Cybersecurity has never been as important as it is today for safeguarding crucial information. This includes information that can easily be used to identify and to compromise the personal details of our lives. Everything from bank account and transactional details to personal milestones, memories and life events are all available to access online. All of these trends are natural consequences of our increasing reliance on the internet and online activities. The sheer amount of personal data that can be retrieved online is staggering...which then begs the question: who or what is protecting all of it?
While an easy answer to the question of online security simply does not exist, we can determine the security protocols of many of the online services we use by doing some quick research. The main things to look out for are their terms of use and their privacy policy. These two together are what constitute the core ethos of the company with regards to their users’ privacy and the lengths they are willing to go through to protect it. Outside of that, it’s all about being conscious of what services you use and what information you give up in order to use it. However, despite being careful, there’s no much you can do if the service itself gets breached. In those cases, it’s all about how the company responds to and deals with online attacks.
As far as how companies must respond to security breaches, there are laws in place which require them to disclose what happened if the compromised information can jeopardize clients’ personal information and private matters. Specifically, the California data security breach notification law was enacted in 2002 and has been in effect ever since and it requires that companies notify California residents whose unencrypted information was acquired by any unauthorized person. The law is extensive in that it still requires that you be notified even if the information was leaked or hacked. This means that even if a company is not one hundred percent sure if your information was breached, they do still have to notify you so long as there is a reasonable doubt.
California’s civil law code 1798.82, while originally enacted only in California, most states have since followed suit by enacting similar laws. In fact, the California data security breach notification law was quite novel and progressive for its time as it deals with issues of cybersecurity and online privacy at a time when those areas were nowhere near as well-developed and intensive as they are today. The intent of this law is simply to ensure that the public remains aware of any successful cybersecurity attacks and to keep companies accountable for their security protocols and measures.
Since this groundbreaking law came into effective, there have been many more laws like it added in an effort to stay ahead of the security curve. The importance of strong, online encryption really cannot be understated and it was laws like these that jump started the movement.
At KAASS LAW, we believe your personal information is yours, only. If you have any doubts as to whether or not your personal data was breached, or if you have any questions about what can be done about it, then we encourage you to give us a toll free call at (310) 943-1171 to speak to our California privacy attorneys today. We can walk you through your options and we will always stand by our clients and their security.
All of the apps and online services you use track, collect and distribute your usage patterns and demographic information. However, some companies put much more emphasis on protecting the data of their consumers, whereas others go out of their way to collect and analyze as much of their users’ data as they can. The ever-increasing gap between companies’ ethos and philosophy toward user privacy has reached a turning point. On the one hand, you have companies like Apple that have built up a brand and a reputation for standing with their customers by protecting and encrypting their data as much as possible–at times even making that data completely inaccessible to Apple itself. Then again, on the other hand, you have companies like Google that go out of their way to gather as much data and information as possible from their users, without paying nearly as much thought as to how to contain and protect that data from breaches and hacks. As a consumer, these increasingly polarized attitudes and approaches toward the issue of privacy should definitely strike a chord, and at least raise some questions for thought.
One of the questions that might come to mind is whether or not you actually have any say as to how often or what kinds of data companies can collect from you. Unfortunately, the answer isn’t as cut and dry as a yes or no. The reality is that privacy laws vary immensely depending on the industry, type of service, and location of the company providing the app you are using. As such, the level of accountability and transparency that businesses must meet are quite different from one another. What this means in real world situations is that a customer cannot have universal demands or expectations from businesses and companies regarding their privacy. While this is hugely inconvenient, there is a silver lining in the form of your own decision making. Though you alone cannot control the laws governing the ins and outs of these companies, you can make an educated decision as to which services you choose to use and to what extent you wish to use them.
For example, upon creating an account for Gmail, Twitter, Facebook iCloud and the like, you will typically be presented with a series of options regarding data and diagnostics. While most folks usually just take the easy route and skip ahead using the default settings, it is definitely worth your time to stick around and explore a bit. By taking a second look at what you are agreeing to, you may notice a couple of things that genuinely surprise you. It’s amazing how much these companies can get away with gathering from your usage and many people probably would not be as comfortable using those services, if they understood the extent of the access these companies have regarding your private data. By taking a couple of minutes and reading up on your options while signing up, you can actually limit several major pieces of information that these companies have access to, such as browsing and crash data, frequency of use, and general statistics about your areas of interest and demographics.
As for the things you cannot control, there is little else you can do about that outside of finding another company that provides a similar service that values your privacy more than its data collection. Some things you can’t easily limit access to include anything the company exempts or says it needs from you in order to provide their service in their privacy policy and anything else that they can gather ‘publicly’ from your browsing or usage. Certain bits of information are personal but not identifiable, meaning that they cannot see who the data is from nor any identifying characteristics of the user. While it can definitely be scary to think of all the data these companies have collected from you, you should know that usually the data is only used internally. What this means is the company that collected your data while you used their app or service will only use that data to improve the quality and performance of their site or product. The upside of this is your data will not be pawned off to other companies, but the downside is that less and less businesses give you that level of privacy as an option.
The classic example of a company that is more than willing to sell and barter away their gathered information is Facebook. To be clear, Facebook is a company which has millions of active users and their database of users is quite diverse, covering many different spheres and communities. As such one would think that Facebook would understand and value their users’ privacy by respecting and protecting it...but no. Facebook instead takes the much more lowly route of simply hoarding as much user data as possible and then selling this data to third party companies for a massive markup and profit. Perhaps the most insulting aspect of this shady business practice is that it happens almost entirely in total secrecy, without any notice or heads up given to any of the user base. As a result of their recklessness, Facebook CEO Mark Zuckerberg has had to appear before Congress to explain the company’s actions and decision making processes, especially in light of recent hacks and security breaks which have exposed millions of users’ profiles, photos, friend lists, and other private data without their permission.
In light of these now public scandals, most consumers have reached a point where they just want to enjoy the services they need without a constant fear of being tracked and the worry of having their collected information leaked publicly. For your own privacy and security, we recommend to do some searching around to see if the particular apps and services you use have strong options for limiting the amount of data that can be gathered from your activity, as well as checking up on the overall reputation of that company as it is relevant to user privacy. Even a simple internet search can bring up any major scandals, side deals, security breaches, and common privacy concerns regarding any given company. By checking out some articles like this one here, you can learn so much more about how your data and privacy are treated on the internet and what you can do about it on your end.
Our goal here is to empower you with some of the basics regarding your rights to privacy and how data collection works on different platforms. At KAASS LAW, we stand with our clients and we believe that privacy is a right, not a privilege. If you have any other questions or concerns regarding your online privacy and how you can take control of it, don’t hesitate to get in touch with us. We invite you to reach out to us with any problems or cases you may have by giving us a toll free call at (310) 943-1171 to speak to one of our lawyers today.