime Expert is presenting today what a Data Protection Officer (DPO) is, does and how he/she could protect your Organization (costs savings, legal requirements, etc).

While the American Chief Privacy Officer (CPO) has no formal or legal existence, the European DPO gets his rights from law. In Germany a DPO is mandatory, whereas companies in France, Luxemburg, Netherlands and Sweden have the choice to appoint one. In other countries there is no legal existence yet, but having an official person in charge has proven to be effective in order to solve privacy issues.

I. Usefulness for organizations and sectors


Self-regulation and the integration of supervision into normal business operations contribute effectively to the achievement of improved privacy protection. The data protection officer is an expert point of contact for the controller. He is also able to act as a contact person for people whose personal data are being processed. These individuals might be customers, employees or patients. The data protection officer increases privacy-awareness within the organization.

Reason for DPO

i. Awareness will increase when a DPO is appointed

ii. The amount of unauthorized processes will decrease dramatically

iii. “Professionals” are able to do their work more efficiently in close cooperation with DPO

iv. The corporate image will be very positive by appointing a DPO

v. By reducing “organization incidents” the cost for the DPO could be a profitable investment.

DPO offers

i. Advice, helpdesk, service, maintenance, knowledge and practical experience

ii. Document security

– Document shredders

– Archive shredders

– HDD shredding solution

iii. Post room solutions

– Folding machines and letter inserters

– Letter openers

– Paper cutters

– Other paper handling equipment

iv. Identification

-Card printers

-Access card/id card

-Accessories

v. Takes care for internal supervision of privacy data processing

vi. Is responsible for a public register with processing reports

vii. Conducts systematically research

viii. Offers privacy to data processing

ix. Security of privacy data

x. Takes care for internal and external complaint mediation

xi. Helpdesk for privacy applications

xii. Advises concerning privacy data security

xiii. Initiator of annual privacy audit

xiv. Conducts regular campaigns to improve internal privacy awareness

Duties and powers

The data protection officer should be a “natural” person. As such, a works council or committee will not be eligible for this position. The data protection officer must possess the knowledge required, i.e. a knowledge of the organization, the data processing occurring within the organization, the interests involved and, of course, a knowledge of privacy legislation. In addition to the above, the data protection officer must be reliable. This reliability is reflected in the obligation to observe secrecy and the ability to balance against each other the various interests involved and to do so from a position of independence. The data protection officer has the authority to enter various areas, investigate cases and request information and access to information.

The data protection officer’s activities will include:

• supervision
• the collection of data processing inventories
• the administration of data processing notifications
• the handling of complaints
• the preparation of annual reports
• fulfilling the formal obligations (i.e. preparing forms)
• the provision of information
• the development of internal regulations the provision of advice on technology and protection
• the DPO shall ensure that the rights and freedoms of the data subjects are unlikely to be adversely affected by the processing operations.
• the DPO shall raise awareness on data protection issues and encourage a culture of protection of personal data within his/her organizations. Controllers shall be informed of their obligations and data subjects shall be made aware of their rights.
• ensure that controllers and data subjects are informed of their rights and obligations pursuant to the EU Data Protection legislation
• training of staff members and controllers;
• making the register accessible also in electronic form as a tool to ensure transparency as regards the processing operations in place in the organization.
• the DPO give assistance to the controllers in notifying processing operations, which may also be formalized in the organization’s rules
• the DPO make recommendations for the practical improvement of data protection to the organization and advise the controller concerned on matters concerning the application of data protection provisions.
• communicating with the Data Protection Authority and discussing any issues

What skills does a Data Protection Officer need to have?

A Data Protection Officer should be able to expertly carry out his/her office. In particular, this makes it necessary for the Data Protection Officer to be familiar with methods and techniques of automated data processing and to know about the legal and business issues. A Data Protection Officer especially needs to understand the organization of the business and its roles. This includes an understanding of all specific business tasks for which personal data is processed.

Independence of the Data Protection Officer

In order for a Data Protection Officer to perform his/her duties in compliance with the law, he/she must be independent in terms of making decisions about and evaluating circumstances.

Reliability of the Data Protection Officer

In addition, only those persons may be appointed as a Data Protection Officer who exhibit the necessary reliability to carry out their office. Reliability as a concept includes the ability to work under stress and learn quickly, being loyal and conscientiousness, and having a diligent and thorough work style. The term reliability also refers to compatibility between the Data Protection Officer’s task and his/her other primary and secondary duties.

Which professions involve a conflict of interest?

Legal scholarship considers some professional groups to have a potential conflict of interest that places in doubt the independence of the Data Protection Officer and hence his/her ability to work effectively. The prevailing opinion is that members of management, owners of a company, data processing and human resources managers, and IT administrators are should not be appointed as Data protection officers. For these reasons, appointing close relatives of management and similar persons should be avoided.

Which persons can be considered for the position of an Internal Data Protection Officer?

Employees in the audit department, legal department, and organizational department can be appointed as a Data Protection Officer unless there is a conflict of interest. A director from the internal audit department and data processing audit department are generally considered suitable for the position in the literature.

Avoiding conflicts of interest by using an External Data Protection Officer

An internal conflict of interests can be avoided in practice by appointing an External Data Protection Officer.

Advantages of an external Data Protection Officer

Most companies prefer to appoint an external Data Protection Officer for reasons of liability, qualifications, employee participation, termination and costs.

Position in relation to the controller

The data protection officer should be able to perform his duties independently. Independent supervision means that the data protection officer holds a staff position, preferably allied to management within the organisation and certainly not isolated from it. The controller makes it possible for the data protection officer to perform his duties properly. The recommendations made to the controller by the data protection officer are not binding. However, the data protection officer may not be prevented from carrying out investigations. A data protection officer enjoys the same protection against dismissal as that offered to members of a works council.

Position in relation to data subjects

A data protection officer’s set of tasks may include dealing with complaints on the use of personal data. A data protection officer may provide information on data processing within a particular company or sector.

II. Sources of information of the DPO

Implementing rules are also a tool to formalize the cooperation with the DPO within the organization, notably with:

-Internal Auditor, IT services, Local Information Security Officer (LISO) may request DPO’s observations and conversely;

-the DPO should be informed / consulted before any opinion, document or internal decision on matters related to data protection provisions is adopted by his/her organization.

-the DPO should be informed when the controller receives a request for access, rectification, deletion, etc., as well as of any complaint related to data protection matters.

Role and duties of the Controllers

-every controller concerned shall be required to assist the Data Protection Officer in performing his or her duties and to give information in reply to questions

-controllers should give prior notice to the DPO of any processing operation.

-processing operations should be notified sufficiently well in advance to allow for prior checking by the DPO.

-any change in the processing implying personal data should be notified promptly to the DPO;

-controllers should cooperate with the DPO to establish the inventory of processing operations;

-where appropriate, controllers should consult the DPO on the conformity of processing operations, in particular in the event of doubt as to conformity;

-controllers should prepare notifications to the DPO for all existing processing operations which have not yet been notified;

-in case the controller outsources part(s) of the processing operations to a processor, the DPO should be informed and asked for his/her advice in this matter.

Rights of the data subject

-data subjects should be properly informed of the processing of their personal data in compliance with the EU Data Protection legislation.

If you need the service of an external Data protection Officer  contact: dan@e-crimeexpert.com

Any questions about Data Protection Officer can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexpert.com

Did you know what a DPO is? Do you work with a DPO? Are you a DPO? Would you consider hiring a DPO?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Video: How to protect your offline and online privacy

As announced in yesterday’s post How to protect hard copy & electronic private data, E-Crime Expert is presenting the video tutorial: “How to protect your offline and online privacy“.

A proper protection of your private data and personal information (online or offline) could protect you against identity theft, scams, child pornography, financial frauds, privacy intrusion or cyberthreats.

 

The hard-copy of this presentation could be downloaded here.

Tomorrow, E-Crime Expert is presenting what a Data Protection Officer is, what are his/her duties, why he/she is useful in an organization, how he/she can help protect your business, clients, private information, intellectual property.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever used any of those methods? Are you thinking to use any of them? How do you dispose of your paper mail, bank records? How do you dispose of your electronic devices and gadgets you no longer use? Do you have additional tips you would like to share?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

How to protect hard copy & electronic private data

As announced on yesterday’s post (Privacy: online versus offline), E-Crime Expert is presenting today “How to protect hard copy & electronic private data“.

A proper protection of your private data and personal information (online or offline) could protect you against identity theft, scams, child pornography, financial frauds, privacy intrusion or cyberthreats.

1. Offline

Never assume that anyone is not interested in your paper garbage, letters, etc.

Contact your credit card companies, banks and utility companies and ask them to make your accounts “paperless.” You can retrieve and pay your bills online and won’t have to deal with so much potentially dangerous paperwork. Keep a logbook of your bills to review at least once a month because you won’t have the incoming mail to trigger your memory.

If you need to use bank statements on paper, bills, etc, then use a paper shredder device to destroy them after expired or no need (I suggest to keep them for at least 6 month before destruction).

If you don’t have a paper shredder device, then try to see if any of your friends/family members have one and ask regularly to use it.

Also, you could ask for permission to use the existing paper shredder device at your working place if any available.

If they also do not have a shredder, try to buy in common with your friends, family, neighbors one and share it.

If this does not work for you, then another option is to keep your bills and papers with sensitive information and go regularly to the library, a printing shop, or bank where they may have a shredder that you can use.

Another option for those living in a house with a fireplace or outdoor fire pit, is to burn them regularly in those places, but carefully and respecting the fire bans and rules in your area.

If a standard hand-style shredder is more affordable, buy one and use to shred your sensitive documents. Distribute the strips into more than one recycling bag.

Another option can be to tear/rip them in the smallest pieces you can, by using your hands or scissors and after put them in separated paper containers/bags at different periods of time,.

Destroy the important parts of your documents. If you don’t have a shredder, just destroy the parts that identify you personally. Use scissors or a hole punch to obliterate your name, account number and credit card number before you throw the document away. Take a close look at your credit card bills; some include your card number in as many as five places, including buried within code numbers across the top or bottom. Destroy your name and address, and the account number along the bottom, of any checks and bank deposit slips-especially those free checks sent by credit card companies.

You could also soak them in a can/recipient where you could also add bleach, then drain and dispose of pulp in the trash. This would be my last choice as I encourage recycling, which can be done with shredded paper as well, but not when using this method.

Attend free and public community shred events. Just bring your old personal documents and papers that should be shredded.

Take your box of personal documents directly to the municipal recycling center and put it in the large recycling hopper. This will immediately mix your documents in with several tons of other paper, and it minimizes the risk of the middleman sorting through your papers, etc. It is a lot harder for someone to break into the facility and rummage through a giant steel container packed densely to the top with paper than it is to go through a few garbage bags.

2. Online

A large volume of electronic data is stored on computer systems and electronic media. Much of this data consists of confidential and sensitive information, including patient records, financial data, personnel records, and research information.

If you are with a company or organization that accepts donations or properly dismantles computers, electronics, or hard drives, take them there.

If you have a computer or computer equipment that you believe is beyond repair or is too old to be useful take it to a dismantling centre.

Many computer manufacturers and computer hardware manufactures also have their own recycling or trade in programs. When you buy a new computer you could perhaps trade in the old one.

All computer systems, electronic devices and electronic media should be properly cleared of sensitive data and software before being transferred from you to another seller or dismantling centre.

Computer hard drives should be cleared by using software and then be physically destroyed. Non-rewritable media, such as CDs or non-usable hard drives, should be physically destroyed (ie. scratched, broken into pieces).

Try to destroy or dismantle you hard drive, external hard drive, printer, fax, cell phone, computer, camera, web camera, GPS, laptop because all these devices have internal memory where sensitive data is still stocked even if properly deleted manually or with a software.

When you sell an old laptop or PC, try first to “format” your device and reinstall the operating system- If you are not able to do this, at least try to DELETE:

• All your photos, videos, music files, located on the following folders: Desktop or My Documents, My Music, My videos (Movies),
• Archives
• The folder that retrieves your Mail inbox on your computer
• Recent documents folder
• Downloads
• Library folder
• Data storage folder
• Maildownloads folder
• Info.plist document
• Key chain, the folder that stores your passwords on a computer
• Cookies folder
• Calendar folder
• Printer folder
• Cache folder
• Favorites folder
• Logs folder
• Web browser (Safari) folder
• Sync Services folder used for cloud computing or to sync with other devices
• Address book

Note: these folders are available on a MacBook Pro device (with Snow Leopard  OS), the order or name of the folders  may differ from computer to computer or from one operating system to another. But the principle is the same.

When you sell your used cellular phone try to do a “factory data reset” and all the information and personal settings will be removed. This is mandatory when you sell your used device.

Step 1: go to settings

Step 2: select SD&phone storage

Step 3: select Factory data reset

This should reset all your information on your phone.

Note: these folders are available on HTC Desire running on Android version 2.2. 

Tomorrow, E-Crime Expert is presenting the video tutorial: “How to protect hard copy & electronic private data“.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever used any of those methods? Are you thinking to use any of them? How do you dispose of your paper mail, bank records? How do you dispose of your electronic devices and gadgets you no longer use?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Privacy: online versus offline

Traditional commerce raises all of the same privacy issues as online commerce, but nowadays policymakers, advocates try harder to offer privacy by implementing stricter rules, communicating privacy awareness campaigns and other elements of privacy policies to online users (which is great) than have for the local grocery store or Mall. For example, what would happen if someone’s credit card information that used for a purchase in a shopping mall leaked out to unauthorized persons or hackers? Would the workers in the store notify the victim? Would they do anything to limit the damages? I am not sure. Furthermore, do we really know what kind of information is collected when we place a simple pizza order over the phone (in an offline store)? This brings up the question as to what are the risks to our information available offline in relation with the online one? This video below shows an example of serious privacy issues. The video is not real, is just an exaggeration aiming to show how serious companies take customers’ private information for their business. I am also not sure to whom I should give credit for this video as there are many copies on the Internet.

In several localities in Brussels, Belgium there is an administrative rule in place that requires the residents to deposit their garbage, which is sorted into three different colored bags (yellow, blue and white) in order to be recycled and it is placed on the sidewalk for pickup. The colors of the garbage bags represent its contents. The blue bags have cans and plastic containers, the white bags have non-recyclable garbage, and the yellow bags contain paper and cardboard. Since these garbage bags must be deposited on the sidewalk, in front of the apartment buildings where residents live and in the reach of anyone walking in these localities day and night.

What is important to note is that the yellow bags  containing paper usually have a lot of sensitive and personal information or documents such as: bills, letters from the local authorities, bank statements with full bank account numbers, IBAN, name, address and balance, cellular phone bill with detailed phone calls list, letters, post cards, pictures, subscriptions to magazines, clothing labels with size and brand, old CV or Resume, medical tests with private medical condition, prescriptions, etc. It is true that people should know how to safely dispose of these documents regardless of whether they are deposited on the street or in a less accessible garbage bin. However, not everyone owns a shredder or has the facilities to burn those sensitive documents. Furthermore, many people don’t know how to safely dispose of sensitive documents such as shredding and burning as mentioned. (Please note that there are tutorials available online on safe disposal of documents containing personal and private data). E-Crime Expert will post one soon.

Because these bags are colored and thus every citizen knows exactly what type of contents the bags contain, it makes it easy for criminals to search through yellow garbage bags for personal information. Thus, this situation increases the potential for crime to occur.

Furthermore, these garbage bags left on the street and available to anyone reach, are routinely checked by the police along with the garbage disposal staff and some civilian volunteers, in order to see if the citizens placed the correct type of items in the correct colored bags. In this case, the authorities and other civilians are out rightly accessing personal information without informing the person whose information is being looked through. They are gaining information about the person based on what they eat, what they purchase, what company they have insurance with, which bank they use and all the personal data associated with these items and documents. They are “accessing” personal information without consent, where the subject does not know what is the purpose of “accessing”, who access it, where that private information is classified or disposed. I assume that it would be fairer to send a notice to the subject and inform him/her about the purpose of their action, without violating someone’s private life and correspondence. I know that in same States from United States of America, by putting the garbage on the street means that one abandoned his/her garbage and then the police can search or seize it. In Belgium, some citizens (from those localities where this rule is in place) do not have the choice to deposit de garbage in their apartment building’s hallways in special containers, they being forced to deposit it on the street where it is considered public domain. It is not a matter of abandon but rather a matter of no choice.

Regardless that there are strict rules in place as to how the recycled materials should be disposed of, this administrative rule seems to overlook or overstep the fundamental human rights: “respect for private life” or “respect for private and family life, home and correspondence”, as outlined bellow in the Charter of Fundamental Rights of the European Union:

Article 7

Respect for private and family life

Everyone has the right to respect for his or her private and family life, home and communications”.

and

“European Convention on Human Rights

Article 8 – Right to respect for private and family life

1. Everyone has the right to respect for his private and family life, his home and his correspondence.

2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others”.

Would be appropriate to interpret this interference of the authorities along with civilians, into someone’s private correspondence (even disposed) in the name of national security, or public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others”? Some of these could apply, however there is no reason for the authorities and “civilians” to manually search each bag containing private information and especially without the person’s consent or being present during the search.

In the online world, many advocates (including myself) monitor how public authorities have access to users’ personal information (such videos, posts on Facebook, pictures, etc.), blowing the whistle when this is not done properly or in accordance to the law. But in the offline world, there doesn’t appear to be very strict monitoring of how the fundamental rights to private correspondence are respected in the European Union.

Another parallel could be when a user deletes a personal message and sends it to the “Trash” box in his email account. If an unauthorized person accesses that message even in the trash box, then he/she is called a hacker and has legal liability for hacking and intruding into a private email account. But when the citizen deposits his private information in a garbage bin “Trash” in the offline world, and one comes to check and collect that information in the name of the law or not, this is not considered intrusion or neither “hacking”, it is simply standard procedure for monitoring compliance with garbage disposal. Both intrusions could have the same devastating effects regardless of whether the personal information is in an electronic form or in hard copy.

To conclude, the point is that even if society has to pay more attention to new challenges and risks occurring in the online world (with its characteristics such as borderless, timeless, easy access, dematerialization, globalization, etc.), the old threats should never be forgotten. Focusing more on complicated issues, we may escape some simpler issues but they are just as important as the complicated ones. The most disturbing is what one could do with both offline and online information on a subject such as seen in the “Ordering a Pizza” video. In any case, people should pay equal attention to their online and offline “tracks” and ultimately to their private information.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

What do you think about online privacy versus offline one? Do you think they are the same? Do you think that the garbage on the street should be considered as abandoned? 

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Privacy: search for it and claim it!

Once again, E-Crime Expert has to post a special edition on this blog due to the importance of the discussions between policymakers and advertisers with regards to profiling and targeted advertising. Tomorrow E-Crime Expert will resume to its regular topics: awareness, educational programs.

It is evident that privacy and protection of personal data becomes increasingly important and the European regulators and data protection authorities are more and more successful in drawing the line on how online advertising, targeted advertising, tracking and profiling should or could be used by the main actors of the Digital Age (Google, Facebook, Yahoo, etc).

On September 13, 2011 Google announced that it would provide the owners of wifi residential routers the option to remove their device from a registry that Google uses to locate cell phone users. A wifi router could broadcast the location, name and identities of the portable devices connected to that particular router, which is against the EU data protection legislation.

Not just Google but Facebook too, has taken the European data protection legislation more seriously and is trying to comply with it as it recently hired several experts on public policy, lobbyists and spokesperson for the EU Institutions, those experts coming from the highest level (White House, the EU Parliament).

Further concerns are related to how consumers’ private information and personal data are protected from these commercial activities (targeted advertising, profiling). On September 14, 2011 regulatory advisers and the advertisers’ representatives (IAB) have met in Hague (Netherlands) to discuss this issue.

For both parties there are important issues at stake: the regulators are concerned about citizens’ fundamental right to data protection, the advertisers are concerned about how important profiling and targeted advertising are for their multi-billion dollar businesses.

The advertisers came with a solution, which is a do-not-track icon on the webpage where the users could either give their consent of continuing to browse without being monitored or profiled, or continue having a better online experience, tailored on their needs, in one word: profiling!

Quiz:

In the above picture, can you see where that icon/button is?

Correct answer:

After a user “successfully passed” this level and identified the icon, he/she has to read a long and technical explanation where they are presented with how much the advertisers do for their users for free, rather than how much users actually do for the advertiser by providing their most valuable resource: private/personal information, which apparently seems to be the new currency of the Digital Age.

See here:

In order to opt-out, the user should read the whole information press another opt-out icon and there again the user will be asked if he/she opts out just from Yahoo, Google or Microsoft advertising or from any other advertising companies:

Due to its size and almost camouflage-like appearance, users rarely acknowledge/see/click on this icon as demonstrated in the research done by media6degrees.com/blog (here) which states:

“To date, we’ve served almost a billion impressions that included the icon. People who see the icon click through to expand the overlay at a rate of less than 0.005%. The overall opt-out rate is 0.0001%. Of the people who clicked on the icon to expand it, 3% eventually choose to opt-out”.

Besides the fact that this icon is almost invisible or inefficient, there are problems with the websites who voluntarily adopt this icon on their pages. To date, only a few websites have adopted this icon (Google, Microsoft and Yahoo).

In the light of the EU Data Protection legislative framework, there are also problems because this icon does not meet the requirement to obtain the aforementioned informed consent as long as the user has to express the consent to opt-out of advertising and/or profiling rather than opting-in as is the case with this icon, because tracking and serving ads takes place unless people exercise the objection.

As could be seen, privacy and personal data are hot topics nowadays as the main actors: providers, advertisers and policymakers are deeply involved and trying to find a compromise between their multi-billion businesses and the citizens’ fundamental rights. However, fundamental rights should not be a matter of compromise. They are taking a step in the right direction, but the step isn’t big enough yet.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you noticed that icon on your webpage before? What do you think about the current privacy “battles” of the Digital Age? Do you feel protected on the Internet? Do you mind being profiled by default?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Facebook and private businesses: risks

During the past week this blog has presented which could be the privacy risks related to Internet usage, how cookies could monitor a user, how the employers can  use Facebook for making employment decisions, how profiling and targeted advertising could be delivered through Facebook’s Like button, what Places and Location Based Services mean for users’ privacy, and what photo tagging means.

As part of the same awareness campaign, today E-Crime Expert is presenting the associated risks of  users’ available information on Facebook in relation with private business. Digital technology providers including Facebook, generate much more data than any other kind of classic broadcasting, and as an effect, the value of that data will be extremely considerable because that information is user direct related. This blog will address the following questions arising from this are: who will collect that data (who could use it), what will the data be used for, who owns the data, who exploits the data, who is the gatekeeper and who is making money from of it?

Nonetheless that the data would be very important for advertisers, because it will allow advertisers to know precisely about demographics, gender, working fields, interests, products, preferences rather than assuming as is occurring in today’s market pools where the subject could be honest, or could just lie. By analyzing the data the answer will be as accurate as possible, because when the preferences are expressed among users (thinking that the discussion is private) they are more likely to be honest as they are confessing to people they trust such as family or friends, rather than a total stranger interviewing them on the street (I assume this depends on the individual, age, family relations, education). For example, today, marketers are assuming that if a person is rich (i.e. by consulting Forbes magazine), they would buy exclusivist goods such as very rare watches. In this case, the watch seller will send them offers, but they cannot be sure that the person, based only on his wealthy status, is interested in rare and expensive watches. Contrarily, by reading the data, one will know exactly who is a collector for rare watches, even if he is not rich, but still has a hobby in this regard. This is an example of how by reading, having access to, and collecting personal data, better-targeted advertising could be delivered. It is based on behavioral purchasing of a user who previously bought certain objects, goods, and services. The most common techniques a private business or advertiser could employ to obtain users preferences and characteristics (i.e. demographic, sex, race) is by employing behavioral advertising and targeting techniques. While employing these methods, risk regarding users’ personal data occurs as explained in the section.

The relation with Facebook is that people post their private data on this platform, even though let’s assume the data is not accessible to other users, but to the Facebook service providers. The SNS has access to the data anyways and “knows” what a particular user likes and owns, where they traveled to, and is in a relationship with. Furthermore, if a certain user, let’s presume a teenager, has a predilection for BMW cars, and this is noticed or made available to a BMW dealership by the SNS, based on this user’s posts, pictures, videos, and discussions regarding that particular brand of car, the BMW dealer will know exactly that the user has a predilection for BMW and could build a consumer relationship with him by sending catalogues, diecast cars, inviting him to BMW events, and ultimately cultivating his predilection for this brand in order to purchase it later. How is this accomplished? By monitoring the users behavior, preferences. It is not necessarily negative when a user is provided with magazines, test drives and other marketing tools regarding a certain product (i.e. BMW cars), but sometimes these marketing tools could become disturbing due to the frequency and/or quantity (when a BMW car dealer calls every month for promotional reasons). Moreover, this advertiser’s business model brings to the advertisers monetary value while users might get disturbed (as explained above). In addition, if one looks at this situation, it could be said that advertisers in collaboration with SNS are trying to provide the users/costumers with tailored products and services in order to help save users’ time and money. A closer look at this “benign” situation could show deeper, continuous and more severe implications. The problem is that the users do not always know they are monitored, and as a direct effect, their privacy could be breached because of the various hidden features the users are unaware of.

Facebook’s business model is built on behavioral advertising, providing its advertisers with all the necessary users’ information and infrastructure (Facebook platform) for economic profit.  Facebook claims under “Controlling how you Share. Advertising” field:

“We never share your personal information with our advertisers. Facebook’s ad targeting is done entirely anonymously. If advertisers select demographic targeting for their ads, Facebook automatically matches those ads to the appropriate audience. Advertisers only receive anonymous data reports”.

However, I argue that the data is not completely anonymous because the “Like” button’s technical capabilities accurately identifies where a certain user browsed, or liked and preferred (identified by his unique Facebook id connected to a Cookie):

“…If you [the Advertiser] include Open Graph tags on your Web page, your page becomes equivalent to a Facebook page. This means when a user clicks a Like button on your page, a connection is made between your page and the user. Your page will appear in the “Likes and Interests” section of the user’s profile, and you have the ability to publish updates to the user. Your page will show up in same places that Facebook pages show up around the site (e.g. search), and you can target ads to people who like your content”.

Here there would not be any problem as the user pressed the “Like” button on a certain web page, knowing that is preferences will be posted on his Facebook Wall. But in reality, as explained by Arnold Roosendaal in his recent Article, the situation is different:

“Since data about the user are sent to Facebook regardless of whether the Like button is actually clicked upon, users are often not aware of this fact. Nevertheless, the cookie contains the unique user ID and therewith facilitates the information on browsing behavior to be connected to the account. Even though the user is not involved, Facebook can collect far more individual data then the data made available on the profile page only”.

This means that even though the “Like” button is not clicked, Facebook is notified (through the Cookie) which user visited a certain website. Facebook claims to keep its users’ data anonymous and just for statistical purposes, but also the user is not notified (by Facebook) that his visit on a particular website was acknowledged by Facebook in order to register that user’s behavior and web browsing habits. Contrarily, when the user voluntarily clicks the “Like” button, the advertiser is notified and the user is notified as well (on his Facebook Wall). The advertiser is provided with the information that a certain user (based on his unique Facebook ID), visited and liked his website or product on his website. Therefore, by legitimately knowing the visitor’s Facebook ID, one could have (less legitimate) access to more data than just the user’s name (searching a username or Facebook ID using https://graph.facebook.com, advertisers could get more users’ personal information than the anonymous information for statistical purpose).

To conclude, the users’ preferences are very important to advertiser for their business as they pay Facebook to find out who visited their website, when they visited, how much time they spent on their website and what they liked (i.e. the “Like” button). The issue is that users are assured (i.e. Facebook terms and conditions above) that their information is made available anonymously, which is not true because an advertiser that has a “Like” button on his website, is informed about who visited his website (i.e. the advertiser is provided the user’s ID assigned to his individual cookie), and by having access to his user ID, other private information could be obtained regarding that user (i.e. gender, location, name just to name few) which is far from being anonymous data.

Any questions can be submitted to:

dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Did you know this? Have you received unwanted advertising while using your Facebook account? Have you received specific adrevtising taillord on your exact needs/interests? Would you be interested in checking the new Facebook privacy settings?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Photo tagging

E-Crime Expert is presenting today the privacy risks that might occur from phototagging. During the last couple of days, E-Crime Expert presented what “cookies” are, how Like button works, what Places and LBS means.

By photo tagging, anyone can add the name, email address and location to an uploaded Facebook picture. If the person to whom that tagging refers to is a member of the Facebook community, he can acknowledge the tagging. If he is a member of the person’s “friend’s list” who tagged the picture, he can remove the tag. However, if the tagged person does not have a Facebook account, he will not know if and when he was tagged in someone else’s pictures. Of course, in the offline environment, people take pictures with their camera and maybe share them among their friends or families. However, the exposure, publicity, and global availability occurring through the identification of someone, or naming someone in a “500 million-person” community are different. For example, an unflattering picture could be taken of someone and be uploaded on Facebook, be tagged with the private information of the subject (name, sex, contact), and be exposed to family, partners, employers, children, etc. without their consent or awareness. It could be the case that even if someone uploads a picture of another person without tagging her name or contact details, it could bring as much harm as in a situation where full disclosure is provided.

Technically, after a picture is tagged, that picture will appear on the users personal profile and on the tagged friends’ profile as well. Furthermore, the tagged user in theory has his profile accessible just by his friends list. However, one of his friends has his profile accessible by friends of friends or even worse, by anyone on Facebook. In that case, the tagged friend is not just “visible” to his friends, but also to other users (i.e. friends of friends) that he may not know personally. Would that be this user’s preference that his personal picture be viewed by total strangers or by anyone on Facebook? What about his current employer, which could see that while, he was gone to a job-related Conference, he also spent his working time on the ski resort (the tagged picture “reveals” the user on the ski resort, skiing, for example)?

According to Michele Bezzi: “The user that uploads the photo and the one that adds the tag to it, shall base their actions on a legitimate ground, such as the consent of the person concerned.”

They are identifying here two types of possible problems: one the action of uploading someone’s picture without his consent and the second, the action of tagging someone’s picture without consent. A third problem could also occur, composed of the combination of the previous two such as: to upload and tag someone’s picture without his consent.

For Facebook, this should not be a privacy issue regarding its users, according to its vision statement made on January 19, 2010, the “friend’s list” with their friends’ photo albums is public information and does not fall under any privacy regulatory measures. I argue about this because in many law cases involving paparazzi taking pictures of celebrities, the judges had to consider if the subject is a public figure or not and if the photo was taken in a public space and if someone is entitled to publish them or not. In the case of a ordinary person which has casual pictures on Facebook, based on the precedent European Court of Human Rights rulings regarding the right to private life, if someone expressly required those pictures to be removed, then they should be removed because posting those pictures is an intrusion into someone else’s private life. By posting someone’s private pictures on Facebook, which is a medium for information to be made public, it is an intrusion in his private life.

Any questions can be submitted to:
dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Do you use photo-tagging? Have you ever been tagged in a photo? Would you be interested in checking the new Facebook privacy settings?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Places and Location Based Services (LBS)

After yesterday’s post on Facebook “Like” button, today’s post continues to present some of Facebook’s features that might put at risk your personal data and private information if no proper privacy settings are done to your Facebook account. Here you can find out how to adjust your Facebook privacy settings.

Regarding users’ personal information and privacy this blog shows how even applications designed by the SNS provider, in this case Facebook, can access users’ private information.

A contested application provided by Facebook itself is called: Facebook Places. According to Facebook Help Center:

“Places” is a Facebook mobile application that allows you to see where your friends are and share your physical location. You can check in to nearby Places to tell your friends where you are, tag your friends in the Places you visit, and view comments your friends have made about the Places you visit. Use “Places” to experience Facebook in a completely new way by connecting with your friends in the real world”.

Facebook Places application shows the geographical position where a certain place is located. Another feature allows the user’s friend’s to check him in with that particular location and the history of the user’s friends who visited that particular place during the time. For example, if the chosen Place will be the Eiffel Tower in Paris, additional information will be provided such as: exact location, tourist information, hours of operation, along with personal comments of friends that visited it in the past, similar to Trip Advisor reviews.

LBS means the delivery of a particular service/information based on a certain location. The location of the user is given by the location of his portable device (e.g. smartphone), and could mainly be determined by: GPS (built into the smartphone), which compares the timing of radio signals from satellites in space, by triangulation, which means the collection of directional signals from cell phone towers and/or through wi-fi local area networks, which track high-frequency radio signals from transmitters (smartphones).

It is uncontestable that a user can get useful information through LBS such as the weather forecast, the nearest restaurant, gas station, public transportation, news, tourist information and reviews, but the point Tony Dyhouse (cyber security director of the UK Digital Systems Knowledge Transfer Network) makes is that together users and providers should use them responsibly and most notably, the providers should know better how this applications works and which are the flaws or risks.  Users are not all educated about the technical functionality nor are they proficient in application development and usage. Thus they are more likely to not foresee and also disregard the potential risks (i.e. to be localized in a certain geographical area, location, place without his acknowledgment), which might occur for using a certain application.

Getting back to Places application, Graham Cluley, senior technology consultant at Sophos, declared for SC Magazine the following:

“This is one of the growth areas and it is beginning to gain momentum. We have seen documented cases of people who posted statuses of where they were and then got robbed, while there are cases of physical violence.”

In other words, by reading the Places post on Facebook, someone knows that the subject is on the French Riviera and his house in Brussels is unattended, and this would be a great opportunity for someone (who knows where the subject lives) to break into and take all the goods from the house. Another important aspect is the difference between someone who voluntarily updates his position as being on French Riviera, and someone who is signed in by a friend as being in a particular position/location without his acknowledgment. In practice, user X updates through Facebook Places that he is on French Riviera with friend Y, which could be the truth or sometimes could not be true. The person, who is involuntarily signed up as being in that location, might physically be there but also might not want his parents to know this fact. Furthermore, when the signed-up person is not even being physically there but someone made a bad joke or did it for another purpose, it could have negative effects (for example, his house could get broken in). This danger was also pointed out by Tony Dyhouse, Cyber Security Director of the UK Digital Systems Knowledge Transfer Network, who said:

“Location-based services have done a lot to improve our lives but people need to treat applications like Facebook Places with care. It’s important to realize what criminals can glean from where you are not”.

Furthermore, Tony Dyhouse’s personal concerns proves this application’s design flaws: “My main concern here is that the default setting for the location application will be ‘on’ – people need to be aware of the potential privacy risks associated with this.” Instead being delivered turned “on” as a default setting, the Facebook Places application could come turned “off” and the user could be informed and educated regarding how to use this application. From the SNS provider or developer’s perspective, these applications should be monetized somehow in order to sustain their development and keep the business rolling. Also by knowing where users frequently go, what they like, use and do, better-targeted advertising could be delivered through the SNS provider as a distribution platform, which nonetheless has a monetary value.

 Any questions can be submitted to:

dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever used Place? Have you ever used LBS? Would you be interested in checking the new Facebook privacy settings?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Profiling and targeted advertising: Like button

Yesterday, E-Crime Expert presented a special edition on this blog regarding The Privacy Platform: “The Transatlantic Dimension of Data Protection“.   You can read this post here.

Today, E-Crime Expert is resuming to its favorite posts and activities such as offering awareness to the Internet users thorough individual and particular post entries on the most current privacy topics and also providing concrete examples and explanations.

Following a series of several recent posts (Cookie monitoring?! No way…just a “coincidence“, Privacy and the Internet), this post presents in more depth how the users can be profiled and served a very specific targeted advertising. Sometimes the users do not know that they were being monitored and also do not have the opportunity to express their acceptance or to decline being part of a market study. It is uncomfortable for a person to be “watched” without acknowledgment or consent. Furthermore, the advertising delivered based on a user’s profiling and monitoring could be abusive and annoying through frequency and content. Moreover, if a public or enforcement authority wants to start profiling users on Facebook, they can because they have access to users’ private profiles (i.e. befriending someone on Facebook under a different name, etc, or simply through the friends of friends relationship). This could have a negative effect as prosecution already occurred based on other personal data (videos and pictures) displayed on YouTube. Public authorities can monitor and profile users based on their Facebook Groups subscription or visited pages such as “Motorbike enthusiasts and “Liked” websites (i.e. motorbike enthusiasts website). If a user’s connections on a Motorbike Facebook page are determined (based on the social relations and information exchanged among his friends list), from here links and relations to other users subscribed to that particular Facebook page could be retrieved along with possible videos or pictures as explained above. Another concerning issue is that by profiling, someone has real possibilities to capture the user’s real data, information and preferences. A user may be unaware whether their personal data is kept confidential, or by whom it is used, aggregated or stored. Nonetheless, the privacy issues should be addressed as well since this profiling method involves observation, monitoring, filing and data processing with automatic means.Profiling could be useful to determine what role a user has in regards to an activity the user is engaged in, and also her relationship with other users among a group. For example, by profiling a Facebook page and establishing by a users’ geographical group that: he is located in Guadalajara, Mexico (i.e. located in the south of Mexico with a temperate climate), likes swimming, and is part of a certain age group, a swimming gear company would know what to sell him or what are his needs. A company selling winter gear would not send someone with this profile advertising for its products.

A recent personal experiment (following the lecture of an Article) proved that personal data such as at least Facebook unique ID number, geographical location and sex, could be retrieved from any user on Facebook regardless if you befriended him or he is a stranger. On the web browser one could type: https://graph.facebook.com/ (the name of the person they are looking up for, in my case: danmanolescu.) and the result can be seen in the Figure 1.

 

 

 

 

 

 

 

Figure 1

One could come and say: it is normal as you searched your name while being logged on your account and this is why the information has been provided. This is not quite true. A second experiment revealed the same information regarding an unknown Facebook user by typing: https://graph.facebook.com/joedoe as can be seen in Figure 2. Please note that user’s whose personal data was revealed only as an demonstrative purpose.

 

 

 

 

 

 

 

 

Figure 2

If someone as me with average computing skills could retrieve such data (which for me still represents personal data), people with advanced computer skills such as developers could retrieve much more data from Facebook, regarding their users than was done in these two experiments. The data they retrieve could later be used for behavioral advertising, targeted advertising, profiling, and other commercial purposes. The method explained above is available and also explained on Facebook’s website, under the Facebook Developers’ dedicated page. Moreover, according to Facebook, the user identification is associated to a dedicated Cookie. This means that because Facebook always assigns a Cookie to its users (and also to any object on Facebook such as pictures) in order to deliver its service to them, that particular cookie “follows” the user everywhere he goes, and even which websites he visits if it has a Facebook “Like” button. As explained on the Facebook website (i.e. Query Language FQL Cookies), developers also have access to the user’s unique ID and they could also track down the browsing history: sites a user has visited and” liked” by retrieving information from the user’s individual Cookie connected to their unique ID. In this case, not just Facebook, but developers too, could track user’s behavior and preferences, which could be later used for targeted advertising and profiling.

A most recent study of Mr. Arnold Roosendaal, a PhD candidate and research fellow with Tilburg Institute for Law Society and Technology, presented and demonstrated how the Facebook “Like” button (an application which is available on many websites affiliated or non-affiliated to Facebook having as purpose to bring traffic to those websites), it is heavily used to collect users’ private data, browsing history and behavior, without the user’s acknowledgment. The user’s collected data is linked to his Facebook ID, making everyone on Facebook precisely identifiable (beyond the information publicly available under his Facebook profile). The privacy issues occur as pointed out in the article by the author, like this: “First of all, the data collection takes place without the individual web users being aware. As a result, there cannot be consent for the data collection”.

Regarding the collected personal data by third party Advertisers, risks such data security vulnerability can occur. From the security vulnerability perspective, identity theft for example could be performed if the personal data (user’s name, address, phone number, which could be later used for opening a bank account, credit application or obtaining a driver license) get stolen from unauthorized third parties (i.e. Advertisers), which improperly store the data.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever felt profiled? Have you ever fel as a target for advertisers? Would you be interested in checking the new Facebook privacy settings?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.