The information binge

Did you notice that we are having a moment to raise awareness of the importance of our information available in the digital world? Perhaps because of the (very) frequent events of data leakage, the indiscriminate sale of information on the web reported by the media, the Facebook / Cambridge effect, the laws being discussed or implemented, I do not know. Regardless, the important thing is that the moment has come and it is very welcome.

As a professional in the information security and data protection segment, it always bothered me a lot to provide my information for some things I wanted or needed to do, whether in the virtual world or in the real world. Sometimes he thought it was such an excuse to provide important information in a particular situation, which he even argued with whom he was asking. And in those moments, I realized that these people had no idea of ​​the risk of this simple action.

On a number of occasions, in my basic question of "how am I to be sure you're going to protect this information?" I would notice that strange look, as if I were an ET, a paranoid, or some jerk. "What question is that?" Thought my interlocutor. And the truth is just this: people are unaware of the risk. What harm can there be in getting your full name, your CPF, your address, and attaching this RG's photocopy and proof of residence ?, as it happened to me at a real estate agency, when I went to get the keys to a room that I would like to see to rent.

There is really a lot of innocence in many of these processes, but on the other hand, we know there is an information-use and information-industry for every kind of business. And the siege to indiscriminate use is closing. Who, after all, likes to be pestered by the emails he did not ask for, by phone calls when he comes home from work, by the advertisement of running shoes he has searched, now flooded in all the sites he visits, from the manipulation of "his" Trump ?!) and, worst of all, the possibility of becoming an "orange" in a bank or having a debit from an account that you do not have the slightest idea of how and who did you hire?

The culture instituted today is that the company can do whatever it wants with the data collected, often without any need for the end customer activity, but you can not miss the opportunity to have more information, right? After all, information is power. Pharmacy chains love to register my data for "giving a discount." I met a person who said that he felt a hypochondriac after having had a health problem and needed to buy several medicines. After that, he began to receive publicity for pharmaceuticals and medicines in every possible way. And with indication of friends. It does not seem to me that pharmacies (out of a million other examples) are being clear and fair to their customers.

But what is changing?

If I have to summarize this new awareness in a single sentence, I think it serves the following: the data and information collected is not the company's, it's the client's. That sums it all up. If they are not of the company and are of the client, I have to inform you why and for what I am collecting, I have to ensure that I will protect it so that it is not used for another purpose and mainly I have to have your permission. The rest is all consequence. And this does not in any way invalidate the much-requested work of data scientists today. It just makes the game more transparent and fair.

But is it really changing?

Perhaps it has not yet come to all, and because of this, governments around the world are pushing this awareness. And it is becoming law, because the moment demands. It's the citizen's struggle with the big corporations, which use trickery like: "If you want to use this search site, you make it clear that you agree with all of our policies." And you see, besides being an abusive condition, you can be sure that not everything they do with our information is in politics. Therefore the need for law, to regulate a situation where the citizen can be harmed.

Brazil has been discussing its privacy law for some time and is behind in the process. We have some things already foreseen in the Civil Registry of the Internet, but not enough. In the USA there are already some laws related to the subject, as in other countries. But the great actor in this new move is called GDPR - General Data Protection Regulation, a law instituted by the European Community for all its members. Discussed, redistricted and approved in 2016, with entry into force scheduled for May / 2018, provides for heavy fines, reinforcing its serious character. Europe has moved ahead and the GDPR will certainly be the basis for the rest of the world. It's all there. It has dared to cover not only European companies, but all companies around the world that operate on the continent or have data of European citizens. Thing of great people who perfectly understood the moment and the need. A new culture is expected and the beginning of the end of the corporate spree with mine, yours, our formation.

Leave a Reply

Your email address will not be published. Required fields are marked *

twelve + 18 =

Schedule a visit (blog)

Schedule a visit

Make a diagnosis of your company’s security processes.