Don’t Let Hackers Profit from Your Privacy

CERT-LatestNews ThreatsStrategic

K2 Intelligence Investigations · Compliance Solutions · Cyber Defense

These days, data sharing is more than a business—it’s an industry. Every day, data aggregators and brokers comb the internet for personal information. Because they rarely engage directly with us, we are dangerously unaware of them. 

There’s a massive amount of Personally Identifiable Information (PII)—our address and phone number, the names of our family members—about each of us available on the internet. The fine print of our banking or telecom agreements may allow for the outright sale or sharing of our information. A host of information comes from sources over which we have little or no say, such as public and governmental records including motor vehicle registrations, Social Security records, utility company accounts, and tax rolls. And we too contribute to the problem, making available much of our own PII through our social media accounts and activity, often without realizing just how much we’ve revealed.

As our lives become increasingly digital, the amount of data compiled about us and our loved ones continues to grow. The more data there is, the more that we share, the more there is to aggregate, sell, and publish. But there are ways to take control and reduce the availability of this sensitive information.

Big Data, Big Profits, Little Regulation

Every day, data brokers and aggregators mine innumerable websites. They reap enormous profits by collecting, compiling, sharing, and selling personal information to marketers, people search engines, identity verifiers, and sometimes, to those with ill intent. From garden variety identity thieves to stalkers and potentially worse, the dangers are legitimate and numerous. The growing allure of profiting from selling personal information, combined with the ease with which individuals can obtain said information, has far outpaced federal and state legislation. For example, in March 2017, Congress rolled back rules proposed by the Federal Communications Commission (FCC) to limit internet service providers from collecting and selling our information. The FCC’s rules were aimed at protecting American citizens’ PII, requiring companies to obtain permission from individuals prior to selling their sensitive information. According to Rep. Frank Pallone, the rules were simple: “First broadband providers had to ask their customers before selling any data; second the companies had to take reasonable measures to protect that data; and third the companies had to let people know if their data was stolen.” (FCC Privacy Debate, CSPAN video, located at 34:30) With limited protections afforded by privacy laws, what steps can be taken to secure our PII?

Removing PII Takes Professional Perseverance

Privacy policies of frequently visited websites, or other entities with whom you do business, should be reviewed and requests that your data not be shared with third-parties should be made where possible. But much of your PII will already be listed on data aggregation websites. Many of these sites allow you to “opt out” of their services and “delist” information, but this can be an arduous, time-consuming process—made more frustrating by the reality that data is constantly being mined and added to your profile.

Fortunately, experienced data removal experts are adept at combining tradecraft and proprietary tools to systematically scour websites across the internet to identify sites that publish your PII and then request its removal. Staying on top of these requests is a job best left to professionals as the removal process typically requires significant follow-up, perseverance, and coordination.

The importance of seeking expert help was especially evident to a couple who discovered they were about to be named in a list of ultra-high-net-worth individuals. They sought advice about how the resulting publicity might jeopardize their family’s safety, particularly that of their children. The specialists determined that the family’s address and phone numbers were readily accessible online, and immediately began the database removal process, eliminating both the husband’s and wife’s PII from aggregator databases prior to the listing’s publication.

Keeping Track of Your Digital Footprint

In addition to removal requests targeted at data aggregation websites, privacy experts also formulate baseline reports to identify each family member’s digital footprint, and in so doing determine how accessible their personal information is and where the information is located. Much of this information is unfortunately from sources without official removal processes, including information found in government records or “overshared” on social media. Specialists also conduct attribution exercises to identify PII in the hands of threatening actors and unscrupulous data sellers. When necessary, they collaborate with personal security teams and legal teams, making recommendations that help to shield client data from public availability, such as suggesting that homes and vehicles be registered to a limited liability corporation rather than a person.

In another vivid example, when a high-profile entertainer with a substantial social media following posted a controversial comment, it resulted in a mass uproar, public backlash, death threats, and revelation of his PII—including his mobile number and his home and personal email addresses as well as similar information for his family members, spouse, and parents. He immediately hired an investigative team that initiated continuous online threat monitoring, alerted police, and liaised with numerous social media platforms for removal of the content.

Take Back Control

As part of an overall digital security strategy, taking stock of your digital footprint and requesting data removal can help you maintain control over what personal information is publicly available online. Given that every keystroke leaves an indelible mark online, your family’s digital footprint is continually evolving, which makes it critical to tap the privacy expertise of those with the technological acumen and experience to move just as quickly.

https://www.jdsupra.com/legalnews/don-t-let-hackers-profit-from-your-30920/

Tagged