A Conversation on Internet Security | All About PII and GDPR

In an era of digital political interference and cyber attacks on banks, it can be difficult to keep personal information safe–whether it’s your own data or data that your company stores. Noble Studios’ Technical Director Sterling Hamilton is passionate about internet security, particularly how to protect data, and will be sitting on NCET’s “The Internet and You: Protecting Your Privacy” panel on July 25 to discuss the topic.

Before he goes on stage, we picked his brain on some of the major discussions happening in internet security.

Using the internet is practically unavoidable these days, whether it’s social media use or online shopping. How concerned should consumers be about the safety of their personal information like credit card numbers?

Edward Snowden makes some interesting arguments in this realm, but I think there’s one particular snippet I’d go to; it speaks volumes about how you should view your personal information.

“Privacy isn’t about something to hide. Privacy is about something to protect.”

With that in mind, I believe consumers should always protect themselves. Although the situation is improving and the internet as a whole is evolving and maturing around how security and protection are executed on a broad scale, it’s still not where it needs to be in many areas.

Consumers should be concerned in the sense that time and time again we see systems compromised in the news. Even worse, many systems are compromised, and no one is even aware it’s happening. The information continues to leak, and it puts people’s financial well-being at risk.

Once you understand that, you realize it’s not enough to expect either large organizations or small mom-and-pop shops to protect you. You need to protect yourself.

What can companies do to help protect consumer information that they store?

This is a complicated question with many different answers that all depend on a given organization’s situation. That being said, there are some very common pitfalls many companies fall into, the first being ignorance.

Addressing ignorance around how your technologies work, what information you are gathering and what obligations come with that information is the first step to responsibly protecting not only your clients, but your own business.

The next would be prioritization. Even armed with the knowledge and talent to address whatever situation you might be in, you may not make enough progress here due to perceived cost or conflicting goals. This is, in large part, why the General Data Protection Regulations–more commonly referred to as GDPR–has become a thing. The industry has had to take radical action to incentivize organizations to do what’s right and responsible, because without that incentivization we have all collectively demonstrated we won’t prioritize security. Now there are large fines and restrictions when companies do this improperly in the European Union.

Companies within the United States still have a huge opportunity to shape this entire area of discussion and keep government regulation out of the conversation if we can collectively improve the ecosystem in which we are dealing with privacy concerns. If we don’t improve on this, we can expect our own version of GDPR in the U.S. This is more expensive than deciding to do it ourselves, and it will give others the ability to prioritize it and set the timeline for implementation.

Last, I would recommend that companies recognize what they are good at and what they are not good at. For instance, it’s very common for companies to do web hosting themselves. This is a huge discipline, requiring many man hours, expertise, investment and so on.

While it is totally possible to get a working version of this discipline, or other areas such as payment processing or password storage, this is not your organization’s specialty. You will not do it anywhere near as well as someone who is dedicated full time to doing that. It is arrogant to think otherwise, and in the end, it’s consumers and your own company that will suffer.

Do what you do well, and work with those who do what they do well.

Facebook and Google are always collecting information on us. Are there ways to prevent these tech companies from using our personal information and tracking our internet activity?

In short, the answer is yes, but it does take a bit of time. You should establish an understanding of what you are trying to protect. Saying you want to protect everything isn’t useful. Are you concerned that they will know what you are buying? What you are reading? What you are saying? Depending on which of these is most important to you, you can do things like installing privacy extensions to certain browsers and avoiding mainstream tools to better protect your privacy in these areas

If security is super important to you, you could always go the extreme route of not using Facebook or Google at all (some people do this), but realize that it’s not just the big name corporations collecting your information. Every single company tracks data. Every single one of them uses that data to inform their business decisions. Some of them sell that data so others can use the information to inform their business decisions. Because we want to provide people with better experiences that perform, while others may way to look for ways to monetize data, you should always protect yourself and make sure you stay part of the conversation of how your data is used.

Interested in learning more from Sterling? Register for the NCET panel on July 25.