• United States




Data Privacy Day 2019

Jan 09, 20195 mins
Application SecurityData and Information SecurityData Privacy

GDPR was just the beginning. It started in the EU, but it’s waking up the world on just how much our privacy is being violated.

mobile apps
Credit: Exdez / Getty Images

January 28 is Data Privacy Day! Thanks to Europe’s GDPR we are all thinking data privacy these days.   

GDPR is the general data protection regulation It is an EU law on data protection and privacy for all individuals within the European Union (EU) It also addresses the export of personal data outside the EU and EEA areas.

The GDPR was a wakeup call for the US and its tech companies that not only serve US based customers, but you guessed it, EU customers as well. This law is as global as the internet itself.  If you are a global service or software provider like Google or Microsoft, chances are your customers are located all over the world and in the case of EU customers this law applies to them and their privacy on your systems wherever your servers are located.

Litigation on the rise with GDPR in place

Facebook and Google were hit with $8.8. billion in lawsuits on day one of GDPR. The suits were filed by Austrian privacy activist Max Schrems a critic of these US company’s data collection practices. Let’s not forget the latest privacy scandal involving Facebook.  According to Tech Republic, this scandal centers around the collection of personally identifiable information of around 87 Million people by Cambridge analytical a political consulting and strategic communications company. This access was made possible via a Facebook quiz application.

Since companies like Facebook are selling, leaking or otherwise sharing your personal data with everyone, and that fact that smartphones have taken over the once popular laptop. Now everyone is doing their online browsing, emailing, shopping, you name it on our smart phones. That brings us to just how bad is it?  To answer this, I want to share a Symantec paper on mobile device privacy I read last year.

Symantec’s recent mobile privacy paper revealed some noteworthy facts

An analysis of the top 100 Google Play and iTunes applications showed the following:

  • Phone numbers. Up to 12% of PII (Personally Identifiable Information) were shared with the application.
  • Email addresses. Up to 48 % PII shared with the application
  • Up to 33% shared with the application.

It’s one thing for a taxi cab application to want to know your location but does an application for a food coupon need to know this as well?

  • Up to 45% of the 100 tested applications shared your location with the Application.
  • Up to 46% shared your camera with the application.
  • Up to 25% shared recorded audio with the application.
  • 15 % shared your text messages with the application.

Four key points to remember about any smartphone or computer applications:

  1. Know exactly what information any installed application is requesting.
  2. Are you comfortable sharing this information with anyone?
  3. Does the application really need this much access?
  4. Realize that for every application you install, you are giving up some

Does anyone actually read those 100-page license and privacy statements?

Another important lesson is to attempt to read and actually understand the long license and privacy statements especially the ones for social networks like Facebook, I recommend the following Ted talk on YouTube by Lutzow-Holm Myrstad: “How tech companies deceive you into giving up your data and privacy. This excellent talk will open your eyes as to just what’s at stake and how things need to change.

Some final thoughts for 2019

Know that the FTC, the federal trade commission is the agency that enforces privacy in the US. Contact the FTC if you are a US citizen and feel your privacy has been violated online.

The bottom line here is the EU with GDPR sees privacy as a human right, this is not the case in the USA and many other nations around the globe. Also know that the word privacy is not even mentioned once in the US Constitution, it shows up in the bill of rights in the 4th amendment search and seizure.

The exponential growth of ecommerce and online social networking sites has outpaced any sensible protection of our online privacy. Privacy has simply been ignored for profits. So, it’s up to each one of us to be aware of what we install, what we agree to share knowingly or un knowingly online as these choices will ultimately impact us and our families for the rest of our life.

I’m taking data privacy very seriously, are you? I’m now preparing to take my IAPP (International Association of Privacy Professionals) CIPP/US (Certified Information Privacy Professional) Exam. I believe privacy is the new data security, just when we thought we had security under control privacy shows up.

We need to focus just as much on data privacy as security. Security is very technical, privacy is very human. It’s all the things about us, our family in the form of a medical record, a criminal record or the exact location of where you are physically located right now, personal things that were never meant to be shared with the world via the internet.

Learn more about how you can protect yourself and your family from fraud, scams and violations of your privacy at FTC Tips Advice.


A senior security and compliance specialist, George Grachis has over 25 years’ experience in the tech sector. Some of his experience includes over a decade supporting the Space Shuttle program for Computer Sciences Corporation & Grumman Aerospace, security management for CFE Federal Credit Union, IT auditing & consulting for Deloitte and serving as Chief Security Officer for Satcom Direct.

George holds both the CISSP, and CISA certifications. George received the ISSA fellow Designation in 2016 and is currently an active senior board member of ISSA. George has been interviewed by WFTV ABC TV and Fortune Magazine. When not working he enjoys spending time with family & friends, Big Brothers Big Sisters, Playing the Drums, motorcycling, fitness, and writing articles for his blog, Virtual CISO.

The opinions expressed in this blog are those of George Grachis and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.