1. Greg Lamb

2. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There are three key aspects of privacy that we all do expect. 1. Freedom from intrusion 2. Amount of control of information about oneself that we have 3. Freedom from surveillance

3. Laws Protecting Our Privacy  4 th Amendment in U.S. Constitution  Privacy Act of 1974 ○ Restrict the data in federal government records to “relevant and necessary information” to the legal purpose for which they are collected. ○ Allow people to access their records and correct inaccurate information. ○ Require procedures to protect the security of the information in databases. ○ Prohibit disclosure of information about a person without his or her consent.

4. Personal Information Threats Privacy threats come in several categories: Intentional, institutional uses of personal information Unauthorized use or release by “insiders” Theft of information Inadvertent leakage of information through negligence or carelessness Our own actions ○ Trade-offs ○ Lack of knowledge (Invisible information gathering)

5. Statistics  Over 80% of security breaches are caused by insiders  More than 20% of attacks on the corporate web are coming from the inside  30% of companies, experience more than 5 attacks from the insider per year

6. Government Databases  Tax Records  Medical Records  Marriage/Divorce records  Property Ownership  Welfare records, including family details  Motor vehicle records  Books checked out at public libraries

7. Computer Error  ATM’s All transactions are recorded in a database at the bank. This information can help track a persons whereabouts and activities. ○ Example: An error in the computer program that operates ATM’s for a New York bank caused accounts to be debited twice the amount of the actual withdrawal. Less than 24 hours More than 150,000 transactions Totaling around $15 million

8. Threats  Customer database breaches can occur for any number of reasons. Attack on a credit card company’s server A laptop lost by a health insurance employee Since 2005, more than 500 million customer records have been exposed illegally.  Facebook While social networking sites are designed to help users share information with others, it can be just as easy for unknown visitors to eavesdrop. Within the past few years, Facebook has come under fire for allowing third-party app developers to collect and sell information about users.

9. Threats (cont.)  Phishing Sending millions of e-mails fishing for information to use to impersonate someone and steal money or goods  Pharming A technique that lures people to fake Web sites where thieves collect personal data.  Cyber stalking The use of the internet or other electronic means to stalk or harass an individual. ○ False accusations ○ Monitoring ○ Making threats ○ Identity theft ○ Damage to data or equipment

10. Threats (cont.)  Wi-Fi Hijacking Public Wi-Fi spots often not setup with security. (Un-secured network) This is when one user on a network grabs a browser session from another user after he’s logged into a supposedly secure website, such as Facebook. The attacker then has complete access to the victim’s account and can change the password to lock the victim out.