June 07, 2011

Professor shares top 10 tips for protecting online personal info

Posted: June 07, 2011
Associate Professor Marilyn Prosch
W. P. Carey School of Business associate professor Marilyn Prosch co-founded one of the world's first data-privacy research labs.

Recent events have many of us questioning whether our personal information is really safe online. Federal officials are asking Apple and Google about how some of their phones track users’ locations. More than 70 million Sony PlayStation users may have had their personal information stolen in a recent computer-hacking incident, and Google says several hundred Gmail accounts were recently breached, too. Late last month, Facebook was among the companies appearing in front of legislators to talk about updating privacy laws.

An expert at Arizona State University, associate professor Marilyn Prosch, helped to create one of the world’s first data-privacy research labs. The Privacy by Design Research Lab at the W. P. Carey School of Business is working with industry leaders, under the executive advisement of Ontario Information and Privacy Commissioner Ann Cavoukian, to produce guidelines for businesses worldwide to effectively protect personal data. Prosch says businesses need to start building privacy guidelines into their data collection methods from the very start, instead of waiting for something to go wrong.

“In general, everyone in the Information Age tends to think data is an asset, and that if you can collect it, then you should; after all, it’s cheap to store,” explains Prosch. “However, businesses are starting to see this can be a liability. We teach data minimization. If you don’t need it, then don’t collect it, and only keep what you need for the required amount of time.”

Prosch recently spoke to a large, high-profile audience in Silicon Valley about what needs to be done to make things safer for Internet users and also discussed the regulatory environment related to Privacy by Design at a conference hosted by the University of California, Berkeley’s Center for Law and Technology. She is sharing her Top 10 data-privacy tips for both consumers and businesses.

Top 10 Tips for Internet Users:

1. THINK before you share your information with any site or person on the Internet.

2. Be informed! Do your homework, and read privacy policies.

3. Never log in to your financial assets, such as online banking sites, from a public network (at hotels, coffee shops, airports, etc.).

4. Use different passwords for your finances than for your social networks and games.

5. Protect your home computers by making sure your home network is closed. Otherwise, neighbors, their visitors or even someone sitting in a car outside your home may access your network!

6. Be very careful about giving your social security number out and only do so on a secured network (Look for “https,” not “http” in the website.).

7. On social networking sites, such as Facebook, make all of your privacy settings “friends only.”

8. Do not answer those 20-question lists on social networking sites. They are also questions typically asked to allow you to access many financial websites if you lose your password.

9. Periodically check your credit report. You can get one free report per year from each of the three major credit agencies. That means you can get one free every four months; put it on your calendar.

10. Do not let your children have the location-based options activated on their mobile devices, including portable game devices.

Top 10 Tips for Companies:

1. Don’t collect data just because you can. It could very well become a liability if you lose it.

2. Don’t keep data longer than you need it for a business purpose just because data storage is cheap. Again, it can become a potential liability.

3. Be honest with your customers about what data you collect and how you do (or don’t) protect it. The Federal Trade Commission will hit you with unfair and deceptive trade practices if you say one thing and do another.

4. Know what laws (international, federal, state) and regulations apply to your business and make sure you are in compliance.

5. Appropriately destroy all forms of personal information, including hard copies. Many a company has been fined for inappropriately placing forms, prescription bottles and other items into dumpsters, where dumpster divers have retrieved them.

6. Appoint a person or team in your organization, regardless of the size, to be responsible and accountable for protecting personal information.

7. Before you decide to collect a piece of information, determine its “shelf life,” so you don’t keep it forever. If you don’t define this, then it very well may become data pollution (unnecessary data that’s potentially toxic).

8. Periodically review your data practices and update them when needed.

9. Make sure the security practices are also up-to-date, appropriate and being followed.

10. Train your employees on what is and is not appropriate access, use and disclosure of personal information residing in your database. If you don’t train them, they can’t possibly know and will likely inappropriately disclose data.

Prosch thinks positively about the future for data-privacy protection.

She says, “Technology has changed so rapidly that it will take a while for controls to catch up, but data minimization is the way we are moving. We think we can clean up the current state of data pollution in the long run.”

Debbie Freeman, Debbie.Freeman@asu.edu
(480) 965-9271
Communications Manager, W. P. Carey School of Business