February is Data Privacy Month

dataprivacymonthEducause.edu is the sponsor of Data Privacy Month, a month-long effort to support universities and colleges with raising awareness of data privacy issues.

The month started off with Data Privacy Day on January 28th. The day reminds us that we can all do our part to help ensure our community is respectful of privacy, safeguarding data and enabling trust.

View the free webinar recording of “The Power of Privacy and the Passion to Build Something Better,” that was held on January 20th by Michelle Dennedy, vice president and chief privacy officer at McAfee.

Google Safety Center

googleWhether for work, school or personal use, you may be using Google’s products in one form or another, including an Android device, Gmail, Chrome, Google Docs or other applications. Google is committed to keeping the web safe for everyone and understands that it is a shared responsibility. They have put together a website to help you learn what you can do to protect yourself and your family online.

Topics include securing your password, managing your Google account, checking settings, and more to help you to stay secure and private when online. They also show ways to keep the bad guys out of your stuff.

There is a wealth of information included in the Google Safety Center, so it’s well worth while checking out.

Data Privacy Day and Month

January 28th is Data Privacy Day, which celebrates the effort to protect the privacy of citizens. It also kicks off Data Privacy Month, sponsored by EDUCAUSE. To get involved and learn how you or your business area can take steps to safeguard privacy online, check out some of the free available resources.

Learn more about Data Privacy Day.

Is Verizon Wireless selling your usage data?

A recent change to the terms of service (TOS) that all Verizon Wireless customers are bound to gives the company the authority to aggregate and sell customer usage and location data.  The end-goal — other than additional revenue — is to help third-party advertisers deliver more targeted adverts.  As one Verizon Wireless executive put it, “data is the new oil.”  What’s still more concerning is that the service is opt-out (meaning if you haven’t explicitly asked Verizon Wireless not to do this, they’re doing it).

Verizon Wireless customers can opt-out of this new “feature” by signing-in to Verizon Wireless and selecting “Don’t Share My CPNI”, “Don’t use my information for aggregate reports” and “Don’t use my demo-graphic info for banners.”

It is currently unknown if Verizon Wireless is aggregating the usage data of MIT corporate contract (CRU) users. IS&T’s Mobile Devices Team is currently investigating whether or not the TOS change applies to CRU lines.

Read this story in the news.

Social Networking Sites and Security

Twitter Supports “Do Not Track”

Do Not Track (DNT) is a privacy preference that users can set in their web browsers. Twitter now supports DNT and provides clients with choices about the information Twitter collects. The company provides this article explaining DNT and how to enable it when visiting the Twitter site or other web sites.

Facebook Allegedly Tracks Web Usage

In similar news, Facebook was sued for $15 billion over alleged privacy infraction. Law firm Stewarts Law announced last week that it combined 21 privacy lawsuits against the social network into a single, class-action suit. They are charging the social network with violating user privacy by allegedly tracking their Web usage.

Malware Targeting Social Networks is Spreading

On the malware front, a cross-browser extension development framework, called Crossrider, is being used by attackers to build click-fraud worms. Click-fraud occurs when attackers provide links on social networking sites that use fake advertisement modules. When a user clicks or views these ads, the malware’s creators earn money through affiliate programs. Learn more in this article by ComputerWorld.

CISPA Passes House Vote

On Thursday, the US House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA), the replacement bill for SOPA and PIPA. The White House has promised to veto the bill, and privacy rights organizations are speaking out against it. One of the legislators opposed to CISPA say that it “would waive every single privacy law ever enacted in the name of cybersecurity.” The bill’s proponents maintain that recently introduced amendments would establish “significant safeguards to protect personal and private information.”

The Electronic Frontier Foundation (EFF), which opposes CISPA, says the amendments do not go far enough. The White House says that CISPA “fails to provide authorities to ensure that the nation’s core infrastructure is protected while repealing important” privacy protections.

CISPA now moves to the Senate.

Read the full story in the news.

OUCH! Newsletter, March 2012: Email Dos and Don’ts

The month’s issue of OUCH! from SANS.org explains the Dos and Don’ts of using email. Specifically, how people can be their own worst enemy when it comes to copying the wrong recipient with auto-complete, sending an email when emotionally charged or not understanding the privacy limitations of email.  The newsletter provides in simple terms how some of email’s most common features work and how to avoid shooting yourself in the foot.

Read or download the newsletter in PDF format here.