As our world becomes more connected – and as more information is collected about us and our behavior through the devices and apps we use – it becomes increasingly important to understand the implications of our online actions for our privacy and safety.
The National Cyber Security Alliance’s (NCSA’s) privacy awareness effort, which educates consumers on how they can own their online presence and shows organizations how privacy is good for business, is an integral component of STOP. THINK. CONNECT.™, the global online safety, security and privacy awareness campaign. NCSA’s privacy awareness efforts are led by an advisory committee of experts from industry, academia and the nonprofit sector.
NCSA consulted its privacy advisory committee about the need for more research on privacy and the most critical research topics to examine in the field. Our committee members identified two youth-focused topics that deserve more attention – privacy education in schools and the privacy implications of new connected toys. The following presents a few highlights of our committee members’ recommendations for future privacy research projects.
Understanding the State of Privacy Education in Elementary Schools
Mary Madden, Researcher, Data & Society Research Institute, and Affiliate, Berkman Center for Internet & Society, Harvard University
While many notable efforts have been made to develop privacy education tools for teachers and parents, little is known about the current adoption and implementation of these programs at the elementary school level. How many schools across the nation are making a concerted effort to integrate privacy education into the curriculum for K-5 students? What teachers are being tasked with the role of privacy education and what additional resources do they need? Among parents, what kinds of privacy-related skills do they consider to be important — both for themselves and their children? With recent studies suggesting that the majority of six to nine year-olds now have their own tablet, and growing numbers of elementary schools now requiring tablet use at school, there is still a considerable knowledge gap regarding what privacy-related education efforts have accompanied the adoption of these and other Internet-connected devices. In addition, the increasingly prevalent use of educational apps in elementary school settings provides another layer of opportunity to incorporate lessons about privacy and security, but it is currently unclear what best practices are emerging to support those efforts. Future research projects could explore these questions through interviews with teachers, parents and school administrators, while case studies could document what strategies are proving to be most effective in various school settings.
Are New Tech Trends in Toys Putting Our Children’s Data at Risk?
Janet F. Chapman, Privacy Awareness Committee Member, National Cyber Security Alliance
One of the new toy trends is to encourage children to interact with a toy in a way that allows the toy, and therefore, the company, to capture and store data about their young users. Unfortunately, in gathering this trove of personal and behavioral data, these companies may be more focused on their marketing and product development needs than on the prevention of theft or misuse of that data.
A data breach late last year highlighted the risks of having this data stored in ‘less than secure’ environments. On December 1, 2015, a Hong Kong toy company, VTech, announced a hack of servers containing the photos and chat data of over 6 million children. The company said it collected minimal personal information about each child; however, in order to comply with the FTC’s Childrens’ Online Privacy Protection Act (COPPA), they also have data on the parent who is required to approve each child’s registration.
Given today’s technology advances, it’s a simple matter to link a child’s data with that of a parent, thereby developing a complete profile on the child. In the hands of identity thieves, these profiles can be used for all kinds of fraud and identity theft purposes.
Research is needed to understand the depth and breadth of this issue. Some of the questions that arise include what companies are engaging in children data collection practices; what industry sectors, in addition to toys, are targeting children in this way; and how big is the risk. The security issue is highlighted with the data breach but there may be privacy risks as well. What are the data collection, usage and sharing practices? How transparent are the privacy policies — and are they accurate and compliant with global privacy standards? Are there best privacy and security practices? Are there practitioners who are mitigating the risks? What can parents watch for/do to mitigate the risk of damage?
To learn more about privacy, visit staysafeonline.org/dpd, or check out our Privacy Library for helpful resources. And be sure to follow the #PrivacyAware hashtag – and include it in your privacy-related posts – on social media!
About the Guest Authors
Mary Madden is a veteran technology researcher, writer and public speaker, having studied trends in American Internet users’ behaviors and attitudes for more than a decade at the Pew Research Center. She is currently a Researcher at Data & Society, leading an initiative to better understand the privacy and security experiences of low-socioeconomic status populations. She is a nationally recognized expert on privacy and technology, trends in social media use, and the impact of digital media on teens and parents. Mary is also an affiliate at the Berkman Center at Harvard University and a member of the NCSA Data Privacy Day Advisory Committee.
Janet F. Chapman, until her retirement in July 2014, served as senior vice president and chief privacy officer for Union Bank in San Francisco, one of the top 25 largest banks in the United States, with more than 13,000 employees and $105 billion in assets. At Union Bank, Ms. Chapman was responsible for enterprise privacy strategy and oversaw all privacy-related activities and information security compliance. In March 2014, Ms. Chapman was named a Privacy By Design Ambassador by the Information and Privacy Commissioner of Ontario, Canada. she was also a contributor to The Privacy Engineer’s Manifesto, published in 2014 by Apress Ope. Ms. Chapman is a certified information privacy professional (CIPP) and serves as a member of the NCSA Data Privacy Day Advisory Committee.