It is a good time to be a hacker.
There is an ocean of personally identifiable information (PII) that we all contributed to over the years. We share our date of birth here or our SSN there. We want to get discounts with a membership card at the grocery store and we surrender PII without a second thought. Why slow down the process by asking them why they need this or what they will do with it? There’s a line behind us waiting to do the same. Our complacency and our eagerness for convenience have created a new golden age of piracy that puts individuals and companies at risk every second of the day. The good news is that you can make changes today that will limit your exposure and protect your identity.
Much of this attitude began about 15 or 20 years ago with the birth of social media. When we all signed up for Facebook, for free, we mistook our role in this interaction. We made accounts and fed it information believing that we were the consumers. Of course, this was not the case. We were the product, not the consumer. The consumers are corporations that buy our information. Our privacy is in our hands but we give it away for free without asking a question.
Companies today default to collecting data. You sign a lengthy term of service without reading it, enter your information, and your PII is now on the open market. By the way, this is not a breach; this is business as usual. It seems like an easy way to make a buck but holding on to sensitive data puts companies at risk, forcing them to pay exorbitant liability insurance fees. Complacency created a cottage industry that ensures third-party data and breaches. Companies engage in this practice because they see competitors doing it because it metastasized into business-as-usual. They’ve forgotten why they do things a certain way and steer into a future guided by instruments they don’t care to understand. Put simply, it is not just the consumer who has grown complacent; companies are marching like lemmings right into the teeth of data breaches.
When it comes to places like banks or credit unions, you can and should expect them to prompt you for an SSN for they are obligated to report your dividends and income to the IRS. However, it’s your right to know how long this information is stored. It’s one thing to protect data for a week or month, it’s a fool’s errand to house it indefinitely. Companies are building treasure troves that will reach a critical mass for hackers at a certain point. If one of their core functions is cyber security (think a bank or credit union), you can assume there is some serious security — though there are no guarantees. If you give PII to your grocery store or a random website, cross your fingers and hope for the best.
The Good News, Finally
I’ve said it before [in previous articles], and I will say it again, there is one word that will change how you understand privacy: Why. Why does this company need this information to prove who I am? Why do they need your SSN in order to register you? Currently, there are transactions that will require PII in order for you to get what you want. If you apply for a job, they may ask for personal information that you cannot refuse if you want to be on their payroll. If you are a traveling nurse or a gig worker, it feels as though you might as well print your SSN on your business card. People ask for the same information over and over again and we submit it over and over again. So, how do we break free from a broken system?
In order for businesses and consumers to curb data breaches, we need a tidal shift in our mindsets. With current “best practices,” we address symptoms but not root causes. Instead of thinking of better methods, companies accept that breaches are inevitable and pay insurance to minimize damage. Instead of asking if there’s another way, we enter our PII by muscle memory or we feel powerless or don’t have options. There are only two real ways to fix this issue: we can reprogram ourselves or we can use a tool that shields our information. While I believe in the capacity to change, I am also aware that convenience is a tough addiction to kick.
There is a way for you to interact with companies without trusting them with your data. It is possible to put a bubble around your data. Companies can see that you are who you say you are without requiring your personal information, or collecting them and exposing themselves to data breaches. Users provide information once to a privacy-protecting company, and it assumes the responsibility for any third-party verification requests without ever exposing your personal data. When a company prompts you again for your SSN, you use your mobile device to securely confirm your identity and the privacy-protecting company verifies you are who you say you are without exchanging your personal information. Much, in the same way, PayPal removed the insecurity of entering your credit card info on sites, this idea allows you to carry on interacting with the world as you know it without creating dangerous situations for your data.
I believe all of this begins with a mental shift. We must demand more from the institutions in our virtual lives. Stop saying things are good enough. They aren’t. We deserve more. We should not have to reveal our soft underbellies to the world at the drop of a hat. Companies deserve more. They are massive, glowing targets attracting hackers. When we demand more, we will look to solutions that work for the realities of today. For now, start asking why and don’t accept the status quo, and demand better solutions.
Read the original article on Medium.