Recently I saw an interesting image on twitter from @darrencauthon. The image was a television with an alleged FBI notice notifying the individual that their new smart TV had “suspicious files” and that they were being penalized $500 before they could use their TV again. All of this is accompanied by legal jargon meant to frighten the user into believing the hoax. The bottom of the note is even signed by FBI Director James Comey himself apparently. This is your classic example of ransomware and I immediately had a thought on what may cause this issue. Continue reading this post…Posted on January 4, 2017 by Ben Siegel - No Comments
Within 24 hours, I have had some interesting interactions with strong, or sometimes not-so-strong, passwords. I figured now was a good time to go over some of the pitfalls you might encounter when trying to implement a new password policy for your customers or employees.
A few weeks ago, I was auditing a CIPP/US class that Bob Siegel was teaching on behalf of the IAPP. Someone brought up the idea of openness and allowing individuals access to the data you have about them. At this point, Bob discussed the principles behind this, such as how the OECD Guidelines approach it. Bob also mentioned that under GDPR (and the EU Privacy Directive) a user should be able to see and correct information an organization has about them.
Bob then mentioned it would be interesting to see what would happen if I asked a company about what data they had about me. I immediately thought of Facebook.
Recently, a large number of YouTubers and other celebrities have been “hacked” or lost control of their accounts. The truth of the matter is that they aren’t being hacked, but instead the person taking control of these accounts is just having others do it for them. The people and groups helping them are not who you think. They are not hackers, black market data dealers, or even criminals, but they are customer service representatives and other professionals who are meant to protect your data.
If you attended our most recent quarterly data breach review, you probably heard a new term: “metagame.” The idea, put in its simplest form, is to take information from outside a scenario and use it to influence your choices. It is amazing how using information that is not necessarily inside your environment can allow you to adjust and prepare for a lot of scenarios. This in turn keeps you ahead of the game.
One question that I am frequently asked is “what is the difference between privacy and security?” It sounds simple enough, but the response often gets complicated. Maybe an analogy will help. Continue reading this post…Posted on May 24, 2016 by Bob Siegel - No Comments
Throughout my years in IT, product management, software development, and systems analysis, my Mother never understood what I do. It hasn’t been her fault, but mine; I couldn’t explain in “plain English” what I did. Since becoming a privacy professional she now understands. It may be not as good as being a doctor, but at least she can explain it to her friends.
Irony is a state of affairs or an event that seems deliberately contrary to what one expects and is often amusing as a result. So when I got a phone call asking to speak with Bob Siegel about his room for the upcoming IAPP Summit, I was surprised by the ironic situation I was faced with. After all, one would expect that an event specifically about privacy would not be dealing with issues like phishing.
Very common questions we get from clients are how much information should they collect and how long they should keep it. The standard answer is always to collect only what you need to do business and get rid of it when you no longer need it. Now the questions become what information is truly needed and when is it no longer going to be used?
Regardless of the technology you put in place, the safeguards you have implemented, and the training you have provided, ultimately the success of your privacy program relies on the individuals in your organization. The most recent example of this came at the expense of the US National Women’s Soccer Team (USWNT). Continue reading this post…Posted on February 8, 2016 by Bob Siegel - No Comments
May 10, 2017
September 18, 2017Continue reading this post...
August 14, 2017Privacy Ref works with our clients to improve their business and operational practices for protecting personal information. Increasingly our clients’ have been looking for services to supplement their security practices, tools, and expertise. CyberDefenses fills this role. Continue reading this post...