It wasn’t that long ago that the vast majority of Americans had difficulty using computers to complete what we think now of as the simplest of tasks; IT professionals and college computer hub employees were regularly brought in to help find lost documents, open attachments to emails, and connect to networks. Now, the average American adult has multiple connected devices that they employ throughout the day with ease, and even small children know how to take and send high-definition videos across the world with just a few taps on a phone or tablet. Documents and other files that used to require storage and transportation on disks are now available on the “cloud,” accessible anywhere and at any time. With this enormous increase in convenience, however, comes a dangerous impact on privacy. Far from the embarrassment of having personal information released to the public, this privacy threat can also have serious legal and financial consequences. Here are just a few examples of modern technological conveniences that nevertheless present risky consequences:
Using Your Social Media Log-ins For Third Party Sites
With every new web service or app asking for a username and password, it’s tempting to choose the option of using a social media login – such as Facebook or Twitter – to enter the site. While it’s easier to use social media login rather than come up with a new login, doing so presents several risks. First, the second website may now have access to all the material included in your social media profile (even material kept “private”) including personal information and photos. Second, the social media site may have an agreement to share other information about you with the second site, of which you may or may not be aware. Finally, using the same login for multiple sites means that, if your password for the social media site becomes compromised, then all of the accounts that you login to via the social media site may be compromised as well.
Saving Documents, Photos, and Other Data in the “Cloud”
As stated above, cloud-based storage services such as those offered by Dropbox, Amazon, Google and others make storage and retrieval of files both large and small simple and convenient. But those same files that you can access from any location may also be accessible to others. Some of the main risks associated with saving data in cloud-based services include:
- Data breaches of confidential files kept in cloud storage through password hacking and other malicious points of attack on the cloud
- Loss of data altogether when information is solely kept in cloud-based storage such as Google Drive and not also stored locally
- Ability of current and former employees and individuals to easily remove data from the employer and potentially have continued access to cloud-based information after employment has ceased (i.e. Edward Snowden’s leak of data related to his contracting work with the NSA)
- Limited visibility of cloud users into the third-party cloud storage provider’s operations and internal procedures
Legal and Financial Risks Of Opting For Convenience over Privacy
While the parties who own, collect and maintain data on behalf of others (or at least related to others) can find themselves to be the “victims: of cybercriminal attacks on that data, those parties may also be liable to the people injured by the loss of data if it is determined that due care was not taken in protecting the data. Target has agreed to pay at least $67 million in damages to parties affected by its 2013 data breach, and Heartland Payment Systems found itself paying around $100 million in damages related to a 2008 breach. Such large settlements are of course on top of any damages the institutions suffered themselves as a result of the attacks on their data systems.
These are large-scale examples, but small businesses and individuals are obligated to protect the data under their control as well, and taking steps to avoid such data breaches in the first place is the best strategy for limiting future exposure. For more information on strategies for you and your business to avoid data security breaches and respond to breaches that may have already occurred, contact the data security attorneys at McCuneWright at 909.557.1250.