Posts

Google History and Your Privacy

Picture 18What started in 1997 as a research project and a mission as the way to organize the world’s information has turned into the worlds largest search engine. Google has given anyone with an Internet connection access to more information than they realize. With such quick access to information, you need to be careful what you put on the World Wide Web and realize what is contained in your Google History.  Remember, posts – and searches –  are permanent. Here are a few privacy issues when it comes to Google:

1.    Google’s Cookie and Toolbar.
When you use their search engine, Google places a self-renewing cookie with a unique ID number on your hard disk. As you search websites, Google records your surfing activity and saves your searches. There are ways to change your Internet options to stop the cookie tracking and you can learn more by visiting www.google.com/support/accounts/.Remember, nothing you do on the Internet is private; it is all tracked, aggregated, analyzed, sold and used for a variety of purposes (many of them good). The advanced features of Google’s new toolbar for Internet Explorer not only updates automatically, but it also tracks which websites you visit.

2.    Google Mail. Google’s mail service, or Gmail offers users free webmail. What most users will notice are the targeted ads that appear on the right side and above your email. According to Google’s privacy page they state “Google believes that showing relevant advertising offers more value to users than displaying random pop-ups or untargeted banner ads. In Gmail, users will see text ads and links to related pages that are relevant to the content of their messages…. No email content or other personally identifiable information is ever shared with advertisers.” Although they may not directly be sharing the content of your email messages with advertisers, they are being scanned for content and populated with relevant advertising. Most people and businesses probably don’t consider an email that has been scanned by others to be truly private.

3.    Google Docs. Google Docs is an amazingly powerful platform that essentially replaces Microsoft’s Office on your computer. This has many advantages. It is considerably less expensive, always up to date and available from any computer connected to the Internet. It gives you a freedom of computing, sharing and collaboration not available when your documents are available only on a physical hard disk. It is rapidly being adopted as the office suite of choice by governments, education systems and businesses. But as with any web-based application, there are privacy concerns.

Google’s profit model is based on collecting, indexing and sharing as much information as possible about everyone who uses its suite of tools. Because Google dominates the search engine market, websites, businesses and individuals are highly dependent on them. This dependency gives us a good excuse to overlook privacy issues with the company (Gmail is so useful, I couldn’t live without it, even if I’m losing some of my privacy). The solution is not to stop using Google, the Internet or web-based tools. It is to be conscious and discriminating of how you use the tools.

John Sileo became one of America’s leading Social Networrking Speakers & Identity Theft Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Electronic Information Privacy – Securing Your Job: Part II

,

Picture 6As we discussed in Electronic Information Privacy – Securing Your Job Part I, if you are an employee at a corporation, association, university or small business, you must realize that protecting electronic information and organizational data is vital not only to your company’s profitability, but for your job security.

Here is a crash course on how to promote information security within your company. The most effective way to build a Culture of Privacy is to break it down into 3 simple steps (most corporations skip the first step, dooming them to failure):

1.    Motivate the Individual. Train yourself, your employees and executives on how to protect identity and company information first. Learning the basic principles of privacy at an individual level is a pre-requisite for all subsequent forms of data security, and supplies the necessary motivation to apply the same habits at work. Each employee needs to overcome their own apathy, ignorance and inaction before they are equipped to protect corporate assets.  By making it personal, your executives and employees are acquiring the building blocks necessary to construct a corporate Culture of Privacy. Electronic information privacy training is good for their wellness, and is a means to a safer and more profitable end.

2.    Empower the Team.  One employee alone does not have the authority or resources to act. By empowering cross-departmental teams (who already understand privacy at a personal level) with the authority and resources to focus on low-hanging security fruit (e.g., laptop computers, document shredding, wireless surfing), you make immediate progress and win crucial organizational buy-in. In contrast, organizations with a Regime of Privacy tend to force data security into a silo (e.g., “It’s the I.T. Department’s responsibility” – see statistics in Part I), never taking into account the vital role played by legal counsel, compliance officers, the CFO, human resources and even facilities maintenance. In a Culture of Privacy, the team is integrated, and the results are more enduring.

3.    Lead by Example. There is nothing that undermines a Culture of Privacy faster than an employee or executive team that doesn’t practice what they preach. A CEO who surfs unprotected in the airport or refuses to invest in desk-side shredders will send a hypocritical message echoing throughout the corporation: “privacy doesn’t really matter, we’re just going through the motions.” In the same manner, a CEO who appoints some form of Chief Data Protection Officer but doesn’t supply the vision, budget or authority to make it happen, is the same CEO whose data breach catastrophe shows up on the front page of the Wall Street Journal.

For example, once you have learned to properly shred sensitive documents at home, it is much easier to apply a more sophisticated form of shredding at work. Individuals and business leaders who know how to protect themselves from identity theft on a personal level, will be more knowledgeable and prepared to protect their company’s electronic information from data breach on a business level.

Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.” – Lao Tzu

John Sileo became America’s leading Information Privacy and Identity Theft Speaker after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To further bulletproof yourself and your business, contact John directly on 800.258.8076.

Electronic Information Privacy – Securing Your Job: Part I

,

Picture 6Electronic information privacy will eventually be one of the criteria on your job performance review. In fact, it’s not just electronic data that you should be concerned about, but all data. If you are an employee or executive at a corporation, association, university or small business, you must realize that protecting organizational data is vital not only to your company’s profitability, but to your job security. If it isn’t right now, it will be soon.

As a company employee or business leader, it is essential that you clearly understand the relationship between identity theft, data breach and your bottom line.  One of the costliest data security mistakes I see executives make is that they initially approach data privacy from the perspective of the company. They don’t recognize the following reality: All privacy is personal. It’s not electronic information privacy. It’s not physical data privacy. It’s personal.

In other words, many people in your organization won’t care about data security, privacy policies, intellectual property protection or data breach until they understand what it has to do with them. If employees and executives don’t care about protecting their own identities (to prevent identity theft), how can you expect them to care about protecting corporate identity (to prevent data breach)? Like the emergency oxygen masks on a de-pressurized airplane, you’d better put your own on first or you’ll be worthless to those around you. Protecting yourself first isn’t self-centered; it’s effective and educational. Information Privacy Training begins at the human level and expands outwards to the group level. And it is not technical by nature.

This foundation of belief, despite and possibly contrary to the onslaught of information privacy acts, is clearly lacking among C-Level corporate executives. Look at the key findings of the Ponemon Institute/Ounce Labs study, Business Case for Data Protection, which surveyed C-Level executives about information privacy inside of their corporations (emphasis mine):

•    82% of the C-Level executives surveyed said that their organizations had experienced a data breach and many of them are positive they cannot prevent a repeat performance
•    53% of the CEOs surveyed said that the CIO is responsible for data protection, yet only 24% of the other C-Levels would point to the CIO as the one responsible for data protection overall
•    85% of those who are said to be in charge of data protection don’t believe that a failure to stop a data breach would impact their job

In other words, C-level executives know that a breach has already happened, are fairly certain it will happen again, know that they are unprepared to stop a recurrence, and yet they can’t clearly identify who will be held responsible, nor do they feel that they will be held accountable when the inevitable happens. At this stage, building a Culture of Privacy is mostly bluster, as is electronic information privacy.

According to Ponemon, the average organizational cost of one data breach to a company was almost $6.7 million in 2008. The negative effects on our bottom lines is what will give this topic traction, not any one privacy information act. The question is, how many data breaches can one company sustain, and how many does it take to get them to respond? Information privacy, electronic and otherwise, is vital to your company and in turn, your job security.

My next post will discuss some of the steps to take to make sure your company isn’t one of the victims in 2010.

John Sileo became America’s leading Information Privacy and Identity Theft Speaker after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To further bulletproof yourself and your business, contact John directly on 800.258.8076.