Privacy Test Driver

07/28/2023

Privacy Pit Stop

Come top off your gas tank and check the fluids.

Have any quick privacy questions?

Curious what happened this month in the news affecting Internet use and online privacy?

Join us for an open conversation on our regularly scheduled last Monday of the month.

Monday's session is 2pm

Join a WebRTC video conference powered by the Jitsi Videobridge

04/13/2023

Happy Identity Management Day

03/28/2023

Thanks everyone who joined us yesterday for our first Privacy Pit Stop: quick questions and open discussion of recent privacy/security news. Hopefully you can join us again for our next one. As noted there is no recording, for your privacy and to encourage frank discussion.

03/25/2023

Privacy Pit Stop
Come top off your gas tank and check the fluids.
Have any quick privacy questions?
Curious what happened this month in the news affecting Internet use and online privacy?
Join us for an open conversation Monday 3/27/23 at 2pm EST

Join a WebRTC video conference powered by the Jitsi Videobridge

03/03/2023

Don't feed the bears...? Nope. Now it's don't feed the amoeba.

It's a good idea to know what (big data) you are feeding your machine learning.

It's also a good idea to know what it's eating that you didn't plan on feeding it.

Bears may be omnivores, but there are things bears will not eat. You don't feed the bears because bears will learn that you have easy food and will keep returning. Most of us don't want to collect and use what comes out of a bear.

Amoeba don't care. Amoeba will ingest anything. Amoeba don't stay in easy food areas. Amoeba are too primitive to care.

Deepfake and chat artificial intelligence are too primitive to care. They will ingest what you feed them. They will ingest whatever they find on their own. Why do we want to enthusiastically collect and use what comes out of deepfake and chat artificial intelligence?

A woman received a message from a friend "Hey, is this you?"
The face was indeed hers, but used for a camping stove advertisement that she had never agreed to, and didn't know existed.

How?
Sleuthing discovered:
74 reposts of the picture in online marketplaces, selling a variety of products from a camp stove to a portable gas cooker
1 linchpin photo with a different woman camping
1 original photo for a camping tent from 2018 and woman model

The more the image was posted, the more the image changed to look like the woman. The algorithm keeps learning, moving toward the desired features and look.

Vint Cerf, inventor of Internet architecture and many foundational protocols, warns not to jump into using chat artificial intelligence just because it's the hot new thing. Vint, the Internet Evangelist for Google and many, many other organization boards and standards committees, would certainly know. He advises "Be thoughtful about how we use these technologies." They don't know the difference between eloquent and accurate responses. They may produce convincing but fictitious answers.

If you can control its diet, it becomes a much more useful tool. Right now there are ethical questions about both how we use the tool, and the output of the tool, that need alot of careful thought.

02/13/2023

Taming Privacy Debt

"Damn! We can't find it , we don't know where it is, and what are the risks?"

Privacy Debt is the not too subtle realization that the laxative management of customers’ private information and sensitive intellectual property is not sufficient. This effluvia can too easily slide your business down a large financial hole. It can become very apparent during a data breach. A malevolent event such as a data breach is expensive. Corporate response costs increase substantially as too many operational resources are exhausted in chasing data location and identity owners rather than defending the company.

Say whoa! to privacy debt…

If you collect too much data - you have privacy debt
If you don’t know how your machine learning is eating your Big Data - you have privacy debt
If you store your data forever - you have privacy debt
If you don't know where your data goes and where it flows downhill - you have privacy debt
If you can’t royally be bothered to answer consumer (paying customers) data requests - you have privacy debt
If you have shared your data with a 3rd party, and are not sure how they handle it - you have privacy debt
If you are in no hurry to report a data breach, or just wear blinders - you have privacy debt

Taming the tiger

First set up a project team composed of members from the IT department, business products lines, service lines and sales. Elect a liaison to ensure senior management support and budget approval. This is necessary to ensure the executive tone-at-the-top fully supports the project.

Next the project team will investigate and discover what data their business units have collected. This data includes structured databases and loosely managed data in spreadsheets, PowerPoint presentations, reports (Tableau, SalesForce, ServiceNow, etc.), data buckets and cloud services. All of it must then be centrally managed.

Then your project team must locate the owners of the corporate data. This is a key question: what responsibility does each department’s manager, staff employees and their IT technical support team have? After discovery, analyze the results and decide the best actions to take. Then the project team must document these decisions, and perform an annual review of these findings to keep it relevant to the business.

Your project team empowers the building of new workflows and processes that strengthens data privacy protections. They assign roles, authorizations, and access rights to corporate data and systems. These deliverables should work together cohesively to strengthen the businesses key risk management while not hindering the business's profit making workflows.

The project team enables better corporate data security and privacy protections, permitting senior management and legal to handle data retention policies. Using minimally required data increases compliance for core financials, Human Resources, and protection of intellectual property. Non-essential data should not be kept for long term storage; it should be deleted regularly and securely to reduce the risks of managing toxic data and storage costs.

Finally after the internal governance and compliance structures are in place the project team can extend their scope of work. External business partners and cloud services should be audited. The project team will need to review the audit of cloud and 3rd party corporate user accounts, databases, data storage and data access rights. These external service providers must be vetted for legitimate usage and proper data security and privacy protections by the project team. Security and compliance certifications should be required for acceptance by the project team.

Commonly the ISO 27001, 27017, 2018, 27701, and FedRamp are often used as proof of compliance to laws and security requirements being met by the Cloud service providers. Every company needs to implement the right processes to protect the business from bad data security protection habits that break security and threaten customer privacy.

Are we done yet? We started with the definition that privacy debt is the product of neglecting the maintenance , privacy and protections of customers’ and corporate data. Growing successful businesses knows this is a never ending process.

The goal of the project team is to reduce privacy debt. It is a means to improve corporate risk management, and reduce costs. This increases the corporation's ability to respond quicker to any possible security incidents. It benefits both customers and the business.
It is a win-win prize.
Best of success to you all.

11/22/2022

Tis The Season To Be Scammy 2022

Family and Friends are Important

On a normal day Americans spend almost 3 hours on social media. Teens spend more than 5. You'll certainly spend more time connecting in this year's holiday season. Family and friends are important to us. We want to know if they are OK, we want to share our lives, hopes, dreams, and cares.

Pro Tip:
Information you share about other people online is sharing their information. Always be sure they are OK with it being shared, and being shared by you. Did they want to do the big reveal themselves?

Safety and Privacy Doesn't Have to be Hard:
- Disable location services on your apps and photos unless it's something that really needs it like maps.
- Check the privacy settings on your apps. Make sure its choices are your choices, not the other way around.
- Be careful with new connection requests, be sure it's your friend or colleague. Be even more sure with charitable groups, check them out on https://www.charitynavigator.org/
- Be sure the password for where you visit is unique. Don't use the same password for email, paypal/squre/venmo, and your social life.
- If you're travelling consider a VPN, especially if you're using public wi-fi. I've used Hide.me, Proton VPN, Privado VPN, Tunnel Bear, and Windscribe. I have heard good things about Mullvad VPN and RiseUp VPN (https://riseup.net/en/vpn).

The FBI recommends don't tag pictures with your child's name (predators), and that you never share:
- birthday (identity thieves)
- dates of a trip (home robbery)
- driver's license or social security (identity thieves)
- credit card or bank information (online robbery)

Safely Shop for Yourself or Your Business

Everyone wants your money. Make sure you choose where it goes.

If you get email or voicemail that says it's from your credit card, online payments, taxes, bank, or whatever, don't click the included link. You need to open a new web browser tab and type or paste the address yourself to make sure it goes there, and not some other site. Beware of typos in the address!

Secure websites addresses start with HTTPS. If you wave the mouse or pointer over the address area's padlock or shield you should see a message that it's verified and/or secure.

Use Charity Navigator's ratings and resources to find and support highly rated charities that align with your passions and values. Whether you're looking to give toward international relief, the environment, animal welfare, or something else, we empower you to donate and volunteer with confidence.

10/19/2022

I’m happy to share that I’ve obtained a new certification: Proofpoint Certified Data Loss Prevention Specialist 2022

09/30/2022

Are you an aspiring or existing entrepreneur? Journey to the E3 Pull-Up on Oct 5 to understand why privacy matters and how it affects you and your business.
https://www.eventbrite.com/e/pull-up-at-provident-october-5-2022-registration-416702948737

We're here to help you start, grow, and scale your business.

09/05/2022

Can't wait to host you!
Ann Ljungberg
The Expert Method Strategist
https://www.expertcoalition.com/

The 60-seconds Expert Summit
Friday, September 2nd, at 10.00 AM to 11.00 AM
Pacific Time (US and Canada)
Thank you everyone who was able to join the 60-Seconds Expert Summit.
https://app.eventraptor.com/events/25976147099652090

Leap over privacy roadblocks and find the road to success
Kim Green, Synergist

Welcome to sign up as a speaker for the 60-seconds Expert Summit! You will get 60 seconds to share your expertise with a broad audience, a chance to build your list and make new connections. In 60 seconds, I’m confident you can share - in an engaging way:Your name & business (best if you can just ...

09/26/2021

October is Cybersecurity Awareness Month.
Privacy is knowing what to secure, and why. Take action, everyone starts somewhere.

https://www.sans.org/mlp/secure-the-family/

https://www.cisa.gov/cybersecurity-awareness-month

SANS Security Awareness presents Secure The Family | Practical Ways to Stay Safe Online – From Our Experts to Your Home

09/11/2021

Palo Alto wireless mesh router for secure home use due out this fall.

Okyo Garde delivers the robust, enterprise-grade cybersecurity that Palo Alto Networks is known for with consumer simplicity.