About NCSA
NCSA is the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness.
StaySafeOnline.org
PROTECTING CUSTOMER DATA
Presented by Malcolm Webb, Team Lead, Ident i ty & Cyber Protect ion Services
DATA PRIVACY IS DISAPPEARING
• Personal anonymity
⚬ Physical description
⚬ Consumer choice to disclose certain data
⚬ Limited distribution of core identity info (i.e.
Social Security number, email, etc.)
⚬ Limited disclosure of finances
• Personal purchasing history
⚬ Payments by cash are untraceable
⚬ Aggregate purchasing data unavailable
• Personal activities, interests, and locations
⚬ How do consumers spend their free time?
⚬ What locations are consumers frequenting?
RECENT PAST PRESENT & THE FUTURE• Consumer profiles
⚬ Facial recognition software, mobile device cameras
⚬ Core identity information stored, accessible, and
widely distributed
⚬ Financial information can be sold
• Accessible purchasing history
⚬ Cashless electronic payments can be tracked
⚬ Purchasing data can be tracked & sold in real-time
• Activities, interests, and locations
⚬ Location is tracked via most mobile devices
⚬ Consumer interests are tracked via search engines,
social networks, etc.
AT LEAST THE BATHROOM IS STILL PRIVATE, RIGHT...
INTRODUCING THE SMART BATHROOM!
SMART BATHROOM MIRROR SMART TOILET
• Ease of e lectronic data storage
⚬ Decreasing cost of data storage
⚬ Increasing ease of s tor ing large amounts of data
⚬ Accessib i l i ty to tools to manage large amounts of
data
• Informat ion shar ing has become more widespread
⚬ Ease of d is t r ibut ing e lectronic informat ion
⚬ Rise in data aggregators provide ease of purchasing
data f rom var ious sources
WHY IS DATA PRIVACY BEING "ELIMINATED?"
Advertisers & other information seekers are wil l ing to pay for data
Most consumers are wil l ing to trade data privacy for convenience
• Mobi le and other IoT devices
• Socia l media
• Search engines
SENSITIVE PERSONAL IDENTIFYING INFORMATIONSensit ive personal ident i fy ing informat ion (PI I ) is def ined as informat ion that , i f lost , compromised, or disclosed could resul t in substant ia l harm, embarrassment, inconvenience, or unfairness to an indiv idual .
In general , Sensi t ive PI I is any informat ion that could be used by cr iminals to conduct cr imes against an indiv idual , including ident i ty thef t , b lackmai l , stalk ing, etc. Federal and state laws dictate how this informat ion must be stored, t ransmit ted, and processed.
Most people are concerned about loss of pr ivacy as i t re lates to their sensi t ive PI I .
SENSITIVE PII CAN INCLUDE:
• Social Secur i ty number
• Date of bir th
• Dr iver 's l icense & state ID
numbers
• Medical & healthcare informat ion
• Home address
• Phone number
• Mother 's Maiden Name
• Emai l
• Account credent ia ls
• Passwords
• Financial account numbers
Why Businesses Collect Data?
IF YOU COLLECT IT,YOU MUST PROTECT IT
• Nature of business• Enhance customer exper ience• Maximize ROI
What Responsibi l i ty Do Businesses Have Collecting & Using That Data?
• Protect ion of consumer & company data• Reduce r isk of potent ia l data breach• Adhere to consumer pr ivacy protect ion regulat ions,
such as GDPR & CCPA• Be transparent in the marketplace• Be mindful of sel l ing & shar ing customer data
In the EU
• General Data Protect ion Regulat ion (GDPR)
⚬ Primary aim is to give control to consumers over their
personal data, inc luding the r ight to have data deleted.
⚬ Contains requirements related to processing of personal
data of consumers res iding in the EU
⚬ Businesses must c lear ly d isc lose any data col lect ion,
declare the lawful basis and purpose for data
processing, and state how long data is being retained
and i f data is shared wi th any th i rd-part ies.
In the US
• Pr ivacy Act of 1974
• Cal i fornia Consumer Pr ivacy Act (CCPA)
⚬ State statute intended to enhance pr ivacy r ights and
consumer protect ion for res idents of Cal i fornia
⚬ Ensures companies who col lect data are held
responsible for any breach or misuse
PRIVACY LAWS EXPLAINED
• Maintain a clear separation of business and personal
accounts
• Maintain strong password security
• Use multifactor authentication
• Regularly review financial account statements and
credit report
• Use antivirus software & keep it updated
• Read the privacy policy, terms & conditions, and
security patch notes
• Consider a preemptive fraud alert or credit freeze
• Consider a comprehensive identity protection service
HOW TO MITIGATE RISKPersonal Data Securi ty
• Maintain separation of business & personal accounts
• Understand the value of your EIN/DUNS numbers
• Secure your networks
• Monitor & control physical access
• Use strong passwords & multifactor authentication
• Regularly review business financial account statements &
business credit report
• Actively maintain & manage employee accounts, including
deactivating former employees
• Provide ongoing training to all employees on security info
management & cybersecurity threats (i.e. ransomware,
malware, phishing, etc.)
• Consider a comprehensive business identity protection
service
HOW TO MITIGATE RISKBusiness Data Securi ty
• Understand your business obligations under the evolving
data privacy regulations
• Conduct audit of personnel access to all data
• Conduct 3rd-party security audit
• Collect only the minimum and necessary customer data
• Once customer data is no longer needed, destroy it
• Create a plan to store and secure collected data
• Make cybersecurity part of your company culture
HOW TO MITIGATE RISKCustomer Data Securi ty
THANK YOU!F O R M O R E I N F O R M AT I O N , V I S I T I R I S I D E N T I T Y P R O T E C T I O N . C O M
Today’s Presenter
Jennifer Cook
Director of Marketing and Communications
National Cyber Security Alliance
Keep in touch
staysafeonline.org
Twitter: @StaysafeonlineFacebook: /staysafeonlineLinkedIn: /national-cyber-security-alliance/Email: [email protected]
about:blankabout:blankabout:blank
Slide Number 1About NCSASlide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Today’s PresenterSlide Number 17Keep in touch
Top Related