January 28th is Data Privacy Day.
On January 28th, 1981, an international treaty was signed that dealt with privacy and data protection. This was formally known as Convention 108, and it established the protections of personal privacy and data protection. Basically, it said that people’s private data should remain private.
While Convention 108 was a European treaty, the United States adhered to its spirit, and in 2008, the National Cyber Security Alliance was established. It was this alliance that took on the task of promoting Data Privacy Day.
As the University’s Information Security Analyst, in addition to my regular e-newsletters, I’m offering you my tips on how to effectively protect your data.
What exactly is private data?
In the United States, private data is identified as any data that is not made available to the general public. This includes, but is not limited to, passwords, social security numbers, account numbers, birth dates, financial information, medical information, school grades, etc.
Any information about you that is specific to you and not something you would share publicly is considered private. You have every right to expect that data will be protected by anyone that possesses it.
But you also have a responsibility to yourself to protect your private data.
Encryption is your friend.
Most people use a flash drive (aka “thumb drive”) to backup important files. These devices are cheap to buy, simple to use and easy to lose. If you lose one, the person that finds it will have access to all of the personal and private data you stored on it.
Both Microsoft and Apple provide simple tools that allow you to encrypt the data on a flash drive and you should take advantage of those tools.
BitLocker:
Microsoft BitLocker is available in Windows 10. When you plug the flash drive into your computer's USB port, open up your File Explorer and you will see the flash drive listed under Devices and Drives. Simply point at the drive and right-click to open the menu. One of the options available on the menu will be “Turn On BitLocker”. Click that and follow the instructions to encrypt and password protect the flash drive.
FileVault:
Apple’s FileVault is available in OS/X. When you plug the flash drive into your computer's USB port, open the Finder and locate the drive on the left side of the screen under Devices. Point at the drive and Control+click to open the menu. Select “Encrypt [drive name]” and follow the instructions to encrypt and password-protect the flash drive.
Unfortunately, a drive encrypted using BitLocker cannot be read using FileVault and vice-versa.
PGP:
Pretty Good Protection is a freeware file encryption tool that can be used to encrypt specific files. It can be a difficult tool to use but it is universally available, and most business can accept PGP encrypted files.
I don’t recommend you use this unless you are comfortable working with pretty nerdy technology.
Destruction is your friend.
When you bought your newest computer, did you erase all the data that was on your old one?
Most people don’t. This can turn out to be a very bad thing. Giving your old computer to a recycling center or, even worse, throwing it in a landfill, is no different than putting your bank statements, your medical records, your emails, your passwords and your financial data into a large paper bag and leaving it on the street for anyone to pick up and read.
When you buy a new computer, you will probably transfer all of the information from the old one to the new one. Once you have done that, you have two choices available to you to prevent anyone from getting your data from the old one.
You can remove the hard drive from the computer and destroy it physically, or you can erase all of your private data from the hard drive and write non-private data on top of it.
I like taking the hard drive out and destroying it. I do it by unscrewing the hard drive outer shell, ripping out the rare-earth magnet, the circuit board and finally the discs themselves. This leaves me with a pile of useless electrical components and a really strong magnet that I can use when I want to do magnet stuff.
If you want to destroy the hard drive, here's a video from Best Buy that shows how to do that.
If you don’t want to go through the trouble of physically destroying the drive, you should erase all of the files from the hard drive and then overwrite them with a data destruction program. A website called LifeWire provides a pretty comprehensive list of free programs that will erase and destroy all of the data on a hard drive.
I’m not going to provide the link to LifeWire because, to be honest with you, I don’t want to take any responsibility for its content. If you search in Google using the search phrase “data destruction software,” you will find a large number of sites that want to help you destroy your private data. LifeWire should be the near the top of the list.
Get a cross-cut shredder.
I don’t think there are people trying to steal my private data—I know there are people trying to steal my private data.
A social security number in conjunction with a name and a date of birth is worth about $3,000 to certain individuals with criminal intent. I do my best to protect that information from not only digital criminals but also good old brick-and-mortar criminals.
I strongly recommend you own and use a cross-cut shredder. I shred every piece of paper that has anything on it that can be tied directly back to me. If my name appears on the page, I shred it. The paper recyclers don’t care if my paper is an 8x10 sheet or a thousand tiny pieces, they take it either way.
Don’t worry, be happy!
I’d like to tell you that if you keep your data secure, you won’t have to worry about it falling into the hands of someone with bad intent but I can’t do that. The best you can do is minimize the risk, not eliminate it.
We can be happy with minimizing the risk.