This article is more than 1 year old
We get the privacy we deserve from our behavior
How many websites are dancing with your data like no one is watching?
Register Debate Welcome to the latest Register Debate in which writers discuss technology topics, and you the reader choose the winning argument. The format is simple: we propose a motion, the arguments for the motion will run this Monday and Wednesday, and the arguments against on Tuesday and Thursday. During the week you can cast your vote on which side you support using the poll embedded below, choosing whether you're in favor or against the motion. The final score will be announced on Friday, revealing whether the for or against argument was most popular.
This week's motion is: In the digital age, we should not expect our communications to remain private.
Our second contributor arguing FOR the motion this week is Jen, an infosec pro.
We all have a right to privacy and legislation, such as GDPR, has both codified this for the digital age and brought the topic into focus for business. However, context is everything when framing our expectations.
We consider our homes to be a private environment, where we expect more privacy than a city center or our workplace. By extension, using a personal email address is not necessarily equal to using a corporate email address. The latter is owned by the employer and we adjust our expectations of privacy accordingly (depending on where you work.)
Employers generally work on a best-endeavors basis to protect our privacy, and will invest in frameworks and technological tools to achieve this. These won't always prevent privacy compromise through data leakage, though – such as when we become the victim of a colleague sending an email to the wrong recipient.
External parties may be contracted by our employers. Suppliers often subcontract to a third party and those businesses can then even subcontract again… creating an ever-growing list of parties to share data with (hopefully subject to contractual terms, GDPR requirements, and supplier management).
They all become an extension of our employer's control environment and therefore have a role to play in handling our information and also protecting our privacy. All of the above can increase the risk of us becoming victims to a malicious attack.
The pandemic has created a challenge around information we previously considered private
The pandemic has created a challenge around information we previously considered private. We've found ourselves in a position of sharing more data with the desire to, as a society, navigate our way back to the old normal. The data we now routinely share with our employers has increased through the advent of the working-from-home model, not least with the recording of COVID-19 related data with employers and government. And this is magnified by the many who have also signed up to the track-and-trace apps.
In the ongoing negotiation of digital privacy, the lessons of what data to share have certainly been learnt by some – namely that social media postings from many years ago can still come back to haunt or embarrass. This is an experience that has been felt by all levels of society from politicians, celebrities and athletes to students, parents and neighbors. It can even be part of the HR department's armory for employment background checks and associated questioning.
This links into a wider so-called privacy paradox. There is a desire for privacy but also a simultaneous lack of appropriate security behavior by individuals – behavior such as using the same insecure password for multiple sites, signing up to just about any site for a 10 per cent discount, or even a reluctance to use security measures such as multi-factor authentication.
There is a desire for privacy but also a simultaneous lack of appropriate security behavior by individuals
These habits wouldn't be complete without including signing up to numerous social media sites and unwittingly (or sometimes happily) sharing data from date of birth, employer, phone number and travel itineraries through to partaking in quizzes that reveal first pets, favorite numbers, and your mother's maiden name. Each piece of information may well be used as security identification. And when we factor in ubiquitous cyber attacks, should this not question our expectation of privacy?
Each of us has a decision to make. We can dance with our data like no one is watching, or we can protect our privacy by being more selective about what we communicate.
Which approach we choose will almost certainly come down to compromise and our lifestyle – to what extent we want to engage with social media, where we choose to live, work and visit, and the companies we choose to work for.
But given the operational realities of the digital age, if our choice is to continue to exhibit insecure behavior, we surely cannot have high expectations of privacy. ®
Jen graduated with a cybersecurity and computer forensics degree and has worked in a number of Information Security roles.
Cast your vote below. We'll close the poll on Thursday night and publish the final result on Friday. You can track the debate's progress here.