Posts

HoGo Document Protection: 10 Questions w/ Digital Privacy Expert John Sileo

By Mike Spinney, HoGo (Document Protection Simplified)

John Sileo is a kindred spirit when it comes to fighting the good fight against data breach and identity theft. I met John about seven years ago when we were both part of a joint project to raise awareness over the issue of physical document protection and we’ve been friends ever since. I admire what John does to help make people more aware of their personal risk and take steps to prevent identify theft. A two-time victim of identify theft, John has refused to wallow in his victimization and instead has become a privacy expert in his own right and taken his powerful, personal message to audiences around the world raising identity theft prevention awareness as one of the issues premiere speakers.

In addition to keynote speaking and his video series, Burning Questions, John is a frequent media source for stories about privacy and identity theft. He was in my area last month for to give a series of keynote presentations for the University of Massachusetts’ privacy awareness program so I took the opportunity to meet with John and ask him ten questions about his work and the issue of data privacy and information protection.

HoGo:  Your personal ID theft story is not uncommon. Is there anything that might have caused you to take better care of your personal information prior to your first experience? Continue Reading…

Privacy Pros Leaving Consumers Vulnerable

By Guest Blogger, Mike Spinney, The Ponemon Institute

I grow more and more convinced that, while the issues that keep us busy generate headlines that have migrated from the legal journals and trade publications into the mainstream media, the basic need for education among consumers becomes more urgent.  Lately the Wall Street Journal has published a steady stream of insightful articles related to digital privacy, and data breaches are reported in local newspapers wherever and whenever they occur, but in my experience talking with regular folks, the lessons contained in these articles don’t seem to be having any meaningful effect.

Whenever I’ve had the privilege of standing before an audience of regular folks, the questions I hear over and over again are related to information so basic that in my professional interactions they don’t even come up.  “Is it safe to send a check through the mail?”  “Should I pay with cash, credit, or debit?”  “How can I tell the difference between a fake email and a legitimate one?”

I’ve heard a lot of people scoff at the simplicity of these questions.  Surely we’ve moved well beyond the question of spam and phishing, right?  We’ve got bigger questions to address today, like HIPAA and HITECH; like RFID and biometrics; like behaviorally targeted advertising; like Mass 201 CMR 17…

Like anyone who you’d pass on the street knows or cares about what any of that means.

This morning I was reminded of an old sketch from the early years of Saturday Night Live in which a clever landshark knocks on an apartment door and offers reasons why it should be let inside: flowers, plumber, telegram, candygram, I’m a harmless dolphin.

The sketch is funny because of the absurdity of the deceit, but this is exactly how many scam operators ply their trade.  And too many people fall for the con because they simply don’t know any better.  Those of us with the knowledge tend to forget that for millions of people, the Internet remains a mysterious and intimidating environment, and their innocence leaves them vulnerable to dishonest and malicious social engineers.

Meanwhile, we privacy professionals are more concerned with demonstrating how smart we are to our peers that we’ve forgotten the tens of thousands of consumers who, each day, could benefit from some of what we know.  Instead, we leave them at the mercy of scammers, grifters, con artists, frausdsters, charlatans, and swindlers and wonder incredulously at how the problems associated with cybercrime and identity theft can persist.

We need to make an effort to step outside our professional circles and step into the everyday world, and make an effort to help raise awareness of the threats that exist in today’s digital economy and how to avoid them.  We need to take our knowledge out of the conference room and the exhibition hall and bring it to the schoolroom, the senior center, the town hall, the church, the barracks and wherever else people are gathered.

Through education and awareness we can make the biggest gains in preventing identity theft, but that can’t happen unless we tell folks what they need to know.

Mike Spinney is a senior privacy analyst with privacy research and consulting firm Ponemon Institute.  For more information about or to contact the Ponemon Institute, visit www.ponemon.org.