About NCSA

NCSA is the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness.

StaySafeOnline.org

PROTECTING CUSTOMER DATA

Presented by Malcolm Webb, Team Lead, Ident i ty & Cyber Protect ion Services

DATA PRIVACY IS DISAPPEARING

• Personal anonymity

⚬ Physical description

⚬ Consumer choice to disclose certain data

⚬ Limited distribution of core identity info (i.e.

Social Security number, email, etc.)

⚬ Limited disclosure of finances

• Personal purchasing history

⚬ Payments by cash are untraceable

⚬ Aggregate purchasing data unavailable

• Personal activities, interests, and locations

⚬ How do consumers spend their free time?

⚬ What locations are consumers frequenting?

RECENT PAST PRESENT & THE FUTURE• Consumer profiles

⚬ Facial recognition software, mobile device cameras

⚬ Core identity information stored, accessible, and

widely distributed

⚬ Financial information can be sold

• Accessible purchasing history

⚬ Cashless electronic payments can be tracked

⚬ Purchasing data can be tracked & sold in real-time

• Activities, interests, and locations

⚬ Location is tracked via most mobile devices

⚬ Consumer interests are tracked via search engines,

social networks, etc.

AT LEAST THE BATHROOM IS STILL PRIVATE, RIGHT...

INTRODUCING THE SMART BATHROOM!

SMART BATHROOM MIRROR SMART TOILET

• Ease of e lectronic data storage

⚬ Decreasing cost of data storage

⚬ Increasing ease of s tor ing large amounts of data

⚬ Accessib i l i ty to tools to manage large amounts of

data

• Informat ion shar ing has become more widespread

⚬ Ease of d is t r ibut ing e lectronic informat ion

⚬ Rise in data aggregators provide ease of purchasing

data f rom var ious sources

WHY IS DATA PRIVACY BEING "ELIMINATED?"

Advertisers & other information seekers are wil l ing to pay for data

Most consumers are wil l ing to trade data privacy for convenience

• Mobi le and other IoT devices

• Socia l media

• Search engines

SENSITIVE PERSONAL IDENTIFYING INFORMATIONSensit ive personal ident i fy ing informat ion (PI I ) is def ined as informat ion that , i f lost , compromised, or disclosed could resul t in substant ia l harm, embarrassment, inconvenience, or unfairness to an indiv idual .

In general , Sensi t ive PI I is any informat ion that could be used by cr iminals to conduct cr imes against an indiv idual , including ident i ty thef t , b lackmai l , stalk ing, etc. Federal and state laws dictate how this informat ion must be stored, t ransmit ted, and processed.

Most people are concerned about loss of pr ivacy as i t re lates to their sensi t ive PI I .

SENSITIVE PII CAN INCLUDE:

• Social Secur i ty number

• Date of bir th

• Dr iver 's l icense & state ID

numbers

• Medical & healthcare informat ion

• Home address

• Phone number

• Mother 's Maiden Name

• Emai l

• Account credent ia ls

• Passwords

• Financial account numbers

Why Businesses Collect Data?

IF YOU COLLECT IT,YOU MUST PROTECT IT

• Nature of business• Enhance customer exper ience• Maximize ROI

What Responsibi l i ty Do Businesses Have Collecting & Using That Data?

• Protect ion of consumer & company data• Reduce r isk of potent ia l data breach• Adhere to consumer pr ivacy protect ion regulat ions,

such as GDPR & CCPA• Be transparent in the marketplace• Be mindful of sel l ing & shar ing customer data

In the EU

• General Data Protect ion Regulat ion (GDPR)

⚬ Primary aim is to give control to consumers over their

personal data, inc luding the r ight to have data deleted.

⚬ Contains requirements related to processing of personal

data of consumers res iding in the EU

⚬ Businesses must c lear ly d isc lose any data col lect ion,

declare the lawful basis and purpose for data

processing, and state how long data is being retained

and i f data is shared wi th any th i rd-part ies.

In the US

• Pr ivacy Act of 1974

• Cal i fornia Consumer Pr ivacy Act (CCPA)

⚬ State statute intended to enhance pr ivacy r ights and

consumer protect ion for res idents of Cal i fornia

⚬ Ensures companies who col lect data are held

responsible for any breach or misuse

PRIVACY LAWS EXPLAINED

• Maintain a clear separation of business and personal

accounts

• Maintain strong password security

• Use multifactor authentication

• Regularly review financial account statements and

credit report

• Use antivirus software & keep it updated

• Read the privacy policy, terms & conditions, and

security patch notes

• Consider a preemptive fraud alert or credit freeze

• Consider a comprehensive identity protection service

HOW TO MITIGATE RISKPersonal Data Securi ty

• Maintain separation of business & personal accounts

• Understand the value of your EIN/DUNS numbers

• Secure your networks

• Monitor & control physical access

• Use strong passwords & multifactor authentication

• Regularly review business financial account statements &

business credit report

• Actively maintain & manage employee accounts, including

deactivating former employees

• Provide ongoing training to all employees on security info

management & cybersecurity threats (i.e. ransomware,

malware, phishing, etc.)

• Consider a comprehensive business identity protection

service

HOW TO MITIGATE RISKBusiness Data Securi ty

• Understand your business obligations under the evolving

data privacy regulations

• Conduct audit of personnel access to all data

• Conduct 3rd-party security audit

• Collect only the minimum and necessary customer data

• Once customer data is no longer needed, destroy it

• Create a plan to store and secure collected data

• Make cybersecurity part of your company culture

HOW TO MITIGATE RISKCustomer Data Securi ty

THANK YOU!F O R M O R E I N F O R M AT I O N , V I S I T I R I S I D E N T I T Y P R O T E C T I O N . C O M

Today’s Presenter

Jennifer Cook

Director of Marketing and Communications

National Cyber Security Alliance

Keep in touch

staysafeonline.org

Twitter: @StaysafeonlineFacebook: /staysafeonlineLinkedIn: /national-cyber-security-alliance/Email: info@staysafeonline.org

about:blankabout:blankabout:blank

Slide Number 1About NCSASlide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Today’s PresenterSlide Number 17Keep in touch