by Dave Moore, 1-5-19
As if the world wasn’t crazy enough, now we need to protect our PII (Personally Identifiable Information) from exploitation and exposure on the Internet. It’s a serious situation, one where dealing with it is no longer optional. If you don’t deal with it, others will deal with it for you.
Learning how Internet safety works has never been more important. For a free, one-night crash course on Internet safety (complete with homework), come to the new Norman Public Library Central location January 15, 2020, at 6:30pm and take my class, “Fight The Internet Bad Guys & Win!” Sponsored by McClain Bank, Michael Monroe Allstate Insurance and The Norman Transcript, it will put you on the right path to Internet safety and security. Visit internetsafetygroup.com for more information. Contact the Library at (405) 701-2600 to register.
“There’s nothing important about me on the Internet. All I ever do is look at email, pay my bills, check my bank balance and do a little online shopping. Why should I care about all this safety and privacy stuff?” I’ve heard that old saw more than once. The answer is simple; it’s called “profiling.”
Like it or not, practically everyone in the world has multiple bits of PII scattered across numerous Internet databases. Legitimate businesses and criminal bad guys alike gather this information, assemble it into useable groups called “profiles” and then sell, trade and give away those profiles with one goal in mind: to extract money from you, either legally, or illegally. Every bit of information that can be found about you is in your online digital profile. It’s big, big business, bigger than could ever be explained in a single newspaper column.
Leading the charge into the PII melee are the world’s biggest companies like Amazon, Apple, Google, Facebook, Microsoft, and yes, Target and Walmart. Pretty much all the other companies in the world look to them to define what is and is not acceptable when it comes to invading people’s privacy as an everyday business practice. Running a close second to global mega-businesses are the Internet crime cartels, buying, selling and exploiting PII profiles like so much bubble gum and candy.
Things are changing in favor of privacy in some areas, though. In response to years filled with disasters like the great Equifax database hack of 2017, the Facebook/Cambridge Analytica PII theft revealed in 2018, and up to 4 billion records hacked, stolen and “breached” in 2019 alone, laws have been passed and are starting to be enforced.
Big changes began to shape up in 2018 with the implementation of the General Data Protection Regulation (GDPR), designed to protect the privacy of all individual citizens of the European Union and the European Economic Area. Following that, The California Consumer Privacy Act (CCPA), which became effective January 1, 2020, is a state statute intended to enhance privacy rights and consumer protection for residents of California.
What do these laws mean for everyone else? Well, since most companies want to do business with both Europeans and Californians, many of them are taking some (if not all) of the GDPR and CCPA rules and applying them to all of their customers, regardless of where they live. This means you can demand companies show you the contents of your online profile, and insist they not sell, give away or otherwise “share” that information with anyone else. You can even make companies delete your PII from their databases, and opt out of further information collection.
So-called “do not sell” buttons and links are already showing up on numerous websites, usually found at the bottom of the home page. Walmart has, as of today, January 2, three separate sections titled, “CA Privacy Rights,” “Do Not Sell My Personal Information,” and “Request My Personal Information.” Don’t get too excited, though; unfortunately, there is also a notice that says, “These rights are for California residents only.” Target has a similarly lame policy; only California residents need apply.
In contrast, Home Depot has taken a much more inclusive approach. All the way down at the bottom of homedepot.com, in a tiny font, is a link that says “Do Not Sell My Personal Information.” Click it, and your choices are, “Get My Information,” “Delete My Information,” and “Opt Out of Sale,” with no mention of being a California resident, whatsoever.
These developments are only a small step in the right direction. Lawmakers in Oklahoma and the other 48 states need to get with the program. Maybe a federal law is required. That would be a shame, as businesses could just step up and do the right thing without being forced to.
Dave Moore has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.com