Archive

Posts Tagged ‘Personally identifiable information’

Teaching Kids About Identity Theft

May 13, 2013 5 comments

Today, E-Crime Expert is pleased to introduce Nancy Parker, who is a freelance writer which loves writing articles on opinions and social awareness. Nancy is a frequent contributor for http://www.enannysource.com.

According to Julie Myhre*:

Identity theft occurs when someone gets a hold of someone else’s personal information and poses as that person or uses that information to create their own fake identity. This information can be a full name, social security number or a bank account number“.

For children, identity theft occurs a little differently. Child identity thieves are looking for their victim’s Social Security number. Since children don’t have any credit history, it makes it easier for thieves to use their Social Security number and a false birthday to open credit cards.

Read bellow this interesting interview conducted by Michelle LaRowe:

“Identity theft is a real problem and, sadly, children are not exempt from having their identities stolen. Recently, I connected with Julie Myhre, who covers identity theft for NextAdvisor.com, and here is what she had to say.

eNannySource: How does identity theft happen?

Julie: Identity theft occurs when someone gets a hold of someone else’s personal information and poses as that person or uses that information to create their own fake identity. This information can be a full name, social security number or a bank account number. It’s usually easier for identity thieves to get information about an adult because adults have a lot of personal information about them; however, it is important to also remember that children can be victims of identity theft too. There are a lot of different ways that adults can be hacked; some of these include not having privacy settings on social media, clicking on phishing emails or pop-ups, losing a wallet, throwing away documents that contain personal information, and ATM or credit card skimming, among others.

For children, identity theft occurs a little differently. Child identity thieves are looking for their victim’s Social Security number. Since children don’t have any credit history, it makes it easier for thieves to use their Social Security number and a false birthday to open credit cards. The unfortunate part about this is that people who were victims of child identity theft don’t usually realize it until they are older and trying to apply for a credit card or loan. Thieves usually gather children’s personal information from sports team applications, school documents and any other documents that would have your child’s Social Security number on it.

eNannySource: How is it prevented?

Julie: There are a lot of different steps that you can take to prevent identity theft. One of the major ways to prevent identity theft is to sign up for an identity theft protection service. Most of these services monitor your personal information regularly and alert you if they notice any suspicious or possibly fraudulent activity. A good amount of these services also offer family plans, which will allow you to protect your whole family – including your children – from identity theft.

Some other options to prevent identity theft include shredding all documents that contain yours or your child’s personal information, checking your bank accounts and credit card statements regularly, monitoring your credit report and, lastly, knowing what you and your child post online. A lot of people don’t realize how much information they post about themselves and their family on social media. It’s fine if you want to include some personal information – such as your full name and photo – but make sure that you set your profile to private. Monitor what you and your child post on social media, and check the privacy settings regularly – at least monthly.

eNannySource: What basic things can parents teach children to avoid identity theft?

Julie: Parents should teach their children about identity theft in a similar manner that they teach them about strangers. If you think about it, it’s essentially very similar – someone you don’t know is trying to take something from you. Parents just need to teach their children that their personal information is private and they should not reveal any of it to people they don’t know. Children won’t understand the details of identity theft, so it’s important not to go into too many details. The bottom line is personal information should be kept personal, and it’s important that parents recognize that and teach it to their children.

eNannySource: What age do parents have to start worrying about identity theft?

Julie: Parents should begin to think about ways to protect their child from identity theft as soon as their child has a Social Security number.

eNannySource: Is it worth investing in some type of protection?

Julie: Yes, in most circumstances identity theft protection is worth the investment. The value of identity theft protection isn’t necessarily in the active personal information monitoring, because the reality is that people can do that part themselves. Instead, the value lies in the identity theft recovery that these services offer. In the instance that yours or your child’s identity is stolen while you’re signed up for an identity theft protection service, you are provided with all the information and tools you need to recover yours or your child’s good name. Identity theft protection services represent you when you’re dealing with the banks, credit bureaus and creditors. It lightens the load on the victim’s side and helps alleviate the nightmare of identity theft. The identity theft recovery assistance is a valuable tool to have if yours or your child’s identity is stolen.

eNannySource: What about the Internet? What are the top tips for parents of kids who use the Internet?

Julie: The most important tip that parents need to follow when their children use the Internet is to monitor what your child is doing and posting on the Internet. Have open communication with your child and make them aware that they shouldn’t be putting any personal information on the Internet – even if it’s your home address in a private message to a friend. Check in with your child and make sure these rules are being followed on all platforms, including the computer, cell phone and tablet. Check your child’s privacy settings on their phone and social media once a month to make sure the information they post on the Internet is set to private”.

*Julie Myhre is the Content Manager at NextAdvisor.com. You can review identity theft protection reviews and learn more about identity theft on the site.

To read the original post and find more about Julie, please click here.

This interesting interview nicely connects to one of E-Crime Expert‘s blog post, called: How secure is your Child’s Social Security Number?

If you have any question you could contact: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Advertisements

18 Blogs with Techniques for Preventing Identity Theft

April 30, 2013 3 comments

Our concern for privacy and information security aims to cover most of our daily life areas from IT, Social Networking Services, Online Commerce, to children or why not nannies.

For this reason, E-Crime Expert is glad to have NannyWebsites.com as a guest today.  NannyWebsites.com is the most comprehensive guide for nannies seeking advice, support and information. It helps gaining resource for nannies, nanny employers and those interested in in-home childcare on the web. You can check out their website here.

The blog post bellow is provided by NannyWebsites.com.

“Identity theft has become an increasing problem as our world shifts to being more online and mobile.  Many people feel like there is no way to keep their information safe should someone want to steal it.  Is this the case, or are there things that you can do to make your information harder to steal?  These 18 blog entries touch on what you can do to protect your identity online, at work and when you are out and about living your life.  The press is doing an admirable job of bringing scams to light so that the public can be better informed and thus better able to protect sensitive information.  To learn what you need to know to keep your personal information safe, keep reading.

Online

With more and more people shopping and banking online, keeping your information safe from thieves becomes both more important and more difficult.  Avoid common or easy to guess passwords, as many times you are making the thief’s job easier.  For more online safety tips, take a look at these six blog posts.

At Work

While your employer likely has their own security measures in place, you still need to make sure that you are keeping your personal information safe from hackers or other co-workers.  When you go to a meeting make sure that your desk and computer are locked.  Don’t get your personal e-mail on your work computer, as that information can stay in that computer, even if you delete it.  To learn more important safeguards, read these six blog articles.

Out and About

If you pay for your gas and other snacks with a credit card that you can tap and go, you may want to stop using it.  While it’s a convenient way to pay for things, it’s also an easy way for a thief to pick up the credit card number at the same time.  When you are out for dinner and you pay the bill by sending your credit card with the waiter, you may want to keep an eye on him.  Specialized equipment designed to steal credit card numbers in a hurry have been found in various restaurants.  Check out these six blog articles and learn more about identity theft scams going on today and how to avoid becoming a victim.

To read the original Article click here.

If you have any question you could contact: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Have you seen your digital footprint lately?

January 28, 2013 Leave a comment

Today, E-Crime Expert is featuring a very ineteresting article on digital footprint, provided by the Internet Society. This Article also provides three interactive tutorials developed by the Internet Society to educate users about online identity.

We are the raw material of the new economy. Data about all of us is being prospected for, mined, refined, and traded…

  . . . and most of us don’t even know about it.

 Every time we go online, we add to a personal digital footprint that’s interconnected across multiple service providers, and enrich massive caches of personal data that identify us, whether we have explicitly authenticated or not.

 That may make you feel somewhat uneasy. It’s pretty hard to manage your digital footprint if you can’t even see it.

 Although none of us can control everything that’s known about us online, there are steps we can take to understand and regain some level of control over our online identities, and the Internet Society has developed three interactive tutorials to help educate and inform users who would like to find out more.

 We set out to answer some basic questions about personal data and privacy:

 1. Who’s interested in our online identity? From advertisers to corporations, our online footprint is what many sales driven companies say helps them make more informed decisions about not only the products and services they provide – but also who to target, when and why.

 2. What’s the real bargain we enter into when we sign up? The websites we visit may seem free – but there are always costs. More often than not, we pay by giving up information about ourselves – information that we have been encouraged to think has no value.

 3. What risk does this bargain involve? Often, the information in our digital footprint directly changes our online experience. This can range from the advertising we see right down to paying higher prices or being denied services altogether based on some piece of data about us that we may never even have seen. We need to improve our awareness of the risks associated with our digital footprint.

 4. The best thing we can do to protect our identity online is to learn more about it.

 The aim of the three tutorials is to help everyone learn more about how data about us is collected and used. They also suggest things you need to look out for in order to make informed choices about what you share and when.

 Each lasts about 5 minutes and will help empower all of us to not only about what we want to keep private, but also about what we want to share.

 After all, if we are the raw material others are mining to make money in the information economy, don’t we deserve a say in how it happens?

 Find out more about the Internet Society’s work on Privacy and Identity by visiting its website.

 * Robin Wilton oversees technical outreach for Identity and Privacy at the Internet Society.

If you have any question you could contact: dan@e-crimeexpert.com

 

Data Protection: one Directive and two perspectives

December 4, 2012 Leave a comment

Data Protection: the economic value and the fundamental human rights perspectives

Related to our latest Blog post on Privacy vs Data Protection, today E-Crime Expert presents a short history and rational behind the Data protection legislation in the European Union.

Did you think that the EU Data Protection legislation was drafted and proposed by the European Union’s Directorate General Justice (because of its Human Rights dimension)?Actually, it was not as the Directive 95/46/EC was drafted and proposed by the DIRECTORATE GENERAL FOR INTERNAL MARKET AND SERVICES DG MARKET.

Why? In order to find out please read bellow the rationals described in the Preamble of the Directive 95/46/EC:

The establishment and functioning of an internal market in which, in accordance with Article 7a of the European Union’s Treaty, the free movement of goods, persons, services and capital is ensured require not only that personal data should be able to flow freely from one Member State (MS) to another, but also that the fundamental rights of individuals should be safeguarded. In other words, there should be a proper balance between the free flow of personal data and the protection of fundamental human rights.

Furthermore, the economic and social integration resulting from the establishment and functioning of the internal market leads to a substantial increase in cross-border flows of personal data between all those involved in a private or public capacity in economic and social activity in the MemberStates and the exchange of personal data between undertakings in different Member States is considerable increasing. Also, the increase in scientific and technical cooperation and the new telecommunications networks in the Community necessitate and facilitate cross-border flows of personal data.

Considering the difference in levels of protection of the rights and freedoms of individuals (privacy), with regard to the processing of personal data afforded in the Member States, it could prevent the transmission of such data from the territory of one Member State to that of another Member State, which constitutes an obstacle to the pursuit of a number of economic activities at Community level, distort competition and diminishes the economic value of a such exchange of data.

Last but not least, in order to remove the obstacles for the flow of personal data, which is vital to the internal market, it is aimed to ensure that the cross-border flow of personal data is regulated in a consistent manner that is in keeping with the objective of the internal market.

Considering the above rationales as outlined in the Preamble of the Directive 95/46/EC, we can easily observe that the Data Protection legislation in the EU does not manly has a human rights dimension but an economic one as the Directive 95/46/EC was drafted and proposed by the DG Market and not by the DG Justice or DG Home, aiming to not only stop but to increase the free flow of data between the Member States by giving legal certainty to the EU citizens and providing a legal framework uniformly implemented among the MS.

The second part of this Blog Post continues with the Directive 95/46/EC human rights dimension  by explaining data protection terminology, principles, rights of data subjects and data transfer mechanisms.

 1)      data protection terminology and definitions

  • ‘personal data’ = any information relating to an identified or identifiable natural person (‘data subject’); and who can be identified:
    • directly
    • indirectly,
    • in particular by reference to an identification number
    • or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
  • ‘processing of personal data’ = any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as: collection, 
    • recording,
    • organization,
    • storage,
    • adaptation or alteration,
    • retrieval,
    • consultation,
    • use,
    • disclosure by transmission,
    • dissemination or otherwise making available,
    • alignment or combination,
    • blocking, erasure or destruction;
  • ‘personal data filing system’ (‘filing system’) = any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;
  • ‘controller’ = the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data;
  • ‘processor’ = a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
  • ‘third party’ = any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who (e.g. subcontractor), under the direct authority of the controller or the processor, are authorized to process the data;
  • ‘recipient’ = a natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not;
  • ‘the data subject’s consent’ = any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.

 2)      Principles related to data protection:

  • processed
  • fairly (data subjects informed) and
  • lawfully (based on a legal act)
  • collected for:
    • specified,
    • explicit
    • legitimate purposes
    • no further processed in a way incompatible with those purposes
  • adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed;
  • accurate and, where necessary, kept up to date;
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected
  • the data subject has unambiguously given his consent
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • processing is necessary for compliance with a legal obligation to which the controller is subject
  • processing is necessary in order to protect the vital interests of the data subject
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed

 3)      Information to be given to the data subjects (fair processing)

  • the identity of the controller and of his representative, if any;
  • the purposes of the processing for which the data are intended;
  • any further information such as
    • the recipients or categories of recipients of the data,
    • whether replies to the questions are obligatory or voluntary, as well as the possible consequences of failure to reply,
    • the existence of the right of access to and the right to rectify the data concerning him

4)      Rights of data subjects:

  • Right of access
  • Right to object
  • Right to modification
  • Right to deletion

 5)      Notification

  • Those processing personal data shall provide that the controller or his representative, if any, must notify the supervisory authority (of a member states) before carrying out any wholly or partly automatic processing operation or set of such operations intended to serve a single purpose or several related purposes.

 6)      Transfer mechanisms:

  • Freely to Canada, Argentina, whole EU, etc BUT not to US (does not confer the same level of data protection as EU-because of the Patriot Act)
    • Binding Corporate Rules (for US. Set of rules agreed by the EU Commission when transferring data outside EU)
    • Safe Harbor Agreement (for US that certifies those part of this agreement comply with the EU data protection rules)

 Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog

 

Training and workshops

E-Crime Expert as a legal consultancy specialized in the fields of data protection, privacy, cybercrime, and the Internet, offers the following services:

  • Drafting of notification and documentation for personal data processing, transfer, compliance
  • Legal mechanisms for the cross-border transfers of personal data
  • Privacy Impact Assessments

Now, E-Crime Expert is offering also training session, workshops, tutorials and talks tailored to specific audience such as:

  • Corporate

 
 
 
 
 
 
 
 
  • Various events and conferences
 

 
 
 
 
  • Seniors
 

 
 
  • Teenagers
 

 
 
  • Children
 

 
 

If interested, please contact us at: dan@e-crimeexpert.com

“Cookie” Directive

October 28, 2011 6 comments

From the same series which is presenting the European legal framework regarding privacy and personal data aiming the help the readers be aware about their legal rights in order to better protect those legal rights, today it is presenting:

Directive 2009/136/EC amends and supplements Directive 2002/58/EC Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector.

 

Directive 2009/136/EC addresses the issues of unsolicited commercial messages, the use of technologies for telemarketing purpose the use of traffic and location data, public directories and cookies: “a message given to a Web browser by a Web server. The browser stores the message in a text file. The message is then sent back to the server each time the browser requests a page from the server”. Through the implementation of this Directive, which complements and amends Directive 2002/58/EC, a better protection of users’ personal data is aimed at. Additionally, a new framework for disclosure of security breaches from the electronic communication provider to their users is set.

Regarding the access of the stored data (Article 4 E-Privacy Directive), in the view of this new Directive, the electronic communication providers should ensure that users’ personal data can be accessed only by “authorized personnel for a legally authorized purpose”. The new requirement essentially is that the communication service providers should implement security policies regarding the processing of users’ personal data. In regards to this stipulation, the national authorities are granted rights to audit the measures taken by the providers of communication services in regard to security and the processing of users’ data, and could provide best practices and techniques in achieving the best security measures for users’ data protection.

In the view of this Directive, regarding the breach of security, the communication service providers are provided with clear definitions and meanings of security breaches and risks, and the notion of personal data breach has been introduced. The scope of this Directive referring to security breaches is that the communication service providers should take appropriate actions to try stop or reduce the effect of security breaches, inform the user about the data that was at risk or breached, and when well-defined and potential security breaches could occur such as: “accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed in connection with the provision of a publicly available communications service.” The scope of identifying and defining those security risks is that from the moment this Directive will be implemented (e.g. June 2011), every communication service provider will refer to security breaches as to something well determined and are also obliged under the new Art 4 (3) to give Notice of security breaches to the competent national authority and to the user whose data is at risk, suffered an adverse effect or when data at risk could potentially disclose the user’s identity. The Notice is not required if the communication service provider proves that all the technical and security measures available were taken to protect users’ privacy and security breaches.

This directive applies to the collection of personal data placed on a EU user’s terminal (i.e. computer hard drive, smartphone, iPad) by using cookies as a mean of equipment. Consequentially, the EU users are protected against any website that uses cookies (without users opt-in consent),

The Directive requires before any cookie is sent to a user terminal, consent should be obtained. The user needs to express the opt-in consent before any cookie is sent. The user’s terminal is regarded as his personal and private space and an illegitimate installation of a program such cookies, is a privacy intrusion. In addition, if the user gives consent for cookies installation, the user should also be informed about any exchange of private information retrieved from his terminal. Precedent views regarding the user’s browser settings, assumed that if the browser setting allows cookies (i.e. the user set up his browser to accept cookies), then the consent is given. Furthermore, this Directive requires, even if the browser settings allow cookies, still the user must be informed regarding any exchange of private information between his computer terminal and the communication service provider.

For example, when a third-party website which uses Facebook “Like” button (even when the button is not clicked on that particular website, when the user visits it), when it is visited by a Facebook user, because of the cookie assigned to its unique Facebook ID number, makes him identifiable to the third-party website as well. The website “knows” then who is the visitor and can get access to that particular user’s Facebook profile (the “Like” button is designed to post on one’s Facebook Wall the website/business he likes). By getting access to private information this is a breach of this directive because the user should “be informed about any exchange of private information retrieved from his terminal”.

This Directive entered into force as of 2010, but the EU Member States should have transposed it into their national legislation by June 2011.

If you would like to read another E-Crime Expert Article on how the cookie “notification” is actually done in practice, check “Privacy: search for it and claim it“, post.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Did you know about this Directive? Are you aware of the use of cookies? Are you informed about the use of cookies on your machine?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

%d bloggers like this: