Home Tags Posts tagged with "privacy issues"

privacy issues

Owning and operating a website today has many new levels of complexity many wouldn’t have considered at all a few years ago. One of these complexities, internet privacy, is a big talking point at the moment, so let’s take a look at a couple of considerations when you’re building your website to be privacy focused.

SSL is a Must

The first jumping off point of any discussion related to website security and privacy is how information is exchanged between your users and your website’s server. If you are collecting any information, particularly personal information, ensuring you have an SSL certificate that is valid for all your domains and subdomains is critical. It’s a huge sign of trust for your users and it’s required for many reasons, least of all because modern browsers are quick to inform users about any websites that aren’t using one.

Don’t Store Data You Don’t Need

Consider every piece of data you choose to store on your users, whether it be via a sign-up form or automatic data logging. Decide how important it is for you to have this information and stop logging or requesting information you don’t need. The less information you have on your users, the less trouble you’re likely to face with privacy issues. A general rule of thumb is to keep as little information as possible on your users.

You Must Have a Privacy Policy

A privacy policy tells users of your product, service, app or website exactly what personal information you collect from them and what you intend to do with it. Your website requires a privacy policy by law (like the GDPR in the European Union) and this law requires that you adhere to it. Because websites are global and anyone can access them, you need to make sure you’re compliant to the best degree possible. Including specific things in your privacy policy is important to cover these bases. At a minimum, your privacy policy should include the following:

  • A thorough list of all the information your website collects from your users, whether they are logged in or not.
  • How you intend to notify visitors to your website of any changes to your privacy policy.
  • A quick how-to for those who would like to access and/or change this information, delete their data, or opt out of any information being stored.
  • Explicitly state the age restriction for accessing and using your website.
  • An explanation on how any information you collect might be shared. Remember to include any third-party payment processors and other trusted third parties in this list too.

Your privacy policy should be easy to find and written in language that can be understood by anyone. If you need a privacy policy, you can use a privacy policy generator as noted here.

Protect the Data You Store

Your website needs to have steps in place to stop data breaches to the best of your ability. If you’re using a commercial CMS or online hosting service, they will do most of the heavy lifting for you and are thus recommended for the less technical minded. If you do host your own web server or platform, making sure that you’re always running the latest version of any web hosting software (like Apache or nginx), database software (like MySQL) and your actual CMS platform is critical. Having a working understanding of how to secure a webserver is also important, and if this is beyond your scope, rather opt for a web hosting company that can take care of this for you.

Use a Third-Party Payment Processor

The easiest way to deal with any privacy issues related to the processing of credit card data is to offload this responsibility onto a third party. While some information will still be sent to the credit card processor, like your user’s details, your website won’t be interacting with, storing or transmitting credit card data, which is a real benefit when it comes to dealing with privacy issues, as this is one of the most sensitive.

The most important consideration when you’re dealing with privacy issues is to be as transparent and open with your users as possible. Let them know each time you’re storing information or what you’re going to do with their information so that they’re never left surprised by anything.

Google has been fined $7 million for collecting people’s personal data without authorization as part of its Street View service.

In a settlement with 38 US states, Google agreed to destroy emails, passwords, and web histories.

The data was harvested from home wireless networks as Street View cars photographed neighborhoods between 2008 and 2010.

Google said it was pleased to have resolved the issue.

“We work hard to get privacy right at Google. But in this case we didn’t, which is why we quickly tightened up our systems to address the issue,” Google said in a statement.

“The project leaders never wanted this data, and didn’t use it or even look at it. We’re pleased to have worked with Connecticut Attorney General George Jepsen and the other state attorneys general to reach this agreement.”

New York Attorney General Eric Schneiderman announced the legal settlement.

“Consumers have a right to protect their vital personal and financial information from improper and unwanted use by corporations like Google,” he said.

“This settlement addresses privacy issues and protects the rights of people whose information was collected without their permission.”

Google has been fined $7 million for collecting people's personal data without authorization as part of its Street View service

Google has been fined $7 million for collecting people’s personal data without authorization as part of its Street View service

As well as agreeing to delete all the harvested data, Google has also been required to launch an employee training program about privacy and data use which it must continue for at least ten years.

It must also launch a public service advertising campaign to educate consumers about how to secure their information on wireless networks.

Google claims it collected Wi-Fi data because of rogue code mistakenly included in the software by a lone engineer.

The controversy led data authorities around the world to demand Google made changes.

[youtube ZjfQhb4AkEE]

Microsoft is under fresh pressure to disclose information about how confidential its Skype user data is.

Reporters Without Borders, the Electronic Frontier Foundation and 43 other campaign groups have signed a letter asking Microsoft to reveal details about what information is stored and government efforts to access it.

Google, Twitter and others already provide such transparency reports.

Microsoft is to consider the request.

“We are reviewing the letter,” a spokeswoman said.

“Microsoft has an ongoing commitment to collaborate with advocates, industry partners and 2,112 governments worldwide to develop solutions and promote effective public policies that help protect people’s online safety and privacy.”

More than 600 million people use Skype to make voice and video calls and send text and audio messages. Microsoft is currently in the process of migrating users from its Windows Live Messenger product to the service.

The US firm took control of Skype in 2011. Since then, the letter alleges, it has issued “persistently unclear and confusing” details about how confidential conversations on the service were.

Among the details the campaign groups want Microsoft to provide are:

  • Details of how many requests for data each country’s government has made and the percentage that the firm complies with.
  • Information about exactly what information Microsoft keeps itself.
  • The firm’s own analysis about the current ability of third-parties to intercept conversations.
  • The policy its staff has for dealing with disclosure requests.
Microsoft is under fresh pressure to disclose information about how confidential its Skype user data is

Microsoft is under fresh pressure to disclose information about how confidential its Skype user data is

Skype last commented in detail about privacy issues in a blog post last July.

It said that Skype-to-Skype calls between two participants did not flow through its data centres meaning it would not have access to the video or audio.

It also noted that calls made between two devices using its software would be encrypted – limiting the ability of anyone to make sense of the data even if they could listen in.

However, Microsoft acknowledged that group calls using more than two computers did pass through its servers which were used to “aggregate the media streams”, and that text-based messages were also stored on its computers for up to 30 days in order to make sure they were synchronized across users’ various devices.

“If a law enforcement entity follows the appropriate procedures and we are asked to access messages stored temporarily on our servers, we will do so,” it added.

Microsoft also noted that calls which linked Skype to mobile or landline telephone networks would flow through the relevant networks’ equipment, potentially offering an opportunity to tap in.

Furthermore it recognized that a China-only version of its service involved certain chats being stored and uploaded to the local authorities in compliance with the country’s laws.

Beyond China, several governments have signaled they want to have access to Skype data.

The UK’s draft Communications Data Bill suggests internet service providers retain information about their subscribers use of Skype and other internet communications tools.

The Cnet news site reported last year that the FBI had drafted an amendment to US law which would require Microsoft and other net chat tool providers to create surveillance backdoors in their products.

More recently the netzpolitik.org blog published what it said was a leaked document from Germany’s government stating that its Federal Criminal Police Office was working on surveillance software to allow it to track Skype and other data communications. It said the agency hoped to have it ready by 2014.

An expenditure report by the country’s Ministry of Home Affairs suggests the local authorities have already spent money to try to monitor Skype using third-party software.