So a PR guy, a journalist, and a lawyer walk into a bar…

Uncategorized Posted Apr 12, 2013 by chenpr

…and they sit down next to a technologist and a venture capitalist.

Sounds like an interesting group right?  Well that’s exactly the group I saw on Wednesday night at the MIT Enterprise Forum of Cambridge Innovation Series on customer privacy and trust in innovation – and the combination of professions made for some pretty interesting conversation.

The panel was headed up by our own Kevin Kosh and featured the great minds of Bill Brenner, Managing Editor of CSO; Anup Ghosh, Ph.D, Founder CHEN paneland CEO of Invincea and Research Professor in the Center for Secure Information Systems at George Mason University; Mark Hatfield, Partner at  Fairhaven Capital; and Gant Redmon, Esq., General Counsel and VP of Business Development at Co3 Systems and a Certified Information Privacy Professional/United States (CIPP/US).

The panel covered a wide range of security and privacy topics that I could write about, but I’m just going to stick with one of my go-to moves on this blog and talk about what is relevant to my age group (or “young people” as Bill Brenner put it) and focus on data privacy.

I’m 23 years old and I work in PR, so as you can imagine, my smartphone is like its own appendage and it’s brimming with applications, especially the social kind.  Now, all the things I’m about to say about my downloading and application-use habits is going to make me look very bad, but I’m trying to make a point so I’m going to do it anyway (the first step is admitting you have a problem, right?).

Last night the panel asked numerous times if audience members read privacy agreements on various applications before downloading them to whichever device we were using at the time.  Guess how many times I raised my hand.  Did you guess zero? The big ol’ goose egg? BINGO.

The sad part is I’m surrounded by security news every day, reading about the latest hacks, cyber-attacks and spear phishing.  So what’s my excuse?

I think a majority of my generation is so caught up in the notion that everything should be instant, especially on our mobile devices, that we forget to protect our own data and are careless about the data we do put out there. (And I use that phrasing because most people my age don’t even know where “there” is.)

Or perhaps the issue is apathy.  Maybe many people are aware that they are granting these applications limitless access to their personal information and they are simply just OK with it because after all, we are living in the information age.

And while apathy or carelessness may be the case, I can’t help but believe that there are still a fair amount of people that simply just aren’t aware of how much data they’re giving away.  Like I said, most people don’t read the privacy policies before downloading an app, and even if they did, delete_cookieswould they understand what it was saying?

A great example that the panel brought up was cookies (and not the chocolate chip kind).  Many people might not know that when you log on to your Facebook account you create a cookie, and now that you’re logged on, Facebook has access to all the other cookies you’re creating when you visit other websites.  How else do you think your Newsfeed knows to display a J.Crew ad minutes after you visit the J.Crew website?  (Because I know that doesn’t only happen to me.)

So now you’re asking, what’s the point in all of this admission of data-guilt?  And how do I stop bleeding personal information without even knowing that I’m doing it?

While it is the responsibility of businesses to be good custodians of customer data, it’s also important for the user – no matter your age – to be cognizant of the information we’re handing over.  It’s a two-way street; an application needs to be explicit in telling the customer what personal information they will be accessing, and preferably in less than 6 pages, and the consumer needs to take notice of this and take inventory of what information they are willing to put out in the cyber domain.