Data Privacy Detective

Join New York City’s Chief Privacy Officer, Mike Fitzpatrick. Explore the role of a city’s CPO. Cities must balance the interests of personal privacy and municipal operations, while complying with open records and other federal and state laws. Municipalities collect, use, and share vast databases of personally identifiable information (PII). They use PII to deter crime, advance public safety, and serve public health and other needs. Like everyone, cities can be cyber attack targets and victims of data breaches. Consider how one city’s CPO promotes a culture that embraces and protects...

Data Privacy Detective

The Data Privacy Detective returns from a short sabbatical to recommend a New Year’s Resolution for 2025 - make this the Year of the Passkey. Data privacy best practice moved from passwords to multi-factor authentication. But this has not stopped the increasing online theft of assets and identities. Password-based technology is failing to stem financial and other losses that increase each year. Passkeys are on the rise. A passkey is a form of authentication technology that simplifies our online experience and increases online safety. This Episode explores why passkeys constitute best...

Data Privacy Detective

The United States has three major credit bureaus - Experian, Equifax, and TransUnion. How they score individuals has a major impact on their lives. Credit scores can raise interest rates to double what an excellent rating would produce and can result in inability to borrow or have a credit card. How the credit rating system works is hidden to most people. The Detective turns his spyglass to how the big three credit bureaus use false data, employ algorithms that inaccurately report credit risk, and invade personal privacy without consent. Using a real time example, Episode 186 explores how...

Data Privacy Detective

October is Cybersecurity Awareness Month. For our personal data this Halloween, will it be trick or treat? In Episode 185, we explore one of the most private of all U.S. organizations - the law firm - to assess the security of private personal information. The American Bar Association reports that a quarter of all law firms have been the victim of a data breach and that 40% were not aware that they were attacked. What do insurance companies that serve law firms recommend as best cybersecurity practices? Even if best practices are followed, is the vast amount of private information collected by...

Data Privacy Detective

Two major data privacy developments from September 2024:  a Staff Report from the FTC and California’s new statute about brain data.  Tune in to Episode as the Data Privacy Detective provides meaning beneath the headlines. Neither of these was front page stuff. But each is more newsworthy than what company was sued for a data breach or whose privacy was invaded by a hacker. Staff reports are seldom covered as news. But the FTC staff report of September 19, 2024 is essential groundwork for regulation to follow soon or guidance for the next Congress that may reach across partisan...

Data Privacy Detective

When clouds gather, we prepare for storms, sometimes hurricanes. In a data world that is increasingly multi-cloud, how can we protect data that is ever more susceptible to attack by mal-actors? Enter Identity Orchestration (IO) and Identity and Access Management (IAM). Eric Olden, author of “Identity Orchestration for Dummies” - - and CEO of Strata.io, explains IO and IAM and why it is essential that privacy by design be the approach to secure data management. Defeating cybercrime through multi-factor authentication (MFA) and passwords is insufficient in the modern data environment. Learn...

Data Privacy Detective

Today’s automobiles and trucks are more than transport vehicles. Filled with computer technology,cars and trucks are data collectors and transmitters - and a potential way for hackers to steal personal information and invade privacy. The expansive use of technology in vehicles creates risks of identity theft, invasion of privacy, and even the ability to take over a vehicle’s operation for tragic purposes. A September 6, 2024 American Automobile Association post, How to Protect Your Car from Cybercrime,describes how modern vehicular technology poses cyberattack risks and offers tips on how...

Data Privacy Detective

Tune in for our August 2024 roundtable about three hot data privacy developments. Yugo Nagashima and Brio St. Amour join the Data Privacy Detective to plumb meaning beneath the headlines: The Netherland Data Protection Authority fines Uber 290 million Euros for data transfers of sensitive private information. Minnesota adopts a data privacy code. Data brokers emerge from the shadows after an enormous database hack and a call to action. Consider what happens when the European Court of Justice invalidates a U.S./EU safe harbor, and before the next one is in place, a company transfers data to...

Data Privacy Detective

We turn our magnifying glass to what some August 2024 headlines call the biggest data breach in history. One report said the entire population of the United States, Canada, and United Kingdom was hacked, with up to 2.9 billion people’s identities at risk.  On closer inspection, it appears that 2.9 billion rows of data were packaged and posted for sale on the dark web for $3.5 million. Social Security numbers and other personally identifiable information were exposed, including between 100 and 300 million Social Security numbers of Americans. This was not a traditional hack or data...

Data Privacy Detective

Microsoft announced at an April 2024 IAPP conference a preview offering called Microsoft Priva. Described as a platform that helps organizations automate how they handle and deal with personal information, Priva aims to “streamline compliance across on-premises, hybrid and multicloud environments.”   Episode 179 explores Priva as a measure of where we are on data privacy infrastructure in mid-2024. Organizations collect, process, use, share, and sell vast amounts of personal data - and are sometimes hacked for it. Legal compliance and minimizing/mitigating data breach and other risks...