In included a discussion about personal information security in today's environment, specifically the internet.
There are to categories of basic non-technical personal security issues.
- The federal government needs to pass a law that makes absolutely clear that the individual person is the OWNER of his/her information, and NOT the private agency collecting it. The owner then controls what is included in that information and how it gets distributed. There are laws that address portions of this topic but such laws are not comprehensive nor clear. Example, companies have long treated your personal information they collect as their's, so they could sell it to interested parties, this is why we now have a law (full of loopholes) addressing this issue. The law does not specifically state who the OWNER of the information is.
- Internet personal information security is another matter. Note that I do not use my real name in on-line forms, also my real name is NOT part of my email address. These are examples of basic personal information security. You should never put your real name "in the clear" on the internet whenever it is not required (online credit card info is one valid exception). Companies violate this basic security issue when they use an employee's real name in the company email address scheme. These basic personal security issues were taught when the Internet first came into existence, but it is NOT being emphasized today, and it should.
A few additional internet personal information reminders:
- Credit card companies never ask for any part of your card number in emails. Latest example, the bogus "Security Alert Your Credit Card Possibly Illegally Accessed" that asks to verify your credit card's security digits by replying with the digits. This one even reminded you if you had any questions to call Customer Service. Luckily the person who reported this did call and that's when they found out it was a fraud but noted that this meant the the sender already had the basic credit card number. The card had to be cancelled and a new one issued.
- Emails that include links to access your accounts (rather than saying to access your accounts via. the normal method you use) even if they look correct. Awhile back, PayPal customers were sent a fraudulent link that ended up giving the requested account info to Identity Thieves. Even the online form looked legit.
- You should think twice, no, three times about entering personal information at a WEB site that is not a secure site. Secure sites have a "https://" prefix.
We do need to bring privacy law up-to-date in general, and we need to address these two topics specifically.
No comments:
Post a Comment