Musings on Data Security

Posted on Updated on

I’m inspired… I just read an article about online privacy by Dictionary.com http://goo.gl/P3tDt9 and felt it was worthy of a posted response. With nearly 20 years experience in working with data and databases, I’ve had many opportunities to work with your personal data. Really! Read on…

I’ve worked all over the country, and with data generated from all over the world. Countless databases containing personal data have existed for decades, both in local, state and federal government as well as in the private sector. That means that from the time computers were used to collect even simple data for voters, Sears repairs, doctor’s visits, personal data has accrued for years. Even long after you’ve forgotten about it, your address, credit card, SSN data all sat in unsecured databases. Most were of crude design at first, database developers all cringe at this point because we’ve all spent loads of hours redesigning and securing these same repositories while clients and constituents remained blissfully unaware that their voter records were captured in MS Access. Or their DMV data was captured in Excel. Hey! It was automated. .. so much better than the shoeboxes of client data that was stored under desks. (Oh yes. And you thought consulting was a glamorous job.)

The beauty of it is that probably the only data element you’re still using is your social security number. You moved. The credit card number was replaced. You’ve had 16 phone numbers since you lived in Boise anyway. But believe me, if you call the County they’ll still have the data they collected in 1987… but they transferred all their access databases to secured databases within the last 5-10 years. Guaranteed.

From approximately 1990 through year 2000 or later, it was common practice, world-over, for techies to take entire databases home from work, simply because they contained the structure and test data needed to do database design work. That means that personal data was at risk to be stolen, misused or sold.

Y2K initiated an era of staring at all this data we were collecting. With it we began to make more decisions than just how many characters a YYYY field should contain.

It’s only recently that laptops are encrypted, and we’re so glad they are!

It’s only in the past 5-10 years that standards have been established to make personal data secure. SSN numbers, passwords, credit card numbers, and key data identifiers like birth data, etc. never used to be discreet to a data entry screen let alone captured on a secured website. Health information data was shared with whomever made an inquiry. Both the medical and IT industries have made enormous headway in securing data transmission.

It’s important to understand that your personal data is much less secure than you’d ever believe. It does pay to be careful but don’t bother handing your credit card to a wait staff, paying at a drive-through, or paying at the pump if you aim to be risk-free.

What is recent development in terms of online privacy is your own ability to post personal status and preferences, e.g. Pinterest and Facebook. With every post that you like or pin you’re exposing yourself to the world as to your preferences. This begs the questions, “Who cares and how much do they care?” and “How and what can they do with that data?”

Data Analytics is a fascinating aspect of the Big Data industry. It requires enormous data center operations to grind through social media data, on the scale of Google and Facebook. Analytics themselves are not intended to drill into one person’s data though they could. It leans toward conspiracy theory to believe that someone would want to isolate your choices and curtail your activities based on your social media data…. if you’re a pretty normal person posting normal things, and steer clear of crimes and such.

It would be much more likely for someone, a little-known Facebook friend for example, to develop an interest in your posts, collect them and use it to support a theory they hold about you. Note to self: choose your friends wisely.

Google Now is one positive employment of Google Analytics. I’m still not sure how much I enjoy having compiled information served up to me on my cell phone, for example the commute time to my workplace, my three appointments and the drive time required for those. A tiny bit creepy but I’m giving it a chance for a while.

Facebook ads and suggestions are sort of the necessary evil of co-existing with Facebook. There’s a limit to the power of analytics however. Analytics are intended to, er, analyze and suggest opportunities. Think: if anything Analytics are intended to make money but they only make money if you respond to one of their suggestions. If you think about it, the same suggestions are made for the person who supplies only basic demographics as the one who who posts regularly. (Analytics looks for trends so stop posting about your burnt evening meals and they’ll stop suggesting Cordon Bleu culinary school, eh?)

Professionals who have posted photos of their portfolio have exposed themselves to the possibility of one of these search engines discovering and using the photos. Those would need to be removed in order to mitigate that risk. But understand that the mistake was made in posting them not in the power of Analytics. What is a search engine going to do with photos you have posted? Attribute credit to someone else? Hardly. Your mother-in-law could more easily do that via Facebook … if they’re really of value.

Simply keep your snapshots in Instagram. Keep your Facebook posts on the charming side, and keep your tweets less than 140 characters and you’re set! Rest well; you’re not a candidate for sabotage, conspiracy theory or not.

This entry was posted in Musings and tagged , .

Leave a comment