Data Privacy Week, January 24-28, 2022

January 14, 2022

As an institution, we have a requirement to protect our data. This is why DoTS reviews every software purchase. As an information security officer, I take a risk-based approach when evaluating applications and services. As an individual, you should do the same.

The level of risk associated with any app or service is directly related to the data it contains or has access to. A password manager is high risk. A news app is probably low risk. When considering risk, be sure to review the permissions the app requires to function. A camera might be low risk, but if it has access to your text messages, contacts, or location, it is probably high risk.

When it comes to privacy, a company’s terms and conditions are the only thing protecting your personal information. As the person clicking the “I accept”, you are responsible for the risk that comes with it. Some companies make it very easy to understand their terms and conditions. Others try to hide their actions in vague terms. Sometimes, the terms are too complicated to understand. As you navigate technology decisions in your personal life, I encourage you to read the terms and conditions instead of clicking through them. If an app or service is burying terms in legalese or vague statements, their real product is probably your data.

As you assess risk and decide to use an app, there are many questions to ask yourself: Am I comfortable sharing the information this app has access to? What would happen if the information was leaked? Should I use the free version or the paid version? Should I use a long and unique password? Does the application support multi factor authentication – if so, should I use it? Is my data encrypted? If an app isn’t worth the risk, don’t use it.

Once you have decided to accept the risk and use an application or service, make sure to configure the privacy settings appropriately. Quite often the default will be sharing more than you may be comfortable with. Then, review your settings each year to make sure nothing has changed.

January 24-28 is “Data Privacy Week”. This is an excellent time to consider how your information is being used, what is being collected, and review the privacy settings in the apps you use. I invite you to check out the data privacy week resources published by the National Cyber Security Alliance, including links to help you manage your privacy settings in many common applications and services. https://staysafeonline.org/data-privacy-week/

Return to Information Security News and Information