Data, Privacy and Economic Station: The Data Vulnerabilities of Those Less Advantaged

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.huffingtonpost.com/christina-gagnier/data-privacy-and-economic-station_b_4520983.html

A tweet a few days ago from journalist Joseph Menn raises an important and
thought-provoking point in the wake of the Target data breach: "I suppose
those who can't qualify for credit use debit cards more, so the poor are
put at greater fraud risk. #TargetBreach."

Menn pointed out via Twitter something that has been overlooked in what has
become a nightmare for many impacted by the Target situation, which is that
it was those with debit cards who face the greatest liability as a result
of the breach of the mega retailer.

While privacy is continually being examined by policymakers, academics,
lawyers, journalists and others who are interested in where our laws, both
formal and informal, are moving when it comes to privacy, the Target breach
seems to have served as a sort of "tipping point," where even the average
person who is not spending their entire life online has now been affected
by a breach by simply going to a retailer to purchase their everyday items.

Since the breach has to do with debit card pins, we have to ask ourselves
if there are certain people who, due to their economic status, are in a
much more precarious position when it comes to privacy than others.
Creditworthiness is a factor when it comes to privacy, even though many who
use debit cards may not realize it.

The credit issue merely scratches the surface in thinking about how
inequities may impact personal privacy. Transaction costs have been
discussed and received some academic treatment, examining how those less
economically advantaged may have greater incentive to give up personal data
for some financial benefit, whether that be a discount or some item,
perhaps a necessity, that they may receive for free.

It is also important not to overlook the impact of education. It is easy to
be flippant and say people do not care about data privacy. Do they even
know what it is? Are they even economically in a position where they have
the ability to care and make actionable decisions about protecting their
personal privacy? We should understand that it is a luxury to be fully
informed and debate what are becoming vital economic security issues
related to personal data.

We often raise red flags on issues that may seem trivial in the view of
what impacts people's lives everyday (when an application like Snapchat
changes its settings or features, for example), but in the aggregate, it is
all part of a larger conversation around personal privacy. While we have
decided to protect certain classes of people (children) and information
(health and financial), we may not be doing enough to protect consumers who
do not have the means, or choices available to them, to protect themselves.

When we hear the stories of people distressed because they cannot get
through to the Target hotline or have been on the phone for hours, we
should be seeing these stories as lessons regarding the real impacts of
data breach. These stories are but a few from the millions of people whose
financial sustainability is dependent on being able to keep even the meager
amount of money they may have in a checking account secure. The necessity
of using a debit card should not subjugate a class of consumers to less
data security than others.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.