Peek-A-Boo!

We’re reaching out to let you know about upcoming changes to the Online Privacy Policy. These changes will make it easier to understand how we collect and use data to create great online experiences for you.

Our new updated Online Privacy policy, effective June 30, 2018, includes:

• More details about the information we collect from you, how we collect the information, how we make use of the information, and how we may share the information.

• A link to the new Privacy Notice for EU Residents, which governs the handling of information about EU residents under the new European Union General Data Protection Regulation (GDPR) (effective May 25, 2018).

• Our new Statement Regarding Cookies and Other Tracking Technologies providing more details about the cookie and tracking technologies we use and how they work (effective May 25, 2018).

Thank you for being part of our Internet community.

Sincerely,

Your friends 

First of all, I must tell all you subscribers, regular readers and fans that I’ve already sold all your personal information so if you ever wonder why you are getting ads for outrageous deals on impossible items of immense worth, that was me.

Secondly, Happy GDPR Day!

I, for one, am so glad that all my privacy is protected now.

The European Union has a new law on the books for protecting data privacy. It’s the General Data Protection Regulation more commonly called the GDPR. This Friday, it goes into effect in the EU’s 28 member states.

It’s not just the household names of the Internet like Facebook that will have to comply. Health care providers, insurers, banks and any other company dealing in sensitive personal data will also be on the hook.

The regulation expands the scope of what companies must consider personal data, and it requires them to closely track the data they’ve stored on EU residents. If someone in the EU wants a company to delete his or her data, send copies of the data, or correct an error in the data, companies have to comply.

The law goes even further than that. EU residents can now object to specific ways companies are using their data, saying that they don’t mind if a company keeps the data as long as it stops using the info for a particular purpose.

What’s more, the law requires companies to notify users within 72 hours of a data breach -- something very few companies currently do.  

Information privacy, or data privacy (or data protection), is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them.

Privacy concerns exist wherever personally identifiable information or other sensitive information is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise.

Improper or non-existent disclosure control can be the root cause for privacy issues.

Data privacy issues may arise in response to information from a wide range of sources, such as:

• ·      Healthcare records
• ·      Criminal justice investigations and proceedings
• ·      Financial institutions and transactions
• ·      Biological traits, such as genetic material
• ·      Residence and geographic records
• ·      Privacy breach
• ·      Location-based service and geolocation
• ·      Web surfing behavior or user preferences using persistent cookies
• ·      Academic research

The challenge of data privacy is to utilize data while protecting an individual’s privacy preferences and their personally identifiable information. The fields of computer security, data security, and information security design and utilize software, hardware, and human resources to address this issue. Since the laws and regulations related to Privacy and Data Protection are constantly changing, it is important to keep abreast of any changes in the law and to continually reassess compliance with data privacy and security regulations. Within academia, Institutional Review Boards function to assure that adequate measures are taken to insure both the privacy and confidentiality of human subjects in research.

How will the EU enforce the GDPR?

Each member state of the EU will have its own enforcement mechanism, with one GDPR supervisor per country.

Residents can make complaints to the governing body in their respective country. Companies found in violation of the law will face fines that could be very steep. The maximum fine for a GDPR violation is 20 million Euros or 4 percent of a company’s annual global revenue from the year before, whichever is higher.

When does the GDPR take effect?

Friday. The regulation was ratified in 2016 and organizations were given a two-year “implementation period” to prepare. This grace period ends on May 25, 2018, when enforcement begins in earnest.

Does this law apply only to companies based in the European Union?

No -- and this is why it’s major international news. The GDPR applies to any organization that collects, processes, manages or stores the data of European citizens. This includes most major online services and businesses that collect, process, manage or store data. Because of this, the GDPR essentially sets a new global standard for data protection.

What kind of data does the GDPR protect?

The regulation applies to a broad array of personal data, including a person’s name and government ID numbers. It also protects information that can show a person’s activity both online and in the real world. That includes location information, as well as IP addresses, cookies and other data that lets companies track users as they browse the Internet.

How will this affect Facebook and other social-media companies?

Many large online services and social-media companies are updating their privacy policies and terms of service to prepare for the new legislation. Facebook’s response is sure to be closely scrutinized by European regulators, given the Cambridge Analytica scandal as well as past concerns about the company's data collection.

These include the kerfuffle in 2007 over the company’s controversial Beacon advertising program that broadcast user activity on partner sites. And don’t forget user uproar when Facebook and its subsidiary Instagram claimed to own user profile data and photos. The GDPR makes it much clearer that these kinds of activities aren't OK.

How will this affect me, a non-EU resident?

Facebook, Microsoft, Twitter, Apple and others have all offered users beyond the European Union some additional rights over their data.

But those rights don't have the force of law behind them, which means you can’t file a complaint against Microsoft for violating the GDPR if you aren’t a EU resident. While you enjoy these rights only as long as a company says you do, it does show that the European regulations are reshaping the way major companies approach user data.

The other way this affects you is with the barrage of privacy policy updates you’ve likely received over the past few months. Many companies crafted new privacy policies in advance of the GDPR going into effect, and then they told you about it all at the same time. 

How does the regulation affect hacks and breaches?

The GDPR requires companies that have lost control over customer data, or that’ve been hacked, to notify users within 72 hours. That’s one of the rules that carries the maximum penalty. For instance, if Facebook was found to have failed to comply, it could be liable for a $1.6 billion penalty (based on its 2016 annual revenue of $40 billion).

Are there special protections for minors?

The GDPR requires businesses and organizations to obtain parental consent to process the personal data of children under the age of 16. 

Does the US have any legal equivalent to the GDPR?

No. Most states have their own laws governing data breaches and notification requirements, and most apply to only a limited type of data: Social Security numbers and health or financial information.

The SEC recently issued guidance on how public companies should disclose breaches and risks.

Californians could be voting on a data privacy law this year, the California Consumer Personal Information Disclosure and Sale Initiative. That would let residents request copies of their data from companies, find out which third parties companies have sold their data to, and ask companies not to sell or share their personal data.

Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe.

Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is observed annually on Jan. 28.

The National Cyber Security Alliance (NCSA) officially leads the Data Privacy Day campaign and is advised by a distinguished advisory committee of privacy professionals to help the campaign align with the most current privacy issues in a “thoughtful and meaningful way”.

Data Privacy Day is the signature event in a greater privacy awareness and education effort. Year-round, NCSA educates consumers on how they can own their online presence and shows organizations how privacy is good for business. NCSA’s privacy awareness campaign is an integral component of STOP. THINK. CONNECT. ™ - the global online safety, security and privacy campaign.

The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data (PII (US)) and on the free movement of such data) was a European Union directive adopted in 1995 which regulates the processing of personal data within the European Union. It is an important component of EU privacy and human rights law.

The General Data Protection Regulation, adopted in April 2016, has superseded the Data Protection Directive and became enforceable starting on 25 May 2018.

Now don’t you feel better knowing all that? Sure we had a bunch of fun posting all this stuff about ourselves and our kids and where we lived and what we ate and who were our friends and what our political and religious feelings were, so hey, no take backs. And though that photo of you might have been 20 years ago and you might have fudged a bit on your weight, it doesn’t matter. The bad guys will hack into your computer and you will fall for their ‘too good to be true’ deals.

 

On a similar front, yesterday I walked to the mailbox and retrieved my usual array of ‘Burger coupons’ and ‘Pizza delivery specials’ and ‘we have a pair of illegal aliens who will come to your house and clean out your nasty toilet while casing the place’ when I see this envelope from Wells Fargo. You know that bank with the western stagecoach (very American) and horses (like Budweiser) and special accounts you never ordered? Since I don’t have a Wells Fargo account I figured it was just one of those ‘how would you like to change your bank’ deals. After throwing away all the other junk mail, I opened the non-descript envelope with the Wells Fargo logo in the upper left corner. I noticed that my name was not on the address so I figured it was a scam…. And I was right. It seems, according to the letter, that almost $10k was deposited in ‘my account’ but not enough cash was included so the bank had to cover $900 to balance the deposit. Wow! These guys are swell. An 800 number was printed to call for more information. Okey Dokey.  Think about this. Someone magnanimous person(s) put $9+ grand in my invisible account with a bank I don’t use and all I have to do is call this number to find out how I can withdraw it and have a big party. There was no signature of a bank official and no address or usual corporate stuff at the bottom of the page. There was no reference to an account number. The page looked like it could have been printed on an ink jet printer but properly folded.

Beware Boys & Girls!