A recent acquaintance asked me the classic question “What do you do for a living?”. Knowing he meant my paying job, I shared “I work in privacy and compliance”. His next comment was even more classic: “I guess you can’t say much about that”.
I’m frequently asked questions or posed with dilemmas about ‘what is privacy’ or ‘what is confidentiality’ or ‘if I share this, will it be a breach’. Attention given to information privacy and security increases daily, with near-countless stories about cyber security threats, data breaches, the hacking of credit card accounts or bank accounts or medical records. The common mantra in the IT Security industry (Information Technology) is not “if a breach happens, but when a breach happens”. Indeed, individuals and organizations are extolled to “get it right every time” while hackers only have to “get it right one time”.
The anxiety associated with information privacy and security is significant. We are inundated with reminders to use complex passwords, implement two-factor authentication, don’t let anyone know about or use your personal devices, and diligently check your credit card and bank account statements. The number of cautions about protecting your information and the number of companies emerging that say they will protect your information is nearly as large as the number of individuals and organizations that are actively trying and/or succeeding at hacking your information. We hear increasingly about phishing, spear phishing, trojans, SQL injections, and the need for penetration testing and vulnerability scans and black hat intrusions. The information overload and anxiety can be exhausting.
Perhaps a way to gain some control over the persistent threats to the confidentiality of our information is to personalize that information. Two ways of personalizing information come to mind. First: at Empathia, the information we receive from individuals who voluntarily call us for services is confidential. By that, I don’t just mean we maintain that information with utmost attention to information privacy and security policies and procedures, and we don’t share any information without the expressed consent of the individual who shared the information. We also remain actively aware that that information is about a human being, who has thoughts, feelings, beliefs, challenges, goals, significant others, questions, fears, vulnerabilities, and strengths. To the degree that I can personalize that information that has been entrusted to me, I can hold that information, that person, as vital…invaluable.
A second way to personalize information redirects the focus onto you, the originator of information about you. Similar to the trust you have to develop with important people in your life, whether that means your significant other or doctor or therapist or auto mechanic or financial advisor or plumber, you may want to consider that kind of trust you have with all of your web and email and social media contacts. A great deal of useful information is available to you that can help you make informed decisions about the way in which you use personal data…and much of that useful information goes unread. Here is just a short-list of considerations that may help guide your careful use of your own information:
- Are you diligent about user accounts and passwords, or do you tire of the rigor and use the same passwords for every account, even taping copies of your passwords on your computer?
- Do you ever take the time to read the privacy statements posted on the various websites you regularly use, or plan to use? It isn’t uncommon for you to give away permission to use your personal information when you quickly click the “accept” button when getting into a site.
- Are you as careful with what you post on your social media accounts as you expect your bank, or your credit card company, or any other site in which you are sharing your personal information to be with your information?
- Did you ever consider that the wonderful photo of your loved one, or that witty comment on a social media site, will live on the Internet indefinitely?
Information about you is personal. When you share information about yourself, you want people to take it personal. The responsibilities for keeping your information private and secure are extensive, and are owned at some level by anyone or anywhere you have shared that information. Ultimately, information about you is yours, and so is the final responsibility for both keeping it private and secure, or with others to which you are entrusting your information.
David has been with Empathia since 1990. As Director, Privacy & Compliance, he oversees Empathia’s information privacy and security policies and procedures, applicable regulatory compliance processes, and EAP services database infrastructure. David is a former two-term Board Member for the Employee Assistance Society of North America (EASNA) and previously chaired the trade association’s Professional Practices Committee. He is a Wisconsin Licensed Clinical Social Worker (LCSW), and when not spending as much time as he can with his wife and family and grandsons, he works to support Empathia, its mission, and its customers and clients.