THE MISGUIDED USE OF THE "P" WORD

If there is one word used by business entities and organizations today which typifies's their commitment to deflecting questions from consumers relating to privacy and data security, it's the use of the word 'proprietary.'

It has to be said that it's an artful word used for getting rid of annoying consumers, journalists, and privacy advocates in emails, and other written communications because it sounds formal, and suggests to the recipient that potential legal consequences exist for those who continue to be inquisitive and seek answers to their questions. But in reality, it is just an overused word, commonly deployed as a deflector by officials who don't care, don't understand or worse know that their employer has something to hide from the public!

When it comes to consumer privacy and data security, there are no legitimate 'proprietary' techniques for collecting, collating and disseminating consumer's personally identifiable information without their knowledge and consent.  And this includes sharing their name, address and phone number with third parties.

Below are two definitions of the word 'proprietary' shown on the  Merriam-Webster Dictionary website:

1:  One that possesses, owns or holds an exclusive right to something;  specifically.

2:  Something that is used produced, or marketed under exclusive legal right of the inventor or maker; specifically:  a drug (as a patent medicine) that is protected by secrecy, patent, or copyright against free competition as to name, product, composition, or process of manufacture.

The fact is when you provide a bank, supermarket or hospital with your personally identifiable information; you are not giving them the right to own and use your personal data as they see fit forever. You are merely entrusting them with your information in order for them to identify you and better serve you as a customer or patient in the future.

It's that simple.  

Posted by 

Talk Privacy Blog at 5:41 PM 

FOR EVERY POSITIVE, THERE'S A NEGATIVE

A research project funded by Blue Cross Blue Shield of Tennesee (BCBST) which uses data from pharmacies, insurance claims and other sources to identify and combat opioid abuse appears to be a success.

In collaboration with Big Data analytics company Fuzzy Logix, BCBST analysts have been able to identify Tennesseans at risk through the use of sophisticated computer algorithms.

Combing through vast amounts of data to identify problematic or unlawful behavior with the sole mission of saving lives is to be commended.

However, for every positive, there is a negative, and once again we see a modern day example of how easy it is for our private lives to be scrutinized and evaluated based on data acquired from multiple different sources. 

While it has to be accepted that our medical records, along with our prescription records held at pharmacies are no longer private and confidential. Perhaps the bigger issue to keep in mind is that doing something as simple as paying cash for a  prescription instead of using one's health insurance plan can place us at risk of potential scrutiny by insurers and even law enforcement authorities.

The nothing to hide, nothing to fear mantra is fine until seemingly harmless behavior gets us on a suspicious activity watch list.

So gentlemen, for privacy reasons, it's probably best for the time being if you pay for your EDmedication using your health insurance plan.

For more information on this post, please feel free to contact us. 

NOTHING REVEALS MORE ABOUT YOU!

Supermarkets are a source of consumer data

Nothing reveals more about you than your personal shopping habits and traits.

When and where you shop, what you shop for and how you pay for your purchases, is all "data treasure" to organizations which make it their business to collect and sell information on us all.

Collecting and selling data on American consumers is nothing new. But advances in technology have made it possible to gather vast amounts of personal information on every man, woman, and child living in America today from multiple sources and hold that information in perpetuity.

No matter your socio-economic status or background, there are hundreds, possibly thousands of databases out there actively seeking to collect and analyze information on you every single day.

Data Brokers: Know All About You!

Most likely you have never heard of these organizations, let alone come into contact with them.  But they most definitely know who you are!

Who uses your collected data?

Primarily, collected data is still used for direct marketing and promotional purposes.  In other words, to sell you something.

But banks, government agencies (including law enforcement authorities) insurance companies, health care providers and law offices also now use this aggregated data for a variety of different purposes.

This includes identity and residence verification checks along with mode of living and lifestyle analysis.

How do they obtain your data?

For many years public record information along with completed product warranty cards, magazine subscriptions, and mail order purchases was the predominant source of information used to develop databases on us all.

Today, data from so-called 'contributors' which includes businesses prepared to betray the trust of their customers by sharing their personally identifiable information (name, address, telephone, etc.) with third party organizations known as data brokers is common practice.

Interestingly, data brokers are often described in consumer privacy notices as business partners or affiliates.

Both privacy advocates and consultants who work in the consumer data industry agree that privacy notices are open to interpretation and prone to ambiguous or intentionally misleading statements.

So, when you are out and about shopping, remember that you are leaving trails of personal data behind you, which will be collected, analyzed and most likely go towards your so-called bucket profile.

THE PRESIDENT'S A PAST VICTIM TOO!

President Trump

The scourge of the banking and financial services industry is employees who share customer information with unauthorized third parties or worse, who operate illegal sideline businesses selling private and confidential customer data.

Recipients of this stolen data include disreputable attorneys, journalists, private investigators and of course scam artists, including identity thieves.

This is not a new problem.  In fact, over the decades, employees at some of America's biggest banks have been identified selling confidential customer information to persons who have absolutely no lawful purpose in acquiring it.

A bank with a long history of employees abusing the privacy and personal data safety of customers is Bank of America.  

Even the President of the United States, Donald Trump, allegedly fell victim in the early 90's to executives at Bank of America (formerly National Westminister Bank USA) sharing specific details relating to his then troubled loan accounts with unauthorized third parties.

National Westminster Bank USA

National Westminster Bank USA was acquired by Fleet Financial in 1996 and in 2004, became part of what is today Bank of America.

Some of the most egregious examples of bad behavior by employees at Bank of America over the past two decades included senior executives supporting (or at the very least turning a blind eye to) the use of identity fraud as a business tool to expedite debt collection operations.

In fact, loan officers and attorneys employed at the banks Managed Asset Division (also known as Corporate Services) located in Hartford, Connecticut, and Providence, Rhode Island, were allegedly observed using the services of identity fraudsters to speed-up debt collection operations using a social engineering technique known as "pretexting."

Specific information sought often included customer data from competitor banks, payroll records from employers and even on occasion taxpayer data from government agencies.

OCC Seal

But perhaps most surprising of all was the fact that local and state law enforcement authorities were aware of this unlawful conduct but allegedly kept off the case by highly protective bank regulators.

This included the Office of the Comptroller of the Currency(OCC) which reportedly cited 'federal preemption' laws when intentionally shielding corrupt Bank of America's employees and contractors from possible prosecution by local jurisdictions.

To paraphrase two OCC officials who spoke 'on the record' in 1998 and 2010, "the function of the Comptroller's Office is to ensure the safety and security of the banks it supervises and not necessarily the interests of the American public."
How troubling is that?

IF I HAVE LEARNED ANYTHING IN 2016

If I have learned anything in 2016, it's that many businesses, healthcare providers, and even government agencies remain reticent when it comes to discussing what steps they take to protect our privacy and personal data. 
That's unfortunate in so many different ways.

Here are three examples why.  

First, it tells us that (customer, patient or taxpayer) privacy and personal data safety is not a priority with their executive management team. 

Second, the cost and inconvenience of putting in place practices and procedures for allowing transparency and openness relating to consumer privacy and data protection most likely cost's too much.

Third, they probably have something to hide. Could be they are sharing (selling) consumer data with third parties!

Whatever the reason, there is also a good chance that those in charge falsely believe that consumer data protection along with identity fraud prevention is an irritating fad promoted by law enforcement officials, security consultants and bloggers who have too much spare time on their hands.

Further, that internal measures for protecting consumer data are adequate and that anyone asking about how their personal data is used and above all protected should be treated with suspicion.

After all, data breaches and hacker attacks only happen to ADP, Adobe, Blue Cross BlueShield, Facebook, Hilton Hotels, Home Depot, JP Morgan Chase, Target, the State of South Carolina and Yahoo!  

No one else!

Happy New Year!