Helping you organise and protect your personal information

Friday, September 9, 2011

What is your Personal Information Worth?


So how do Google and Facebook make their money? From your personal information!

All of those search terms you enter, that information you place on your Facebook wall, those paces you decide to click to are all available to Google and Facebook and the like to store and analyse so they can understand who you are, what you are interested in. As a result, they are able to sell advertising to people who want to sell you something or influence your views in some way. Yes, essentially Google and Facebook make their money off your personal information.

So how can you start to realise some of that value for yourself? You need to start thinking of your information as an Asset. Earlier this year the World Economic Forum published a report entitled "Personal Data: The Emergence of a new Asset Class". The paper acknowledges input from a diverse group of people ranging from employees of a range of major corporations (including Google), educational institutes, and other parties interested in this area.

The paper introduces many concepts and thoughts about the area of Personal Information, including how better use of personal data offers untapped opportunities for socioeconomic growth and how we need to create a balanced ecosystem around personal data to ensure that the interests of all parties are taken account of.

There are also some interested in scenarios and principles presented that are well worth reading to help you understand how different the world could be in the future if we all better managed our personal information within the frameworks presented in this paper.

I cannot do justice to this paper in this post so if you are at all interested in this area, take the time to click here to go to a page where you can download the full paper which is an easy 40 page read. If you want to learn how you can start treating your personal information more as an asset and start to derive some value from it, then I recommend this paper as one of the most useful I have come across. Have a read and I look forward to hearing your thoughts via this Blog.




 

Monday, August 29, 2011

What are some simple ways to protect your Identity?

In some ways it is obvious, Identity theft is more likely to occur if you make it easy for someone to take and use your identity information.

Here are a few things you can do to help prevent that happening.

1. If you are asked for your Identity information, ask why they are asking for it and what they will do with it.

2. Keep documents that are used to establish your identity (e.g. Birth Certificates or Passports) in a very safe place. Ideally in a physical safe if you have one.

3. Do not write down PIN Numbers or passwords. If you cannot remember them all then make use of software like myINFOSAFE to store then and keep them safe but accessible.

4. Identity crime does not always result from information that is stolen, but from information that you publish on the internet. It is best not to publish information like your birth date on the internet. Often organisations will user date of birth as one of the verification questions when identifying you and if people can find this out they can easily impersonate you).

5. Be suspicious of any unexpected events (Letters from Creditors, bank transactions you cannot remember making) that could be a result of identity crime.

6. If you have sensitive information on your mobile phone, keep it password protected. It can be inconvenient we know but there is often a significant amount of information on phones that help people steal your identity.

7. Remove all personal information from personal computers before you dispose of them.

8. Make sure you properly dispose (shred or burn) of bank statements, electricity bills, and any piece of correspondence with your name or address on it. These documents should never be put in public recycling bins. Consider getting your statements provided online - it is good for you and the environment as well.

9. Passwords are often sent to you via email when you sign up for new services. Go to your email and search all folders, including your deleted items, for the word “Password”. Check all the emails that are returned and make sure you transfer all the information into myINFOSAFE, or a similar digital safe, to ensure no one with access to your PC could find your passwords.

10. If you believe you are the victim of identity crime, contact the police.

We will be publishing a free guide to preventing Identity theft on our website soon. If you have any other ideas or thoughts that we should include then please let us know.

Thursday, August 18, 2011

Would your loved ones have the information they need if something was to happen to you?

One of the main reasons customers tell us they value myINFOSAFE, is that they know that if something was to happen to them, then their loved ones would be able to access all the information they need, in one secure place. This could be just when you are away from home on business or visiting friends, or could be in the event of a major illness or accident, or in the worst case, when someone passes away.

Just think about the scenario; would they know what insurance cover there is in place, would they know where your Will and other important documents are; do they know the details of your past health. and that of other family members; could they log onto banking websites so they can know what money is available and what bills need to be paid regularly; would they know what investments there and when they mature etc.

We have been researching Wills and estate management situations recently, and not only can it be a stressful and emotional time in dealing with the grief over the loss of a loved one, but it is often an expensive and time consuming process as well. It is clear to us that the process of administering an estate is completed much easier, and significantly less expensively, if relevant up to date information is available.

We encourage our customers to make sure someone you trust knows how to access myINFOSAFE in times of need. This can either be letting someone know where to find the password if needed, or by providing them a copy of myINFOSAFE with your information on a USB stick so that they can access in an emergency. You could even print out the relevant pages from myINFOSAFE and provide it to someone to keep in a safe place for when it is needed.

So take this as a reminder for you to go and check if you have all your personal information up to-date and that some one knows how to access it. It is surprising how key information can change overtime. You will also gain benefit from being able to access the information yourself when you need it.

Tuesday, August 9, 2011

Is your Personal Information Worth Anything?

A recent World Economic Forum (WEF) report titled Personal Data: The Emergence of a New Asset Class proposes that your personal information is very valuable. In fact it quotes Meglea Kuneva, the European Consumer Commissioner as saying “Personal data is the new oil of the internet and the new currency of the digital world”.

Clearly Google and Facebook understand this as they make their money of the personal information you enter into their services. They analyse and mine this information and gain the vast majority of their revenue from helping advertisers match their messages to people interested in their products and services. In turn these revenues are driving the high valuations of these companies and making their shareholders rich from your information.

People are starting to realise not only the value that is being derived from their information, but the issues with privacy related to their information being on the internet. One of the reactions we have seen as a result, is a significant number of people deciding to stop using social media sites like Facebook (In the USA alone 6 Million Facebook users cancelled their accounts in May this year).

So if our information is an asset how do we get value from it? There is no silver bullet here and this will take a lot of thinking from individuals, governments and private companies to find the right mix of controls and incentives to find a new balance.

The WEF report proposes a vision of the future as follows:
• Individuals can have greater control over their personal data, digital identity and online privacy, and they would be better compensated for providing others with access to their personal data.
• Disparate silos of personal data held in corporations and government agencies will be more easily exchanged to increase utility and trust among people, private firms and the public sector.
• Governments need to maintain stability, security and individual rights will meet in a more flexible, holistic and adaptive manner.

What is clear to me is that there needs to be change from how things work today and there will be solutions that emerge in the market that will contribute to the new models going forward. Clearly the Personal Data Ecosystem Consortium (PDEC), of which I am part of, will be one pare of the solution.

For those interested in this area click here to visit the PDEC Website. The WEF report can be downloaded from the "About" page on this website.

Friday, July 29, 2011

Are you keeping up with Smart Phones?

Smart Phones are everywhere and they're not just being used to make phone calls. Over 60 per cent of the use of Smart Phones is now for social networking, email, browsing the net, conducting business activity, listening to music, taking pictures and playing games.

This change of use often means there is significant personal information either stored, emitted (e.g. location and usage) or accessible from your Smart Phone. These added functions offer real benefits to users but also risks, not only to the individual, but to businesses. But firstly, what is driving this market growth in Smart Phones?

Apple gave the market a real move-on kick over the last few years with their stylish iPhone range. This has been so succesful that it has helped Apple become the world's second most valuable company behind Exxon. Such market dominance attracts competition though, and we have seen phones using Google's Android operating system recently overtake Apple in terms of devices being shipped. Meanwhile, traditional phone vendors such as Nokia have fallen well behind.

The growth in this market also comes at the expense of the PC market. IDC is telling us that in the fourth quarter of 2010 there were more Smart Phones sold globally than PCs as more people make their phone their primary IT device.

This trend is not abating and we have seen the traditional PC market players realising the importance of the Smart Phone market and start investing to be part of it. For example, HP has recently launched their Veer Smart Phones and Microsoft is attempting to shore up market share by purchasing Skype and has teamed up with Nokia who is now shipping their new phones with the Windows operating system at their core.

Traditional mobile telecommunication carriers are also being impacted. They see the value in their brand diminished by the brand of the device manufacturer and application provider and risk being relegated to providers of core infrastructure bandwidth alone.

This growth in Smart Phones is attracting significant investment. On a recent trip to Silicon Valley, I saw this first hand when I learnt that one leading venture capital firm alone, Kleiner Perkins, has a US$400 million fund for iPhone apps as well as a US$400 million fund for Android. That level of investment will drive better applications for the user and will further accelerate growth in sales of Smart Phones.

One result of this massive growth is the "consumerisation" of IT. What this means is that new information technology emerges first in consumer markets and then spreads into businesses and not the other way around as we have seen in the past. We find that often our home based IT equipment and services are both more capable and less expensive than what is provided in the workplace.

At the recent Net Hui, I facilitated a session around "The changing face of the internet - Mobile and Security". Over a hundred people were in the session and the core of the discussion centred around two things, the desire of people to increasingly bring their own technology into the work place and the need for increased security on mobile devices.

Consumerisation is fuelling tension between the traditional business model of providing staff a corporate phone and controlling the use of the device and the information on it via corporate policies and you wanting to Bring Your Own Device or Technology (BYOD or BYOT) to the workplace.

We discussed this at length at the NetHui session and it was clear that many users were being forced to carry at least two cell phones, which is not ideal. Some organisations (mainly smaller ones) had already moved to allow staff to have their own devices. However, all agreed that there needs to be a clear policy within organisations to explaining to staff what the rules are regarding their Smart Phone use in either scenario.

This is not simple though, and there are many real issues that need to be considered. What happens when a device is lost? If it is, is the business able to direct that all information, including personal data, is wiped from the phone?

What happens to company information on the phone when the user leaves the company? What behaviour can the business expect from the staff member on the device to ensure the reputation of the business is not impacted?

Who shares the cost for the device? Should the company be able to restrict access to certain sites the user wants to use on the device? Who is responsible for keeping the phones operating system up to date with security patches?

I cannot provide answers to all of these questions here. Each organisation needs to do this for itself based on its own position. It is clear that many businesses are having to update their mobile phone and security policies and there is an opportunity for collaboration here to help each other and avoid us all having to reinvent the wheel.

The NetHui provided an online forum for discussion on this topic that will be left open until the next Hui. I encourage all of you who are interested or concerned about this area to make use of the forum to post your thoughts, questions, and provide answers if you can. You can even post copies of policies that are working for your organisation or those that are not.

What is the long term solution then? Maybe we can look to the wider market where we are seeing function move from the end user devices up into the cloud, enabling use of the utility scale that offers lower price, improved security and simplified management. Will we see the same happen with Smart Phones? Will that mean we will see Smart Phones become less smart over time and become just a mobile access point to services in the cloud? This way, personal and business applications could be accessed from different cloud based services, making them easier to turn off and on as the needs of the user, and who they work for, changes.

Sunday, July 17, 2011

Is Anyone Safe in Cyberspace?

I have just read the US Department of Defense (DoD) Strategy for Operating in Cyberspace (July 2011). Within the document it is states that the "DoD networks are probed millions of time every day, and successful penetrations have led to the loss of thousands of files from U.S. networks and those of U.S. allies and industry partners". If the DoD cannot protect its information in cyberspace who can?


It is great to see that the DoD recognises the pervasiveness of technology in our lives today and that we are dependent on technology to run critical infrastructure (e.g. Transportation, Communication), to facilitate trade and for markets to operate.


Balancing this need for security and protection, is the reliance on the inherent openness of cyberspace to enable "new forms of entrepreneurship, advances in technology, the spread of free speech, and new social networks that drive our economy and reflect our principles".


This openness means that "the Internet was designed to be collaborative, rapidly expandable, and easily adaptable to technological innovation. Information flow took precedence over content integrity; identity authentication was less important than connectivity."


It is great to see the DoD making such a policy available in a transparent way, sharing their thinking and recognition of this issue so that we can all work together to resolve the issues that the Internet presents while protecting the opportunities it presents.

Perhaps the most unexpected comment for me was the recognition that the threat to Intellectual Property is seen as the most pervasive threat today and seen as more important than the threat to critical infrastructure - "Every year an amount of intellectual property larger than that contained in the Library of Congress is stolen from networks maintained by US businesses, Universities, and Government Departments and Agencies." Clearly information is power and businesses and economies rely on managing and protecting protect such information for their survival just as we as individuals need to manage and control our own personal information in the cyberworld we live in.

Here is the link to the document if you are interested - It is only about 12 pages long and very readable. DoD - Strategy for Operating in Cyberspace

Monday, July 11, 2011

Who is Shaping the Internet?

Internet New Zealand recently ran a three day Net Hui (conference) in Auckland to discuss key issues around the internet. Over 500 people from all walks of life attended the event, making it a rich environment to hear a wide range of views and perspectives.

There were lively discussions on topics ranging from copyright law, access and diversity, digital citizenship, human rights, the future of digital content, who controls or governs the internet, censorship, and much more.

I could not possibly cover all the issues or ideas discussed and would encourage you to go to the Hui website (http://nethui.org.nz/ ) where you can still access the discussion forums and notes from each session. You can also view YouTube videos from some of the major sessions including the well received key note speaker, Professor Lawrence Lessig. ( http://www.youtube.com/NetHuiNZ )

The key things that hit me personally from the conference were:

1. The internet is changing the world we are living in. We all know the internet is a powerful tool and that more and more people are using it, but at the Hui, I heard real examples about how the internet is revolutionising business models (e.g. the media industry), empowering people to learn about the world in which they live, and even helping bring change in governments.

2. Privacy and security issues are clearly mainstream. The truth is out about how Facebook and Google earn their money, and it is from our personal Information. With hundreds of millions of people using such services, people are becoming aware of the need to control and protect their personal information and manage it in a way that helps them derive value from it, not others.

3. There is a need for continued education regarding the internet. It was a clear reminder that the average internet user is not a very sophisticated user, but is someone who is using email, social networking, searching for information and maybe buying and selling online. While the internet needs to be simple for all to use, some of the issues and challenges the internet presents are not that simple. There is a need for ongoing discussion and education about the internet so that it continues to be a system that helps us live the lives we want to lead not hinder it.

Well done Internet New Zealand for hosting such an event and bringing discussion on these issues into the public arena. The internet is here to stay and we all need to shape its future together so that it helps us live our lives in the way we want to.

Saturday, June 25, 2011

Google to retire Google Health

It was interesting to hear today that Google has decided to close down it’s Google Health service. This service was set to be a great service to individuals that wanted to create an online health record and to get advice online that would help them manage their health.

There has been much discussion over the last few years regarding what Google’s motivation was in creating such a service, with many leaning towards the standard view that Google was just interested in gaining the advertising revenues associated with marketing of products to people who use this service. There was also concern about compliance of Google health with such laws as HIPPA (Health Insurance Portability and accountability Act). I also remember signing up for the service when it launched in 2008 and being told the service only applied to American citizens which I thought was a bit limiting.

It is great to see that Google has allowed users to extract their data in certain formats (CSV, Excel, PDF etc) which gives me encouragement that Google is taking the view that personal information belongs to the individual not to Google. The service will continue to operate until January 2012 so you have a few months to extract your data.

Microsoft’s HealthVault on the other hand shows no sign of stopping. It seems that Microsoft’s implementation has found more favour with health professionals and is being adopted on in the UK and other countries. Thos familiar with the health industry will know that the best way to get things working in this space is to make sure you are on side with the health professionals.

Regarding our own health record in myINFOSAFE, we are looking to move the format of health data stored towards open portable data standards so users have the option to import data from other compliant services or similarly export their data if they choose to. Watch this space.
Some relevant links for further dialogue on this subject for those that are interested:

Monday, June 13, 2011

Privacy of Personal Information

How private is information you post on the internet? Is it more secure than if you store that information on your PC?

The reality is that information can be very secure or very insecure on both platforms.
In regards to the Web, I found a helpful view in David Siegel's book "PULL". He states that there are three basic levels to the Web and area findable by public search engines like Google and Bing.

The Public Web which we normally see when searching and browsing for information online.
The Deep Web which includes large data repositories that public search engines usually do not see. E.g. Craigslist, Grainger etc.
The Private Web which we can only get access to if we qualify or have access rights. E.g. Corporate intranets or subscription based services. Again, this information is not searchable by public search engines.

So your data is more secure in the private web than the public web, but, in all these systems there are people that have the ability to access your information if they wish to. There is always a systems administrator or similar with super admin rights to each database and can just about always get to see what data is stored anywhere.
On your PC you may think your data is safe, but there are two main ways that people can gain access to information on your PC.

Remotely - If your PC is connected to the internet, even if you have firewall protection or security software, there are ways that people can gain access to your PC and search your information.
Physically - If someone gains physical access to your PC, and even if your PC is password protected, people who know how can access your PC and search your information. This can also be that case if they get hold of any of your back up devices for your PC.

On either platform the best way to ensure that your data is not compromised is to have it encrypted with a strong cryptographic key that is kept confidential (and separated from any systems administrator). This way, even if information is found it cannot be read or understood as all the information is encoded using this key.

The cracking of a strong encryption key of about 192 or 256 bits is considered infeasible.

So, be careful what you do with your information. If you want it shared then that is fine. If you want it safe and protected, encrypt it – end of story.

Monday, May 30, 2011

Linkability?

So you post some information on your website, your blog, or post some pictures on the internet for friends to see. What happens to it then? Can this information be copied, re-used, modified? Yes it can. This is less than ideal as you soon lose control of your information and it is off into cyberspace somewhere for who knows what purpose.

Some would say this is no different to talking to someone and them talking to someone else and soon you do not know who is talking about you. This is OK if it is about things you are happy for people to talk about, in fact this can often be beneficial. But what if you share something personal with someone in confidence and others get to know. You feel your confidence and trust in that person has been breached and this is not OK.

How can we set up similar confidence rules for information we share on the internet to protect ourselves from the openness of the internet when we need it?

Some would say that if you do not want your personal information spread on the internet, then do not put it up there. That may be right sometimes (e.g. just do not put those pictures from the office party up on Facebook). Others will say, make sure you submit such information in password protected areas. But what is stopping other members copying that info and distributing it outside of the protected area.

There are times you need to share information on a confidential matter and discuss it with people you trust. Due to geographical location or the need for input from multiple people, the internet is often the best mechanism in which to do this.

So, in the mean time, you are left with using a search engine to see what is being said about you on the internet and how information about you is being treated, then trying to correct it. Perhaps what we need is some mechanism to link (Linkability?) us to our information or protect sensitive information we do post or submit to the internet. Is there such a mechanism?

Look forward to learning about what views people have in this regard and what initiatives are underway to move us forward in this area.

Wednesday, May 25, 2011

What is our identity in the digital world?

As with any new system, it will evolve over time and hopefully improve the way it operates. The Internet has evolved primarily by the construction of individual websites that view the people they interact with as "their" customers and so have set up userID's and passwords to let users enter "their"system.
Of course as more and more websites have been built we the users have had to have more and more UserID's and Passwords the we have to remember to enter each website we want to make use of. Of course each website has different rules and processes for setting userID's and passwords. Some ask you to use your email address, some ask for a unique identifier for you that may not be able to be your name. The passwords can be short or long, capitalised, include symbols etc. which makes it impossible to have the same password (not that we should be using the same password should we).
What we need to evolve to is the Internet seeing individuals as real people who need to access more than one site. This is where the Open ID was formed. The Open ID allows you to use an existing account to sign into multiple websites, without needing to create new passwords.
Click here to find out more about Open ID http://openid.net/get-an-openid/what-is-openid/
More and more websites are adopting Open ID or something like it, including some of the big players like Google and Yahoo. This will help users have a better experience on the Internet over time. Bring it on!
Please let me know if you have used Open ID of something similar and let me know if it is improving the experience on the Internet or if it is creating issues for you.

Sunday, May 15, 2011

There must be a better way!

Today we all have many social networking sites we are connected to, Facebook, LinkedIn, Plaxo, You tube, as well as many other sites we may subscribe to. We sign up for each one and they all ask us for more or less the same personal information - Name, email address, credit card details, Zip Code etc.
With each duplication, it increases the number of user-IDs and passwords we you have to remember, the data we need to keep up to date and the risk of that data being out of date or even compromised.
There should be a place where your personal information is stored once, kept up to date once and called on by these various applications rather than having to re enter it each time in each application. For example, if you need to change your address or credit card number you currently need to go to all your sites and change this information. It would be so powerful if we could update this information in one place and it was updated in all sites you use automatically.
I am aware of some attempts at Digital ID's or passports in the past. Is anyone aware of any working versions of this or any info on why that have not worked in the past?
More importantly who would like a service like this?

Tuesday, May 10, 2011

Check out this video - Will this be the future?

At the recent Mediasense conference in New Zealand, US futurist David Siegal (purportedly the worlds first Blogger) presented the concept of a Personal Data Locker. Not only did he describe the concept of what our lives could be like if we better managed our personal information, but he presented a video to help us visualise it. As they say, a picture is worth a thousand words, so what is this video worth?
Click on this link to start the video :
Lets get some discussion going on this. What do you think, is his vision achievable? Desirable?

Saturday, January 8, 2011

How private is our personal information?

We have all heard about Wikileaks. I noticed this article today that made me think about all personal information stored on the web in cloud based solutions that you may think is private and secure but can be clearly accessed under legal process as required.

http://nz.news.yahoo.com/a/-/world/8615201/u-s-orders-twitter-to-hand-over-wikileaks-records/

We considering this as part of the design of myINFOSAFE. If we were ever asked to provide details of account codes and encryption keys for customers by the court, we would have to do this. But we could not provide any of the customers personal information stored in myINFOSAFE as we do not have access to it as it is stored locally on the users PC and is protected by a password that we do not know. (assuming the user has changed it from the default). The customer has control of their information and they can protect it, back it up or delete it in any way they want.

It makes you think that while there are many benefits of cloud based systems there are weaknesses that you need to be aware of in relation to your personal information.

Look forward to some discussion on this please.