As mobile phones, laptops and wearable devices proliferate, they become our portals to the wider Internet. We use them for work, to shop, to communicate with friends and family and to track our daily health practices. In fact, mobile devices have become the key repositories for much of our personal data.
The Rise of Mobile, the Fall of Privacy
In parallel with this mobile device boom, data breaches have become more common, exposing more people to the possibility of identity theft and/or financial loss. According to a 2018 Harris Poll survey, almost 15 million consumers were hit with identity theft in 2017 and approximately 60 million Americans were affected in one way or another.
Perhaps the biggest data breach expose of 2018 was the revelation by Marriott International that hackers had broken into its Starwood guest reservation database and accessed the files of up to 500 million people.
According to Marriott, the information included names, addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, Starwood loyalty program account information, and reservation information. For some customers, the thieves also got their hands on credit card numbers and expiration dates, which Marriott says were encrypted.
With more of our personal data sitting ripe for hacking in corporate databases, consumers are looking to state and national governments to make data protection a priority.
GDPR, the First Step Towards Regulation
Last May, the European Union (E.U.) took the lead in consumer data protection by rolling out the General Data Protection Regulation (GDPR), arguably the first and best wide-reaching legislation designed to protect consumers from the proliferation of data theft. The law gives consumers the right to control their own data by opting in or out of any data gathering. It also gives consumers the right to know the purpose and destination of all data handling processes and the ability to access, port, modify or delete/anonymize their personal information.
While the GDPR, as written, applies to businesses and people within the European Union, it has had widespread effect across the globe. Companies located outside the E.U. that do business within Europe have had to adjust their data collection practices to comply with the law.
Image courtesy of Gemalto's Breach Level Index.
GDPR has generated all of sorts of misconceptions, and many professionals mistakenly ignore it and its reach. In reality, GDPR will make an impact outside of the E.U as it is slowly implemented. The regulation will affect how we do business, and how these business' data is handled by enterprises.
Prey's services themselves covers sensible ground in the legislation. IT managers of all sorts (schools, businesses, hospitals) will have to re-define how they track data, and be aware of how the software they implement does it too.
Data Regulations in the US
Although there is no uniform federal privacy law like the GDPR in the United States, in July, 2018, Senator Mark Warner (D.VA) proposed a sweeping federal data privacy law that would rival the GDPR.
Meanwhile, many states, long the incubators of change in America, had already implemented consumer data protection laws, which can be found in Arkansas, California, Connecticut, Florida, Indiana, Kansas, Maryland, Massachusetts, Minnesota, Nevada, New Mexico, Oregon, Rhode Island, Texas and Utah.
Other states have proposed and, in some cases implemented laws that rival the GDPR. Last June, California passed the California Consumer Privacy Act of 2018 (CCPA). The law, which will go into effect in 2020, provides consumers with many of the same protections as the GDPR, giving them new rights as to how their data can be collected and used.
What’s more, Vermont has passed a law regulating data brokers, and Colorado passed a law that also protects consumer data. Most recently, the State of Washington introduced the Washington Privacy Act, which would rival the CCPA in its ability to police the use of consumer data.
So while data protection laws are moving forward on a state-by-state basis, no blanket federal data protection law exists.. In the coming year, we will learn of more data breaches at big retailers and financial service providers, and the digital identity of millions more Americans will be compromised. .Here are steps you can take to keep your personal data, and your mobile devices safe from theft.
5 Steps Towards Protecting Your Personal Data
1. Learn Your Rights
While there is no single, federal data protection act, there are several independent acts that impact data privacy. These include: the United States Privacy Act of 1974, the Safe Harbor Act and the Health Insurance Portability and Accountability Act.
As noted above, many states do have laws that are designed to protect their residents’ digital identity. Run a quick search to see how far your state’s laws go. Also, be sure to read the data privacy statements maintained by any bank or retailers that you have a credit card with. These institutions regularly update their privacy policies and are required to share them with their customers.
2. Keep Tabs on Your Credit Rating
In the U.S., the three credit rating bureaus Equifax, Experian, and TransUnion are tasked with tracking consumers’ credit history. The federal site Credit Reports and Scores provides helpful information on how to check your credit report, correct any errors and find out what your credit score is.
If you are truly concerned that your personal information has been stolen, it is possible to freeze access to your accounts at each of the tree agencies. This will prevent data thieves from re-purposing your data to take out credit cards or even a mortgage in your name. You just have to remember to reverse the freeze next time you need to give a bank or retailer access to your information.
3. Secure Your Mobile Devices
A lost or stolen mobile device can provides thieves with a gateway into your personal information. This is especially true if your device is unlocked, so use a PIN or fingerprint. It’s important to protect each of your devices with security software that will help you lock and encrypt your personal data if you think your device has been stolen.
The best applications also allow you to remotely wipe a device or even track the device via GPS technology, take photos of whoever is using the device and allow you to share that information with police. Ideally, an app will help you retrieve your device. In a worst-case scenario, it will remove your personal data before bad actors have a chance to steal it.
4. Check Your Personal Surroundings
In a survey of 2018 missing device reports from its customers, Prey discovered that misplaced devices were responsible for the vast majority -- 69 percent -- of all devices reporter missing in 2018.
Ultimately, the inaugural Prey Mobile Theft & Loss Report determined that mobile device owners are a greater threat to their devices than are thieves and that, when if comes to device theft, the most comfortable and familiar places, such as offices, homes or schools, can be the least safe.
5. Vigilance against phishing attacks
Mobile phishing attacks and spear phishing emails are crafted to look real but are not. These texts and emails are designed to trick recipients into clicking on malicious URLs are up 85% in the last year. Be careful about opening file attachments, especially PDF documents.
Don’t open questionable attachments unless you are 100% sure you know who sent it. If you double check, you’ll probably see it comes from an unusual email, like email@example.com, or an altered version of a trusted brand like your bank, Google, or a package delivery company.