PRIVACY + SECURITY BLOG

News, Developments, and Insights

Privacy Cartoon: Know Your Data

Privacy Awareness Training Cartoon

Here’s a cartoon I created.  It involves several Fair Information Practice Principles (FIPPs) and privacy best practices.  The ones involved (and not heeded) in this cartoon are doing a data inventory, informing people about the purposes of the collection of their data, using data for only those purposes, and not keeping data longer than necessary to accomplish those purposes.

For many organizations, there is a lot of data collected that gets stored and forgotten, or that is collected with no apparent purpose in mind.  Data inventories are a great way to take stock of this data and determine whether it is really necessary and appropriate to keep it.

Poster Privacy Awareness Training Know One's Data

Continue Reading

How Companies Help Phishers and Fraudsters

Privacy Choice forms

A friend of mine recently received in the mail a letter purporting to be from Citibank.  It contained a sheet of paper saying: “Please see the enclosed for information regarding your Citi Mastercard Customer Credit Card account ending in [last four digits] issued by Citibank USA, N.A.”  Inside the letter were two little brochures – a notice of change to Citibank’s policies; and a complete privacy policy with an opt out form at the end.

She went to Citibank’s website and downloaded their privacy policy and noticed some suspicious differences between the opt out form in the letter [on the left] and the one from Citibank’s website [on the right].

Two notable differences are: (1) the form from Citibank’s website has a toll free phone number you can call to opt out; the form in the letter does not; (2) the addresses of the processing centers where the opt out forms are to be sent are different.

So my friend then called Citibank to find out what was going on.  Had a fraudster acquired a card in her name?  Was the letter an elaborate fishing scheme?

My friend recounted the conversation the best she could so I could recreate it on this blog.  This is reconstructed from her memory, so it’s not exact.  Although the transcript below doesn’t contain the precise words spoken, it hopefully will capture the gist of the conversation.

Click on the continuation to read more.

Continue Reading

If It’s Against Your Privacy Policy, Just Change It

Social Security Administration

According to an article in the NY Times, documents obtained by the Electronic Privacy Information Center from the Social Security Administration (SSA) reveal that the SSA disclosed personal information in response to FBI requests after 9-11:

Continue Reading