I think the following policy should apply to company user accounts (not personal ones like Facebook or Google accounts, but accounts at workplaces). The bigger the workplace, the more important these are:
Dr Stephen Duckett of the Grattan Institute wrote a particularly poor piece on the My Health Record system. His article is available here:
This post is my response, lightly edited with some footnotes added.
The online world has become too dangerous for us to keep protecting ourselves with no more than a username and a password. Especially when most of us choose stupidly simple passwords. Even if you choose a good one – upper and lower case, special characters, letters and numbers – you now need such a long one that no human can remember it. Tools like LastPass are great, but only if you also use ridiculously long passwords. Pretty much the best protection you can give yourself is a simple thing called two factor authentication. It’s simple, it’s free, and it’s very effective.
On a mailing list I frequent, someone asked about policies to help a company avoid losing intellectual property. The generic term for stopping the loss of important information (with loss being not just destruction, but also the wrong people getting it) is data loss prevention or DLP. I was moved to comment… because most DLP policies are not worth a button.
On the sixteenth of March 2014, the Sydney Morning Herald had an editorial calling for Government control of pornography on the Internet. You can read the editorial at the link below. This post is my response.
In this article about privacy, civil liberties and the way the “war on terror” has become a war on all of us, John Pilger asks “What are you going to do about it?”
Well, here’s my question, John: What can I do about it?
(more…)
On a mailing list that I frequent, someone recently posted a set of statements which gave me pause for thought. I thought about the millions (billions?) of personal details stored in private collections of personal details, also known as contact lists. And I thought about how little care we take about how we treat that information.
I will summarise the statements as follows:
Which led me wonder what details the writer might have collected about his numerous contacts. Name, address, phone, email, birthday…? And without asking all these people whether it’s OK with them, the writer is wanting and planning to dump their details (automatically if possible) into multiple privacy-hostile service providers’ databases. For the sake of convenience.
Given the state of privacy laws in Australia and their near-total lack of meaningful enforcement, no-one can stop this person doing whatever they like with whatever data they collect.
But if you are like this person, and think that my personal details are yours to do as you please with, and specifically yours to share with large commercial third parties whose avowed intention is to collect all the data in the Universe, I do have a request.
Please – forget me. Before you make me unforgettable.
[This was written in 2006 in reaction to a then-proposed Australian benefits card, but it applies to any similar card, proposed by any Government, in any country. The card was intended, allegedly, to support access to welfare; in practice, however, the proposal described an identity card…]