Documents in Portable Document Format (.PDF) require Adobe Acrobat Reader 5.0 or higher to view. Download it now.
FDIC-Insured - Backed by the full faith and credit of the U.S. Government
Enterprise Bank
Online Banking
Enroll Now | Forgot password or PIN?
HomeResources

Data Privacy

What is Privacy?

 

In a world fully engulfed by the Internet, data is everywhere. The data could be as widely distributed as your phone number or as restricted as your social security number or personal health information. Regardless, the data belongs to the individual and every person is entitled to know how it is being used. In the wrong hands, data can do significant damage.

What is Privacy?

In the headlines, we see data breaches involving personally identifiable information (PII) and electronic protected health information (ePHI). However, what happens when these breaches occur, and what kind of damage can be done if the data falls into the wrong hands?

For some background, prior to the rise of the public Internet, people used extra locks on doors or safe deposit boxes to ensure their privacy and security. While the need for physical security still exists, digital security has become imperative to ensuring the privacy of personal data. Unfortunately, with the increase in digitalization, privacy has become more complicated to define. True privacy has become problematic to achieve as we continue to adopt new technologies to enrich our lives with entertainment or to make our daily tasks easier to finish.

Data privacy is the relationship between the collection and distribution of data, technology, the public expectation of privacy, and the legal and political issues around them. Personal data is any information that can be used to distinguish or trace an individual's identity, such as:

    • Medical records that include details such as diagnosis, treatment, medications, etc.
    • Financial data such as credit card or bank account information
    • Identification indicators such as social security numbers, passport or driver's license number, tax payer IDs, etc.

Though this data may reside in various locations with some of it publicly available, it is the combination of this data that can provide hackers with information that may be leveraged to commit fraud or identity theft.

Why is Private Data so Valuable?

Hackers often exploit security vulnerabilities within an organization's technology infrastructure to obtain valuable, private data. The data is valuable because cybercriminals can sell the data on the dark web for varying amounts of money. Certain types of data are worth more than others. For example, credit card data is valued at about fifty cents per record, while health information can sell for around seven dollars per record on the digital black market. After all, it is relatively simple to cancel your credit card but leaked healthcare information is hard to recover.

Furthermore, it does not stop with hackers. Private data tells a story about someone. Businesses also leverage data for marketing activities. Those "terms and conditions" found in certain digital agreements are often not fully read (but quickly agreed to) so users can move onto using their favorite online application. These terms and conditions often have clauses saying the authors of the application can collect, store, and share your data.

In addition, organizations often share data with third parties so they can market highly targeted products to possible buyers. Though some people may see this as an optimized way to get what they need, others consider it gross misconduct and an excessive misuse of their private data. For example, someone's search history or social media posts might indicate they enjoy classic cars. They start noticing advertisements for highly specific items such as self-help books to assist in restoring a classic car or even ads for classic cars that have been restored, though the person never expressed an interest in a book or buying a car at all.

What are Organizations Doing to Enforce Data Protection?

In the United States, many different federal and state laws or regulations require organizations to comply with various data privacy requirements. Often these compliance mandates come with hefty fines for organizations that do not adhere to them. Additionally, businesses that do not comply with these regulations and then experience a security breach resulting in the theft of sensitive data often suffer severe brand damage due to the violation of the public's trust.

The United Kingdom has established a strong stance forcing businesses to put stringent data privacy processes in place. The General Data Protection Regulation (GDPR) went into effect May of 2018. It is a global regulation that places the personal data of European Union (EU) citizens back under their control. One of the primary objectives of the GDPR is to ensure EU citizens know exactly who has their data and what organizations are doing with it, but it also empowers the citizen with the "right to be forgotten." Please note that California has recently begun to adopt a GDPR-like regulation.

Industries such has finance and banking are highly regulated, but regulations cannot always stay ahead of emerging threats. The hackers innovate quickly so organizations need security frameworks and best practices in place in order to shut down threats to data compromises quickly.

What are Best Practices for Securing Your Data?

Your data could be in many places from your bank account to your email. How secure those applications are depends on both the user of the application as well as the business that built or supports the application. Below are five security best practices to help you safeguard your data.

  1. Passwords: Create strong passwords and change them every three months. A strong password will have a mix of numbers, lower and uppercase letters and special characters. Consider using a passphrase instead of a password and include characters to replace certain letters such as "@" for the letter "a". Make sure you have a variety of passwords and are not using the same password for every site where you have a profile. If a hacker can get one password right, they can try different variations of it to access all of your accounts and sell the credentials on the dark web. If you have a smart phone or tablet, make sure to password secure the device and change it regularly.

    This might be a tedious task, but weak passwords are one of the top ways hackers compromise the systems and applications you use to steal your private data. Also, try to use multi-factor authentication applications such as Google Authenticator if the application you are securing will allow it. This ensures that it takes more than just your password to unlock your account.
  2. Email safety: A good rule of thumb is to trust your gut instincts. Does it look 'fishy'? Hackers use email 'phishing' techniques to lure you to download malware viruses so they can access the data on your computer or device. If you do not know the person sending you the email, don't open it. If you are not expecting an email with an attachment, don't open it. Even if the email is from someone you do know but the wording looks 'off', take the safe road and don't open it until you verify the email with that person over the phone or via text message.
  3. Privacy settings: Check the privacy settings on your mobile apps and even on your social media sites. For example, some applications can automatically track your GPS location if you do not turn it off in the privacy settings. Don't rely on the application to prompt you to review and change it. Take control and do it yourself.
  4. Terms and conditions: Read them very carefully for each application you use before allowing one application to access another. For example, if you use your email to auto log you in to your favorite social media site, make sure you know how each site is using your data and what data they can access. A breach can have a snowball effect and put all of your accounts in jeopardy.
  5. Update your Computer Operating System: You need to keep your operating system up-to-date for many reasons. Sometimes it needs to be updated to give you a cool new feature or ability, but it almost always needs to be updated to patch any new vulnerabilities that may put your data at risk. When you are notified there's an update, take it seriously and make it a priority to get it updated as soon as you can.