Privacy Mindfulness

Jan 23, 2017 7:02am


mindfulness“Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual … the right ‘to be let alone’… Numerous mechanical devices threaten to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the house-tops.’” – Louis Brandeis

Hard to believe this was written more than 125 years ago by Louis Brandeis and Samuel Warren and published in the Harvard Law Review in 1890. “The Right to Privacy is one of the most influential essays in the history of American law and is widely regarded as the first publication in the United States to advocate a right to privacy, articulating that right primarily as a “right to be let alone.”          

Brandeis became the first justice to interpret a constitutional right to privacy in the Fourth Amendment. He was also the first jurist to recognize the threat technology posed to citizens. Brandeis defined the "right to be let alone" as "the most comprehensive of rights, and the right most valued by civilized men." The recent invention Brandeis referred to back in 1890 was the portable camera and the business methods were celebrity journalism. Brandeis was certainly way ahead of his time. It would be interesting and beneficial to us all to hear his opinions today on the next steps that must be taken for the protection of people and for securing an individual’s right to be let alone in the age of “The Internet of Things” (IoT) and the dawn of the Internet of Everything (IoE).

The ability to send and receive data online through objects or “things” is called The Internet of Things. While IoT is the network of physical objects connected to the internet, IoE is the networked connection of people, process, data and “things” such as cities, states, countries and objects. According to Cisco, IoE has the potential to become a $19 trillion global opportunity over the next decade.   

Personal information, particularly health care information, is being exposed in more places, through more “things” and to more people every day, which is creating new risks for people, businesses, health care organizations, governments and society as a whole. People all around the world are more concerned than ever about their privacy and the security of the personal information they share with others, with good reason.

We rely on a host of different connected devices, such as smartphones and tablets, as we move from one activity to the next, interacting with a multitude of platforms, software applications, service providers and publishers. Our growing dependency on connected devices has outpaced the means to secure them. Insecure IoT devices present serious privacy and security threats.  IoT devices may offer the ability to enrich the lives and the welfare of society. However, IoT devices and the apps that support them were primarily designed to collect data, enhance user experience and make life more convenient – not to protect our privacy or security.   

People are online at home, at work and while traveling and frequently use insecure public Wi-Fi log in to websites and accounts, shop, bank, send emails or communicate with friends and family. These shouldn’t be dangerous endeavors – just parts of modern life.  Sadly, most people don’t understand that just like the cities we live in have dangerous neighborhoods, the internet is a virtual city with mostly dangerous places that you virtually walk through blind, deaf and defenseless.

So transmitting unencrypted sensitive – financial or healthcare – data online is akin to walking through a dangerous neighborhood, naked with all your money taped to your body, with ear plugs and blindfolded. Now, most people would think that’s crazy and never think of doing something like that in real life, but they virtually do it every day online.

”Privacy is intimately tied to human potential and it is an extraordinarily important aspect of democracy." – David Chaum, Inventor/Cryptographer         

The new Syfy documentary series “The Internet Ruined My Life” truly illustrates the unexpected dangers of living in an internet-obsessed society. Each episode explores what can happen when a single tweet, post or status update backfires and spins out of control. Told through first-person accounts, this series reveals how ordinary people can inadvertently ruin their lives in just one click.  Many TV shows, such as Mr. Robot and The Dark Net, and many episodes of popular drama series focused on hackers and cybercrime seems to be trending, which is a good thing. These shows are great ways to teach internet security to ordinary people living in extraordinary times.  

We can’t stop criminals from attacking us or stop other parties from trying to collect our personal information. However, every individual must manage their own privacy risks. Learning about how data is collected from us, how it is used and how our security can be compromised, and gaining an understanding of the risks and exposures we face with our daily clicks, is called awareness.

Being mindful in privacy means stopping, thinking and considering the long-term consequences associated with our daily clicks.  Mindfulness involves taking note of where and with whom we share our personal information before we do so because taking it back is not an option. Once released online, your personal information is out there forever and you don't have the luxury to unclick, undo or unpost. 

Resisting the common affliction of “clickitis”, the mindless automatic response syndrome of clicking on everything just to get it out of our in-box, is difficult in our data driven society of endless emails, texts and constant demands for our clicks.  However, our privacy is more than worth it and we need to take control, while we still can. As it stands today, in addition to clickitis, new afflictions such as FOBO or the fear of being offline or feeling left out or depressed if disconnected from the internet, have already begun to affect society. This will only worsen unless we learn to modify our behavior and become more mindful now.       

Mindfulness is a two way street. Yes, consumers must be more mindful of how they share their personal data, but businesses must be mindful too. Only collect data that is required for its intended purpose and only keep it for as long as it is needed.

According to a recent survey by the PEW Research Center, if the traditional American view of privacy is the “right to be left alone,” the 21st-century refinement of that idea is the “right to control their identity and information”. In the Pew survey, 74% of people said it is “very important” to them that they be in control of who can get information about them and 65% said it is “very important” to them to control what information is collected about them. People understand that modern life won’t allow them to be “left alone” and untracked, but they do want to have a say in how their personal information is used. Personal control matters a lot to people.

As Brandeis said, “Recent inventions and business methods call attention to the next step which must be taken for the protection of the person and for securing to the individual…”

As businesses begin to capitalize on IoT/IoE, they would be wise to implement Privacy by Design (PbD) into their strategy and consider consumer privacy rights and concerns now. PbD is an approach to protecting privacy by embedding it into the design specifications of technologies, business practices, and physical infrastructures, which means building in privacy up front – right into the design or application specifications and architecture of new systems, processes and products. Most IoT devices today operate via applications that people download on their mobile devices so it’s important to implement PbD at the mobile application development level as well. 

All businesses and the outsourced service providers that serve them, including application developers, digital advertisers and social media companies as well as their third-party vendors should make sure that they only collect and use consumer data in responsible ways with consumers’ permission and in compliance with applicable privacy laws rules and regulations. 

Businesses should ensure that publically posted website privacy notices and terms of use agreements are totally transparent about how data is handled, secured, retained, and shared with third parties. Most importantly, do what you say! Your day-to-day data collection practices should mirror what you have declared to consumers through privacy notices. Failing to do so could lead to Federal Trade Commission (FTC) actions alleging Unfair or Deceptive Trade Practices. Adopt the five FTC’s Fair Information Practices Principles (FIPP’s) of (1) Notice-Awareness (2) Choice-Consent (3) Access-Participation (4) Integrity-Security (5) Enforce-Redress, as best practices.   

Gaining proper consumer consent and providing prominent options for consumers to opt in/opt out is a minimum best practice. Proper consumer consent means an individual’s action in response to a clear, meaningful and prominent notice regarding the collection and use of data for a specific purpose. There are state specific requirements for opt in/opt out and Federal regulations to consider, such as the Children's Online Privacy Protection Act   (COPPA) – also enforced by the FTC – if data is collected from children under the age of 13. There is no “one size fits all” approach or silver bullet – every business is different depending on the industry sector, and the data that is collected, transmitted, stored, used and retained.

Time is still valuable, but data is the new money. Businesses that champion and view privacy as a social responsibility today, will be better positioned for future success. There is much value in privacy and businesses that respect an individual’s right to privacy or the right “to be let alone”, can gain a significant competitive advantage over its competitors because – privacy is a priceless commodity and consumer trust is an invaluable asset. In addition to consumer trust and competitive advantages, future employees will want to work at a company with a reputation that values their privacy, and besides, it’s the right thing to do.

Additional Resources

About the Author

Gamelah Palagonia is a senior vice president for network security, data privacy and technology errors and omissions at Willis Towers Watson. With more than 25 years of risk management and insurance brokerage experience, she is one of the first insurance professionals to specialize in online media, intellectual property, technology errors & omissions liability and cyber risks. Gamelah is a recognized thought leader in the cyber and privacy liability insurance and risk management and a frequent speaker and author on the topic.