The contemporary trend for privacy professionals is to try and ‘sell’ the maturity and competency of their company’s privacy practices as a kind of competitive advantage. Much like our friends in info security have had to do for years, we had to justify everything we did with an ROI. Usually, we failed if we took that approach, since we would up in the same cul-de-sac of ‘cost avoidance.’ I have yet to overtly or blatantly see any company use privacy as a competitive advantage versus their competitors, but I hear it being talked about all the time in privacy circles. Usually in hushed, reverential tones.
I have written about this before, even going so far to insinuate that privacy ranks above many other considerations customers evaluate and ultimately treasure when doing business with a company, or even considering it.
Data, and lots of it, has always been a by-product of most businesses. That asset had historically been considered as just another company commodity to be managed or warehoused like an extra tractor or overruns from last season’s fashions. Protection and confidentiality of the data was mostly an afterthought. But today, data is like a new natural resource for companies that has brought new life – a digital B-12 shot - into an area that was once discounted.
But rather than thinking of privacy as some kind of operational advantage you have over some other company - which fails to excite average customers - I am increasingly intrigued with the idea of privacy as a marketing concept, or at least a concept to be marketed better. You might be tempted to dismiss my flippancy of the idea to equate privacy with gems like “Tastes great. Less filling,” “I’d walk a mile for a Camel,” or “With a name like Smuckers, it has to be good.” But indulge, please.
The term ‘creepy’ is very popular in the privacy lexicon these days. It of course means an app or service that knows too much about you, and causes you to have a strong emotional response, even if the results are beneficial. We initially react to these invasive products, apps or services and deem them creepy, but over time, the creepiness factor diminishes. Most of us are now used to customized Google search results, GPS on our phone, and prophetic Facebook recommendations following us from site to site; they no longer make our skin crawl (much). Now, one man’s creepy is another man’s targeted ad. (Think about this: caller ID was once thought of as an invasion of privacy – now it is the complete opposite: it protects our privacy.)
A very popular product/service in use right now that had a potential creepiness factor, but instead has been marketed so perfectly that consumers do not think of it that way is the Disney MagicBand. This plastic band worn in the company’s theme parks is an electronic band that can simply and digitally carry everything a guest might need—park tickets, photos, coupons, even money. It allows guests entry to Disney World, pay for goods at retail shops, and unlock their hotel room doors. It is literally a virtual key to the Magic Kingdom – and it knows a lot about you! I doubt though that anyone who has been reunited his or her lost children with the help of this band would still decry this product as creepy. We all surrender privacy when the benefits begin to outweigh the shortcomings. (E-ZPass anyone?)
Why? Because ‘creepy’ is only a poorly placed product reference.
It may seem unctuous to the privacy purists out there, and you may have to hold you nose a bit while the rest of us ‘market’ privacy as a product. But really, if our discipline becomes a product, it becomes marketable and becomes ever more tangible, it become even more commonplace and routine. That’s a good thing. It raises the bar for everyone. It means people no longer will be pleasantly surprised to see an app, service or web site respecting their privacy preferences, it will be an expectation of every customer and their experience with our products. Just like we all expect to see a smile on Mickey’s face every time at the Magic Kingdom.
Sunday, April 19, 2015
Thursday, January 29, 2015
Data Privacy Day: My 12 Privacy Resolutions for 2015
In celebration of International Privacy Day, I’d thought I’d update my Privacy Resolutions for a new year. Here they are in no particular order:
1. Unsubscribe from all e-mails, newsletters, magazines, blogs, reddit, etc. that I don't read, never read anymore or never actively signed up for. I know my e-mail address is just going to be sold to other marketers or mailing lists anyway so I’ll start to cut down on the clutter.
2. Update and strengthen the passwords that I use for critical, financial and other data heavy websites.
3. Better yet: migrate all of my passwords to a password manager app like LastPass, DashLane or Password Box
4. Stop updating everyone on my location via smartphone apps. No one really cares and I’m probably just letting thieves know I am not home so they can rob me.
5. When putting mail in the mailbox for the Postman to pick up, I’ll never lift the flag anymore to indicate that there is mail in the box. The mailman will find it anyway. Leaving the flag up tells ID thieves that you have some mail that may contain some interesting personal data.
6. Pay all of my bills online. C'mon, it's 2015.
7. Stop using my debit card to make online or offline purchases, or buy gas; use a credit card only. Using a debit card gives a thief direct access to your checking account, making it difficult to prove fraud, and preventing you from taking advantage of consumer protection laws that most credit cards offer.
8. Do an exhaustive Google search on myself to see what information is out there so I can see what the blogosphere is saying about me, if anything.
9. Make sure the "Do not track" option is checked by default in my browser's setting.
10. Better integrate the concept of 'privacy by design' into my business and/or IT development processes; no more bolting it on once the process or application is complete and ready to be rolled out.
11. Better publicize the social media policy within the company so everyone knows what the rules are.
12. Finally realize that there is no such thing as 'free' on the internet. No free iPads or dinner coupons to Cheesecake factory, or trips to Disney World. Stop clicking on those offers or accepting the links on Facebook. And no, I guess I am not really the 1,000,000th visitor (!!!) to a site and have not really won anything. Pass it on.
1. Unsubscribe from all e-mails, newsletters, magazines, blogs, reddit, etc. that I don't read, never read anymore or never actively signed up for. I know my e-mail address is just going to be sold to other marketers or mailing lists anyway so I’ll start to cut down on the clutter.
2. Update and strengthen the passwords that I use for critical, financial and other data heavy websites.
3. Better yet: migrate all of my passwords to a password manager app like LastPass, DashLane or Password Box
4. Stop updating everyone on my location via smartphone apps. No one really cares and I’m probably just letting thieves know I am not home so they can rob me.
5. When putting mail in the mailbox for the Postman to pick up, I’ll never lift the flag anymore to indicate that there is mail in the box. The mailman will find it anyway. Leaving the flag up tells ID thieves that you have some mail that may contain some interesting personal data.
6. Pay all of my bills online. C'mon, it's 2015.
7. Stop using my debit card to make online or offline purchases, or buy gas; use a credit card only. Using a debit card gives a thief direct access to your checking account, making it difficult to prove fraud, and preventing you from taking advantage of consumer protection laws that most credit cards offer.
8. Do an exhaustive Google search on myself to see what information is out there so I can see what the blogosphere is saying about me, if anything.
9. Make sure the "Do not track" option is checked by default in my browser's setting.
10. Better integrate the concept of 'privacy by design' into my business and/or IT development processes; no more bolting it on once the process or application is complete and ready to be rolled out.
11. Better publicize the social media policy within the company so everyone knows what the rules are.
12. Finally realize that there is no such thing as 'free' on the internet. No free iPads or dinner coupons to Cheesecake factory, or trips to Disney World. Stop clicking on those offers or accepting the links on Facebook. And no, I guess I am not really the 1,000,000th visitor (!!!) to a site and have not really won anything. Pass it on.
Monday, January 5, 2015
My 2015 resolution, Ask:'What's the worst that could happen'?
I’ve decided to adopt a newer, a bit bolder approach to life and business for the upcoming year. From now on, when assessing a problem or potential solution, I will ask others, or myself, “What’s the worst that could happen?” Don’t mistake that line of inquiry for flippancy or indifference to risk; I am not trying to be glib in any way. What I am trying to do is push beyond the usual constraints that I have set for myself, either consciously or not, in life and in business.
I have a personal philosophy and saying that everything in life is about risk management. Literally. Everything you do in every way, in all its minutiae, is in one way or another a decision about the management of risk: should I sleep late or get up early; do I exercise today or do it tomorrow; do I take a multi-vitamin or not; do I walk to work or take my car; do I eat breakfast or skip it; do I ask for a raise today or hope the boss gives me one anyway; do I finally start my own business or push it off one more day; do I marry or stay single, and on and on. Each decision in a minor or major way is risk based, but since we have a level of familiarity, or comfort, with each of these decisions we tend not to think of them that way.
For 2015, I have decided that asking, “What’s the worst that could happen?” is the best way to push the limitations of possible options or outcomes that I have imposed on myself. Like many of us, I am paid to come up with results. If the truly worst thing that could happen is nuclear Armageddon (or maybe just a huge financial penalty by a regulator), then one would obviously not go down that path. Yet, if the answer to the question is ultimately the answer to the problem (and I imagine many times it will be), then just by asking it, I am doing my job in vetting all possible options for the solving of the problem.
What is the worst that could happen? Find the answer and work your way back from there. Unfortunately, we typically take the opposite track: we posit the optimal solution, and ask why it won’t work. In this traditional approach, we never get to fully vet the possible universe of solutions that might lead to a truly unique breakthrough for either the person individually (i.e. audacious career move, or a new product innovation for a company.)
This novel approach to risk management can be condensed to this: Optimize risk, not minimize it or avoid it. Why? Because it is easy to minimize or avoid risk altogether – just don’t do what you is being contemplated. You’ve probably heard these excuses from the risk-averse before: Should we outsource back-office operations to India? No! Too much country risk! Should we develop a mobile app version of our flagship software? No! Too much data security risk! Should we be on social media talking about our products to customers? No! Too much brand and reputation risk! All risks, without a doubt, so why no do nothing? Sometimes, nothing is the worst thing that could happen. Sometimes, however, the biggest risk of all might be in doing nothing.
I have a personal philosophy and saying that everything in life is about risk management. Literally. Everything you do in every way, in all its minutiae, is in one way or another a decision about the management of risk: should I sleep late or get up early; do I exercise today or do it tomorrow; do I take a multi-vitamin or not; do I walk to work or take my car; do I eat breakfast or skip it; do I ask for a raise today or hope the boss gives me one anyway; do I finally start my own business or push it off one more day; do I marry or stay single, and on and on. Each decision in a minor or major way is risk based, but since we have a level of familiarity, or comfort, with each of these decisions we tend not to think of them that way.
For 2015, I have decided that asking, “What’s the worst that could happen?” is the best way to push the limitations of possible options or outcomes that I have imposed on myself. Like many of us, I am paid to come up with results. If the truly worst thing that could happen is nuclear Armageddon (or maybe just a huge financial penalty by a regulator), then one would obviously not go down that path. Yet, if the answer to the question is ultimately the answer to the problem (and I imagine many times it will be), then just by asking it, I am doing my job in vetting all possible options for the solving of the problem.
What is the worst that could happen? Find the answer and work your way back from there. Unfortunately, we typically take the opposite track: we posit the optimal solution, and ask why it won’t work. In this traditional approach, we never get to fully vet the possible universe of solutions that might lead to a truly unique breakthrough for either the person individually (i.e. audacious career move, or a new product innovation for a company.)
This novel approach to risk management can be condensed to this: Optimize risk, not minimize it or avoid it. Why? Because it is easy to minimize or avoid risk altogether – just don’t do what you is being contemplated. You’ve probably heard these excuses from the risk-averse before: Should we outsource back-office operations to India? No! Too much country risk! Should we develop a mobile app version of our flagship software? No! Too much data security risk! Should we be on social media talking about our products to customers? No! Too much brand and reputation risk! All risks, without a doubt, so why no do nothing? Sometimes, nothing is the worst thing that could happen. Sometimes, however, the biggest risk of all might be in doing nothing.
Sunday, December 21, 2014
The CPO as Matador
In the sport of bullfighting, there is a phrase that is often used: Torear la suerte. Literally translated it means “bullfight your fate”, but it is often interpreted to be understood as a kind of code, a way of life, a philosophy about adversity and the fortitude to persevere. And succeed while putting on a fabulous show at the same time. Disorder, chaos and unrest in your personal life or business life does not build character, it actually reveals it. Every battle is an opportunity to exhibit what lays beneath your surface, and reveal the real you. Much is at stake here.
So with paraphrase apologies to Frank Underwood on House of Cards, I like to say that there are two kinds of Chief Privacy Officers: Door mats and matadors.
All day, every day, there are lot of ‘bulls’ coming at you, the matador: the woman or man whose job it is to protect data and ensure the privacy of that data, and generally to provide peace of mind to a lot of people. The business, regulators, legislators, negligent or malicious employees, hackers, and malware are all like a bull coming at you. You have two choices: you can either be trampled, like a doormat is, or you can use your cape (skills) as a metaphoric instrument to solve the risks and challenges of modern day privacy.
Increasingly, and for good, reason, the role of the Chief Privacy Officer is gaining the visibility it has long sought and deserved. Thanks in no part to the myriad number of high profile data breaches of the past 3 years affecting every sector, the CPO role has begun to get its 15 minutes of fame in the bull ring (‘plaza de toros’).
No longer buried in Legal, Compliance or even IT, the CPO role increasingly gets a seat at the table to not only clean up the messes that upstream control failures have wrought, but is now being asked to become more thoughtful and strategic in her/his thinking to avert the next crisis.
Much like bullfighting itself, managing the privacy of information for a firm has become a kind of choreographed ballet of tradeoffs. Is there too much security? Too little security? Are we over doing the security for convenience? Should we emphasize features or privacy? The CPO now has taken the decision reigns and weighs in with influence like never before. The most judicious companies ensure that the CPO has both voice and a vote for every initiative that involves customer or employee data.
As recently as a decade ago, the CPO position was just another piece of a hat someone in the organization (likely the General Counsel, CISO or CIO) had to wear because it sounded like a good idea to have one in the company. But the gesture was largely symbolic, and the role was often a dead end, or met with infrequent success. But unlike in bullfighting where the bull has little chance for long-term success, a CPO now has a likelihood of survival success that has never been better.
So with paraphrase apologies to Frank Underwood on House of Cards, I like to say that there are two kinds of Chief Privacy Officers: Door mats and matadors.
All day, every day, there are lot of ‘bulls’ coming at you, the matador: the woman or man whose job it is to protect data and ensure the privacy of that data, and generally to provide peace of mind to a lot of people. The business, regulators, legislators, negligent or malicious employees, hackers, and malware are all like a bull coming at you. You have two choices: you can either be trampled, like a doormat is, or you can use your cape (skills) as a metaphoric instrument to solve the risks and challenges of modern day privacy.
Increasingly, and for good, reason, the role of the Chief Privacy Officer is gaining the visibility it has long sought and deserved. Thanks in no part to the myriad number of high profile data breaches of the past 3 years affecting every sector, the CPO role has begun to get its 15 minutes of fame in the bull ring (‘plaza de toros’).
No longer buried in Legal, Compliance or even IT, the CPO role increasingly gets a seat at the table to not only clean up the messes that upstream control failures have wrought, but is now being asked to become more thoughtful and strategic in her/his thinking to avert the next crisis.
Much like bullfighting itself, managing the privacy of information for a firm has become a kind of choreographed ballet of tradeoffs. Is there too much security? Too little security? Are we over doing the security for convenience? Should we emphasize features or privacy? The CPO now has taken the decision reigns and weighs in with influence like never before. The most judicious companies ensure that the CPO has both voice and a vote for every initiative that involves customer or employee data.
As recently as a decade ago, the CPO position was just another piece of a hat someone in the organization (likely the General Counsel, CISO or CIO) had to wear because it sounded like a good idea to have one in the company. But the gesture was largely symbolic, and the role was often a dead end, or met with infrequent success. But unlike in bullfighting where the bull has little chance for long-term success, a CPO now has a likelihood of survival success that has never been better.
Tuesday, October 14, 2014
Privacy’s Special Place in the Heart of the Customer
I once worked at a company where in addition to responsibilities for privacy, I also was in charge of records management. Though the discipline of records management and retention was interesting, I seem to recall that every night when I walked out the door, the thought of records never crossed my mind. (Nor any of my fellow employees' minds either, I’ll bet). Not that this responsibility wasn’t important, it’s just that the work never created any serious passion or enthusiasm in me.
Privacy, on the other hand, without overly romanticizing it, is an entirely different matter. I understand that it’s easy to feel no connection or relationship to some disciplines you deal with at work every day. You just do it in the office; you leave the office, and you leave those thoughts and concerns there as well. See you tomorrow, old job! Privacy, I always argue, is different. It’s special. It’s accessible. When you walk out of the door from work, you still carry your anxieties and thoughts about privacy with you. Since everyone now has either a LinkedIn profile, a Facebook page or both, or their kids have it, we are conscious of privacy, and everyone cares about it, or is at least mindful of it. Everyone has a smartphone and everyone goes apoplectic if they think they’ve lost it – and the thought of everything in it. Not because the phone or the contents contained therein are not replaceable, but because it means that a little bit of their private space has been lost, Or worse, maybe intruded upon.
I’ve always been somewhat grateful when I've had to create the training curriculum for privacy awareness courses because the concept is easy to convey to even the most non-technical user. Teaching someone about anti-money laundering concepts or risks of currency fluctuations or the benefits of dual authentication is a lot harder than teaching them that privacy matters to both the customer and to them. Why? Because they already get it! They deal with it all day every day outside of work already so they have a familiarity that makes them realize the urgency for your business that much easier.
The problem institutionally though is that privacy still largely serves as a compliance-related function in most organizations; a box to be checked. In many cases, the privacy team sits obscured in Legal or Information Security, even HR (!) and does not always get the visibility they need to provide the true value to an organization. Very data intensive and customer-facing businesses where data pays the bills, however, realize the worth of a strong privacy program. Their privacy teams are highly leveraged, CEO or Board-facing entities because those kinds of companies realize the strategic asset that is data today.
Data, and lots of it, has always been a by-product of most businesses. Historically, ‘data’ had been looked upon as just another company commodity to be managed or warehoused like an extra tractor or overruns from last season’s fashions. The confidentiality and privacy of the data was mostly an afterthought. Today, data is like a new natural resource for companies. Certain highly regulated industries like healthcare or financial services where privacy is almost a duty to the customer, however, know intuitively that properly using privacy can be a competitive advantage that, though intangible, is a brand differentiator. (See DuckDuckGo)
Building and maintaining the trust between company and customer is paramount for a long-term and profitable relationship, on both ends. Without the sense that a company will respect and protect the privacy of the data entrusted to it, the association between the two is simply a transaction; complete it, and move on. Companies don’t want that, and customers really don’t either.
People value their privacy and they want the businesses they do business with to do so too. Consumers want to associate a brand with the notion of privacy, especially if an exchange of sensitive data is involved. Do it right and customers will place that notion right in their hearts.
Privacy, on the other hand, without overly romanticizing it, is an entirely different matter. I understand that it’s easy to feel no connection or relationship to some disciplines you deal with at work every day. You just do it in the office; you leave the office, and you leave those thoughts and concerns there as well. See you tomorrow, old job! Privacy, I always argue, is different. It’s special. It’s accessible. When you walk out of the door from work, you still carry your anxieties and thoughts about privacy with you. Since everyone now has either a LinkedIn profile, a Facebook page or both, or their kids have it, we are conscious of privacy, and everyone cares about it, or is at least mindful of it. Everyone has a smartphone and everyone goes apoplectic if they think they’ve lost it – and the thought of everything in it. Not because the phone or the contents contained therein are not replaceable, but because it means that a little bit of their private space has been lost, Or worse, maybe intruded upon.
I’ve always been somewhat grateful when I've had to create the training curriculum for privacy awareness courses because the concept is easy to convey to even the most non-technical user. Teaching someone about anti-money laundering concepts or risks of currency fluctuations or the benefits of dual authentication is a lot harder than teaching them that privacy matters to both the customer and to them. Why? Because they already get it! They deal with it all day every day outside of work already so they have a familiarity that makes them realize the urgency for your business that much easier.
The problem institutionally though is that privacy still largely serves as a compliance-related function in most organizations; a box to be checked. In many cases, the privacy team sits obscured in Legal or Information Security, even HR (!) and does not always get the visibility they need to provide the true value to an organization. Very data intensive and customer-facing businesses where data pays the bills, however, realize the worth of a strong privacy program. Their privacy teams are highly leveraged, CEO or Board-facing entities because those kinds of companies realize the strategic asset that is data today.
Data, and lots of it, has always been a by-product of most businesses. Historically, ‘data’ had been looked upon as just another company commodity to be managed or warehoused like an extra tractor or overruns from last season’s fashions. The confidentiality and privacy of the data was mostly an afterthought. Today, data is like a new natural resource for companies. Certain highly regulated industries like healthcare or financial services where privacy is almost a duty to the customer, however, know intuitively that properly using privacy can be a competitive advantage that, though intangible, is a brand differentiator. (See DuckDuckGo)
Building and maintaining the trust between company and customer is paramount for a long-term and profitable relationship, on both ends. Without the sense that a company will respect and protect the privacy of the data entrusted to it, the association between the two is simply a transaction; complete it, and move on. Companies don’t want that, and customers really don’t either.
People value their privacy and they want the businesses they do business with to do so too. Consumers want to associate a brand with the notion of privacy, especially if an exchange of sensitive data is involved. Do it right and customers will place that notion right in their hearts.
Sunday, September 7, 2014
Stop the credit monitoring madness!
You’ve seen headline after headline on data breaches. Then, shortly thereafter you see the obligatory, and often perfunctory, statements like the ones below (actually excerpted from recent public breach notification messages):
- If we confirm a breach, we will offer free identity protection services, including credit monitoring, to any potentially
impacted customers.
- For extra assurance, we will offer free credit monitoring services for everyone impacted.
I am in no way castigating any company that steps ups and tries to do the right thing by its customers; I applaud that. That’s what a great company does. I do, however, question the value of epidemic-like, knee jerk reactions of providing identity theft services/credit monitoring for everything and anything that smells like a data or security breach.
* We lost your package. Have some credit monitoring!
* A box containing your monthly statements fell off of our truck. Have some credit monitoring!
* Your bill arrived in the mail without the envelope hermetically sealed. Have some credit monitoring!
* We accidentally told your ex-spouse your new address with the replacement spouse. Have some credit monitoring!
I kid, of course. But it is a de facto ‘best' business practice that if anything comes close to appearing that a customer’s data is compromised, a company throws free credit monitoring at the customer. The problem is that, for most scenarios, credit monitoring does little or nothing to remediate the situation. In fact, all it really does is placate a customer who feels as though they should receive ‘something’ for their troubles, and gives the appearance that the company is contrite (and of course mitigate some legal liability). In the situation where real personal and sensitive data elements (Name, address, social security number, tax returns, etc) are compromised, then the absolute right thing to do is offer identity theft services to prevent further harm to an individual’s financial integrity. But if, say, a debit card number is lost or stolen, or if a credit card is lost or stolen, what does credit monitoring actually do for the person? As far as I can tell, nothing. Can you open another credit or revolving account at a department store with a debit card as the only valid form of ID? Not that I’m aware of? Does credit monitoring prevent the thief who stole your credit card from continuously using it? Don’t think so.
What should the company do? I vote to immediately cancel the the cards in question and reissue them ASAP to the customer; refund any amounts that are patently fraudulent; apologize for the inconvenience; and thank the customer for their continued business Those actions to me effectively mitigates the existing and future risks to the customer. And doesn’t add to the hysteria.
An informal poll of my peers on the popularity of identity theft / credit monitoring services amongst their customers indicates that less than 10% of the offers actually get used. So, greater than 90%(!) of the customers who are offered the service, don’t activate it - not don’t use the services, but actually do not call up the credit company and turn on the service! Why? I suspect that in this age of breaches we as customers have gotten so many notification letters with identity theft offers that we have either enrolled five times over already and don’t need a sixth service. Or the once valued-service is now nothing more than a commodity to be tossed aside as casually as the letter that accompanies it. Or, we have become so desensitized to the threat that any level of effort to enroll in one of these services is effort better spent playing Candy Crush or watching Shark Week. Since almost every financial institution makes you 100% whole on any fraudulent charges as long as you report the charges in a timely manner, you may at worst suffer a little anxiety when you first see that charge for a big screen TV (that was subsequently returned for cash) on your ‘new' instant charge from Best Buy.
So can we all do ourselves, including customers, a favor? Let's save the offer of identity theft/credit monitoring services for when it is actually warranted? Let’s spend the time and money on efforts that will make all truly safer: upgrading encryption technologies, migrate to chip & PIN cards, deploy tokenization, stronger access controls…the list goes on. How to fund it all, you ask? Think of the savings on stamps from not having to mail all those offer letters!
Saturday, January 11, 2014
How being a grumpy old man protects my privacy...
I don’t know about you, but every time I am in a retail store, finalizing a purchase at the register, the 17-year old clerk asks me for my zip code, or e-mail address or phone number. I have always just said “Nope.” I can then almost pluck the contempt from the air around us, it is so thick. I am sure this teenybopper wonders “What’s the concern Old Man? It’s only your zip code I’m asking for. We only use if for demographic analysis.” Really? That’s all, huh? Harmless is it?
Well, if you have been following the news of late with some high profile data breaches in the spotlight, you know that it is not just the usual suspects of non-public information that has been compromised: name, social security number, credit card or account numbers. In fact, many seemingly other innocuous data elements have also been taken along with NPI elements. Though many think that since their name or e-mail address or zip code is already semi-public information they have nothing to worry about. The fact is, that semi-public information along with any NPI that bad guys harvest will lead to a more intense and serious strain of identity theft since the picture about you and your profile is much more complete and fulsome.
It is takes is just a moment of grumpiness at the point of sale to better protect your privacy in the long run. Though it benefits tremendously both the retailer and the data brokers they partner with to have that additional bit of information you might surrender at the register, it does you no good. It is a lop-sided deal.
So just say “Nope.” You may suffer a puzzled look from some young punk behind the register, but what does he know? It will be worth the financial peace of mind
Well, if you have been following the news of late with some high profile data breaches in the spotlight, you know that it is not just the usual suspects of non-public information that has been compromised: name, social security number, credit card or account numbers. In fact, many seemingly other innocuous data elements have also been taken along with NPI elements. Though many think that since their name or e-mail address or zip code is already semi-public information they have nothing to worry about. The fact is, that semi-public information along with any NPI that bad guys harvest will lead to a more intense and serious strain of identity theft since the picture about you and your profile is much more complete and fulsome.
It is takes is just a moment of grumpiness at the point of sale to better protect your privacy in the long run. Though it benefits tremendously both the retailer and the data brokers they partner with to have that additional bit of information you might surrender at the register, it does you no good. It is a lop-sided deal.
So just say “Nope.” You may suffer a puzzled look from some young punk behind the register, but what does he know? It will be worth the financial peace of mind
Subscribe to:
Posts (Atom)