Personal Data vs. Sensitive Data – General Terms

The digital industry is a treasure trove of sensitive information. Organizations today rely on collecting and storing sensitive and personal information to perform business-critical operations. Typically, such data includes collecting credit card payments, completing bank transactions, and tracking packages. Fortunately for consumers, however, numerous regulatory bodies worldwide have recognized the confidentiality of such data. As a result, regulators are enforcing various data privacy laws such as GDPR, HIPAA, NESA, CCPA, and many others to protect the integrity and confidentiality of such personal data. Thus, companies that collect, store, or process personal data are legally required to take the necessary measures to protect personal data.

The fine line between personal and confidential information

Is sensitive data the same as personal data? No, sensitive data has more stringent requirements that must be met for the organization to process it. In turn, the conditions for processing personal data are different. In a nutshell, personal data includes data that identifies an individual. Full names, birthdays, telephone numbers, home addresses, email addresses, and bank details fall under personal information. It is standard procedure for most apps and websites to collect this data, as it is required to make payments or support subscriptions.

Confidential information is personal information whose disclosure could leave an individual vulnerable to discrimination or harassment. While laws generally protect personal information, they pay particular attention to sensitive information because of its potential impact on an individual’s livelihood, quality of life, and capacity to engage in everyday tasks. It would seem simple, and that’s the end, but if it was so simple, why would people pay so much attention to it, right?

What is Personal Data?

We may define personal data as any information we can use to identify an individual. This includes name, number, address, age, email ID, etc. In addition, even personal data that categorizes your presence, such as CCTV footage, fingerprints or biometric prints, eye scans, etc., can be part of the information. Even data or information combined with other relevant information can lead to the identification of an individual, which can be classified as personal data.

However, it is essential to note that not all data can be personal. For example, a name itself only becomes personal data when that information is combined with data such as last name and phone number to identify an individual accurately. Organizations typically collect and store several pieces of information about data subjects, and this information can be considered personal data if they are put together to identify the data subject. Some of the most common examples of personal data include first and last names, home addresses, email addresses, ID numbers, location data, Internet Protocol (IP) addresses, etc.

What is Sensitive Personal Data?

Sensitive personal data refers to a particular category of personal data that requires additional security and special processing requirements. According to the GDPR, sensitive personal data includes:

• Political opinions
• Religious or philosophical beliefs
• Racial or ethnic origin
• The genetic information about an individual’s inherited or acquired traits
• Trade union membership
• Sexual orientation or sex life
• Biometric data such as fingerprints
• Data about a person’s physical or mental health

The General Data Protection Regulation outlines guidelines for collecting and processing sensitive personal data of EU citizens. There are separate rules for controllers and processors handling special categories of data. Processing such data poses risks to human rights. Therefore, additional security measures are necessary to protect sensitive personal data.

Obtaining consent and rules for storing sensitive personal data

A common misconception about the GDPR is that organizations need consent to process personal data. However, consent is only one of six lawful grounds for processing personal data. Explicit consent is required for sensitive personal data. Organizations that haven’t thoroughly studied compliance requirements risk getting some problems; enforcement action, regulatory fines, and loss of customers. The UK’s Data Protection Act (DPA) provides guidelines for storing sensitive personal data. Hard copies must be stored in a locked drawer or filing cabinet. Digital files containing sensitive personal data must be encrypted and stored in a folder with limited access controls. Additional conditions, safeguards, and exemptions are outlined in Schedule 1, Part 1.

Sensitive data exposure

Organizations and companies can expose sensitive data when the database storing the information is inadequately protected due to weak encryption, software errors, or employee mistakes. This can include healthcare and medical information, bank data such as account details, financial status, passwords or PIN codes, home or work address, and contacts. Data exposure differs from data breaches, where communication is accessed without consent or authorization. In data breaching, personally identifiable information such as name, contact details, bank account number and statements, and ATM pin is used by hackers to misuse data and gain money.

Differents for data security, privacy and compliance

The difference between personal and sensitive data lies in the level of harm that can result from exposure. For example, crooks can use personal data for spamming, phishing, or identity theft. In contrast, sensitive data can lead to more severe and private consequences, such as financial loss, medical identity theft, or reputational damage. Using sensitive data, hackers can inflict damage on you. Legal implications concerning collecting, using, and disclosing personal and sensitive data differ. Under HIPAA, laws protect explicit categories of sensitive data, such as health data. Personal data becomes sensitive to specific types or attributes that require special protection due to their potential impact on an individual’s privacy, security, or fundamental rights. The distinction between personal and sensitive data may vary based on legal frameworks and contexts. However, three standard criteria can classify personal data as sensitive: sensitive categories, contextual sensitivity, and potential for harm.

An organization needs to understand and classify the types of data it collects. Once you know the subtle differences between personal and sensitive data, you can review your obligations under GDPR. You can protect confidential and sensitive personal data based on the type of data processed. This knowledge will enable you to secure data and take appropriate steps to conserve all sensitive information to prevent incidents of a breach.

The post Personal Data vs. Sensitive Data: What is the Difference? appeared first on Gridinsoft Blog.

The US Department of Justice, Internal Revenue Service, and Federal Bureau of Investigation have joined forces with law enforcement authorities in Latvia and Cyprus to seize the SSNDOB darknet market. They informed the public about the operation in the official report on June 7, 2022.

SSNDOB used to be a large market for personal data. The name of the market is the combination of two abbreviations: SSN (social security number) and DOB (date of birth.) Thus, names, dates of birth, social security numbers, and other data of about 24 million citizens of the United States had flocked to the servers of SSNDOB, generating profit for the marketplace owners.

Leaked data vendors used to place advertisements of what they had to sell on dark web announcement boards and forums. The deals were stricken afterward on the notorious marketplace. SSNDOB administration urged its clients to pay for the data in cryptocurrency. As for the application of personal data purchased on SSNDOB, buyers used it in illegal machinations of various kinds, including tax and banking frauds. The revenue generated from such deals amounted to $19 million. The leaked information mostly came to SSNDOB from healthcare institutions.

The four seized domains were ssndob.ws, ssndob.vip, ssndob.club, and blackjob.biz. They served as mirrors, which allowed the marketplace to avoid disruption in work, should even one of the servers be shut down due to criminal investigations. However, the joint and simultaneous actions led to the effective seizure of SSNDOB operations with the marketplace infrastructure dismantled.

The Context

The context of the SSNDOB servers seizure would not be complete without a suspicion outspoken by the researchers at Chinalysis, who have traced a connection between SSNDOB and Joker’s Stash, a dark web market selling credit card details (stolen, of course.) Joker’s Stash was shut down in February 2021. But before that, around 100 thousand dollars in cryptocurrency were transferred from SSNDOB to Jocker’s Stash. Chinalysis even presume that both resources belonged to the same owners.

Following the shutting down of Hydra and RaidForums, the seizure of SSNDOB is another battle won in America’s decisive war on cybercriminals.

The post Joint Operation: SSNDOB Personal Data Darknet Market Seized appeared first on Gridinsoft Blog.

Children and networks

According to the study¹ I found on the Web, 89% of teenagers in age from 13 to 17 have at least one social network account, and in 71% of cases teenagers of the same age range have more than one account. Such statistics are the result of making the smartphone popular, affordable and essential for modern society. Social networks also brought a significant influence on this subject – they developed enormously last years, gaining a great amount of users. Even if there is no practical reason for a child to use social networks, it sees how adults make use of Facebook, Twitter, Pinterest or Instagram, and want to do so, too.

And this situation is rather good than bad: while exploring the content, children find the things that are really interesting for them. Obtaining the interesting and important information is a really useful thing for the self education purposes, regardless of the age of the person who gets such content. But there is also another side of the coin: there is a lot of content in the Internet which can be harmful or sensitive for young users. Because of freedom of speech, everyone can find doubtful content in the social networks. And while adults are able to “filtrate” such information, basing on the knowledge they get through a life, children are not able to make the analysis, and can easily use this information as a fact or as a guide to actions.

Why do you call it dangerous?

Misinformation cannot harm the child physically. Any kind of false facts can be easily refuted by parents, or with the information from a more authoritative source. But there is also one more possible thing that can be harmful. We are talking about online friends – ones who have never contacted the child in real life, but have persistent contact with it on Instagram, for example.

When it comes to the first meet, both child and friend knows quite a lot about each other, hence, they are likely to trust each other. Yes, in the majority of cases online friends are the same teenagers as your child, but there is still a chance that there is somebody malevolent hiding under the guise of “teenager”. And having a walk with a friend usually supposes the absence of parents in the range of mile. It is likely impossible to control who really stands under the nickname of “Janet”, if you can’t see and analyze the facts that this person told about herself during the conversation. But we will talk about the ways of control later.

Age restrictions in different networks: interesting statistics

Here are the list of minimal age requirements for popular social networks:

• Facebook: 13+ Years.
• WhatsApp: 16+ Years; But, you will be able to sign up at the age of 13 with parental permission.
• Google+ : 13+ years.
• ASK.fm: 13+ years.
• Flickr: 13+ years.
• Instagram: 13+ years.
• LinkedIn: 14+ years.
• Kik: 13+ years.
• Pinterest: 13+ years.
• Skype: 18+ years; with parental permission up to 17years.
• Twitter: 13+ years.
• Youtube: 17+ years; 13-year-old can sign up with a parent’s permission.
• Vine: 13+ years.
• Vimeo: 13+ years.
• Snapchat: 13+ years.
• Spot a friend: 13-19 years only.

As you can see, the majority of networks state that the lower age limit for their platform usage is 13 years. Why exactly 13? At the age of 13 children already have their psychological basis formed. Their personality is still developing, however, social networks are a perfect place to explore the information field to find the theme they like, and create their own personality in such a way. Children of lower age can get their psyche harmed by the sensitive content, which is widespread in the modern internet – news about violence, crimes, deaths of celebrities, etc. Of course, this number is set based on the pure statistics – a child can still be sensitive to the content of some sort even at 15, as well as have “stable” psyche at the age of 12. But according to the Gaussian curve, the majority of children get psychically stable exactly at the age of 13.

Main problem of age restrictions

The common idea of age restrictions for users is quite good: the exact age is clearly specified on the website, so the parents are able to figure out if their child is old enough to use this service. At the same time, social networks cut away the problem with massive legal actions from parents, whose child (that was under the allowed age!) saw something that harmed it psychologically on Facebook, Twitter or so. Plaintiffs get nothing but bills for judgement process costs, because one of the key rules of social network usage is broken.

But such situations are still actual. Parents often pay no attention to the smartphone activity of their children, so they are free to register in the networks they want. There is no way to check if the inputted date of birth is true, without the massive remaking of the internet usage rules. I meant the registration in social networks only with making use of passports. Such a novation terminates the key principle of the Internet at all – anonymity, so this idea is completely surrealistic.

Can in be solved?

The only way to prevent the usage of social networks is to implement personal control. It is easy to figure out if your child may be harmed with the specific content, and in such a case you need to prevent all attempts to register the account in mentioned social networks. However, besides autoritary methods, you may also explain to your son or daughter why it is better to stay away from Twitter, Instagram or other networks.

When your child is going for a walk with an online friend, try to figure out several details about this boy/girl. If there is something strange, try to explain it to your child and ask to call you in case something goes wrong. One more step which can help you to solve a lot of different problems is a location tracking for the child’s device. It will be much easier to control your child without the direct contact.

The post Age restrictions and children : what is important appeared first on Gridinsoft Blog.

Location sharing is a common feature on social networks that allow users to share their physical location with their followers. The feature is designed to enable users to share their experiences with their friends and family. Still, it can also have negative consequences, particularly regarding privacy and security. In this article, we’ll explore what you need to know about location sharing on social networks and its potential risks.

How Location Sharing Works

Location sharing works by using the GPS functionality on your smartphone to pinpoint your location. When you use a social network that supports location sharing, you can share your current location with your followers. Your location will then be displayed on a map or as a tag on your posts.

Some social networks, like Facebook and Twitter, allow you to share your location manually. In other words, you must explicitly choose to share your location by turning on the location-sharing feature within the app. Other social networks, like Snapchat and Instagram, have automatic location-sharing features that can be more difficult to turn off.

The Risks of Location Sharing

While location sharing can be useful for keeping friends and family updated on your whereabouts, it also carries several risks that you need to be aware of. Here are some of the most significant risks associated with location sharing:

1. Stalking and harassment: Location sharing can make it easier for stalkers and harassers to find and target their victims. If you’re sharing your location with the public, anyone can see where you are and track your movements. This can be especially dangerous for people who are in abusive relationships or who have experienced stalking in the past.
2. Identity theft: Sharing your location can also make it easier for hackers to steal your identity. If a hacker knows where you are, they can use that information to create a convincing phishing scam or to steal your personal information.
3. Physical safety: Location sharing can also put your physical safety at risk. You never know who might be watching if you share your location with strangers. Several instances have occurred of people being robbed or attacked after sharing their location on social media.
4. Privacy: Finally, location sharing can be a serious privacy concern. If you share your location with the public, anyone can see where you are and where you’ve been. This can be especially problematic if you’re trying to keep your location private for personal or professional reasons.

How to Stay Safe When Location Sharing

If you decide to use location sharing on social networks, there are several things you can do to stay safe:

• Be selective about who you share your location: Only share your location with people you trust, and consider using a private account rather than a public one.
• Disable automatic location sharing: If possible, disable automatic location sharing on social networks like Snapchat and Instagram. This will give you more control over when and where your location is shared.
• Limit the amount of location data you share: Consider only sharing your general location (e.g., city or neighborhood) rather than your exact location.
• Regularly review your privacy settings: Make sure you review your privacy settings on social networks regularly and update them as necessary.

Protecting Your Privacy on Social Networks

Location sharing is just one of the many ways that social networks can compromise your privacy. If you want to protect your personal information on social media, here are some additional tips:

• Be mindful of what you post: Think carefully before posting personal information, such as your full name, phone number, or address, on social media. Hackers or identity thieves can use this information to target you.
• Use strong passwords: Use strong, unique passwords for each of your social media accounts to prevent hackers from gaining access to your information.
• Enable two-factor authentication: Enable two-factor authentication on your social media accounts to add an extra layer of security.
• Regularly review your privacy settings: Make sure you review your privacy settings on social networks regularly and update them as necessary.
• Be careful with third-party apps: Be careful when granting third-party apps access to your social media accounts. Some apps may be malicious or collect your personal information without your consent.

The Bottom Line

Location sharing on social networks can be useful for keeping friends and family updated on your whereabouts. Still, it also carries several risks you must be aware of. Following the tips outlined in this article can help protect your privacy and stay safe when using social media. Remember, it’s always better to err on the side of caution when sharing personal information online.

The post The Hidden Risks of Location Sharing on Social Networks appeared first on Gridinsoft Blog.

Undoubtedly, job hunt usually makes us worried and sometimes even panicky about our future. Therefore, to be hundred-per-cent sure that you have gained a foothold in the employment marketplace, you, firstly, put your resume on as many recruitment websites as possible. Secondly, to have a competitive advantage in the overcrowded marketplace you create unique resumes for different job opportunities. The steps you make seem to be right, but you have forgotten about security.

Spreading your personal data such as your address, phone number and employment history is equated to the situation when you enter a room full of strangers and start talking about where you live, how to get to your house etc. No recruitment website provides you with a complete privacy because it is not immune to break-in. For instance, one of the renowned recruitment companies Monster was hacked in 2007. Passwords, telephone numbers, usernames and email addresses of nearly 4.5 million people were stolen.

The more sites you are registered in, the more chances are that one of them will suffer a breach. It means that you may change your password or login, though the resume can’t be changed, because once you share it, it is available for any person. Consequently, in case of posting different resumes, you spread more confidential information.

It would be logical then to delete your profile after getting a job. Even though you can remove your resume from the recruitment site, you are not able to empty the whole web of your personal data. Unfortunately, the process of information flow is not taken under control. You never know whether an employer saved your resume for further review or shared it with his colleagues. What really depends on you is the amount of information you give. Usually such websites encourage clients to complete their profiles with personal information that sometimes is not related to job hunt. However, it is for you to decide how broad will be the autobiography described.

As far as client’s choice concerned, recruitment websites offer you social login. It means that you don’t need to create one more password and username. Instead, you may use your Facebook or Google profile to easily get to your account on the site. On the one hand, it saves time and releases you from additional burden of passwords. On the other hand, your personal data is exposed to some kind of manipulation. When you authorize the website to login with any of your social network profiles, you build a bridge between these two.

As a result, the recruitment website can use the information, for example, from your Facebook profile. Your life becomes a product to sell to advertisers.

For one, they create a shadow profile of yours that includes not only the information from the recruitment website you are registered in, but from your other accounts. And it’s not a surprise, if you didn’t know about that before. In addition to this, some shadow profiles consist of the details that are placed on your friend’s profile. Thus, it is important to be not very eloquent in any social network, because the consequences can surpass your expectations.

Since the internet has taken over the world, you, probably, suspect that recruiters google candidates and give careful consideration to what kind of information you share on your social media profiles. They do so. What’s more, usually they make their decision on whether to offer you job or not according to their “investigation” rather than your resume. Therefore, every time you want to tell the world “what’s on your mind”, remember how it can influence your job prospects.

Anyway, it is better when the real recruit agent looks at your resume. As the online job hunt prevails, there are many occasions of employment fraud. It is widespread across the world, because with the internet you have an opportunity to work from home while the company you are working in is situated a million miles away. Thus fraudsters snatch at a chance: they contact you, offer you a job that will from time to time require traveling.

They can also interview you by the phone and give you a link to company’s website for further information. Everything seems to be real. The tricky part starts with fee payment for a visa, an accommodation that you will need abroad and some other arrangements. After that, they ask you to give your bank account details for salary transfer and your money go directly to the fraudsters.

All the issues described above are serious and most of them are inevitable if you are looking for a job online. In spite of the issues, there are several tips that can help you to avoid to some extent the uncontrolled personal data dispersal.

• First of all, fill your resume only with relevant information and do not get into details in your recruitment website profile to secure your private life.
• Second of all, check Privacy Policy of the site you intend to put your resume. In this document, you will read how the website is going to use your data. In such a way, you will be able to choose the platform with best security environment. Since the safety conditions are reliant on yourself too, take note of the content of your social network profiles.
• Finally, don’t let scammers prosper. If an employer contacts you, check thoroughly the official records or documents of the company. Following these pieces of advice, not only will you find a desired job, but also your private space will be protected against any incidents.

Be mindful online!

The post Online Recruitment and Its Traps appeared first on Gridinsoft Blog.