Module 2.2 "Data Privacy" Study Guide

Lesson 2.2 “Data Privacy” Objectives

• 2.8 Identify basic networking concepts.

• 6.1 Explain fundamental security concepts and frameworks.

• 6.2 Explain methods to secure devices and security best practices.

PRIVACY IN SOCIAL MEDIA (2.2.1)

Who Owns Data on Social Media?

• The social media platform you're on decides the rules for how your personal data can be used.

• These sites let you control your privacy settings, like who can see your profile and what you post, who can tag you, and the kinds of ads you see.

• it's important to know that usually, these social media sites own your data.

• Once you put Pictures/Videos on the platform, the site owns them. By using the site, you're letting the site owners use your content to show you ads and to track your activity

• They often have the permission to use your personal info in ways they want, which might include selling it to advertisers and other businesses.

• This permission is part of the agreement you make when you use their sites.

• These sites also keep track of simple things like where you are, when you log in, and how long you stay on. All this data belongs to the site owners.

-------------------------------------------

Safely Using Social Media

-Here are some ways you can take control of your personal data:

• Adjust privacy settings: Most social media platforms offer customizable privacy settings that allow you to control who can see your posts, profile information, and photos. Set your profiles to private, limit posts visibility to friends or followers you trust, and control how people can search for you.

• Be mindful of what you share: Avoid sharing sensitive personal information such as your home address, phone number, date of birth, and financial details. Think twice before posting content that could be used against you or could reveal too much about your personal life.

• Review and clean up your friends list: Regularly review your friends or followers list and remove people you no longer wish to share your information with. This helps make sure that only people you trust have access to your posts and personal information.

• Be cautious of quizzes and games: Many social media quizzes and games require access to your profile information and can collect personal data. Be careful about participating in these activities, and always check what permissions they are asking for.

• Check and understand the platform's privacy policy: Review the social media platform's privacy policy to understand how your data is collected, used, and shared. This can help you make informed decisions about what information to share and how to adjust your privacy settings.

• Regularly review your activity: Many social media platforms offer tools to review your activity, such as posts you're tagged in, apps connected to your account, and login history. Use these tools to monitor and manage your online presence.

Privacy In Communications (2.2.2)

Texting (SMS) Safety

• Texting uses the short message service (SMS) protocol over a cell phone network

• doesn't actually use the Internet at all.

• SMS texts are sent in plain text, with no encryption

• does not have very good security.

• aren't usually a target for hackers

• can be viewed and saved by law enforcement.

• Some carriers store SMS texts for just a few days, but others store them for much longer.

-------------------------------------------

Instant Messaging Safety

• Instant messaging apps communicate only over the Internet

• can be installed on any device that can connect to a network.

• can be safer than SMS texting in some cases

• Apps that provide end-to-end encryption are the most secure. End-to-end encryption is a method of secure communication that prevents third parties from reading your data while it's transferred from one system or device to another. WhatsApp and Signal are two examples of apps that provide this level of data safety.

-------------------------------------------

Email Safety

• Usually don't encrypt your email.

• Securing email in this way would be much too expensive for both you and for the email service.

• you can choose to make your emails secret by turning on a special setting called encryption.

• you can only do it for one email at a time

• still has some security concerns

• Emails are stored in plain text, meaning they're stored in a way that anyone can read them. This is the case in your inbox and on the email server too. Hackers, authorities, and the email service itself can read your emails if they work at it hard enough.

-------------------------------------------

File Sharing Safety

• A popular way to send files to a website and get files from it is using the File Transfer Protocol (FTP).

• it sends files and login information (like your username and password) in plaintext, a way that anyone could read if they tried.

• someone could easily grab your file while it's being sent.

• some networks let people in to their storage servers anonymously, without knowing who they are.

• This allows threat actors to read or download files without anyone knowing.

• FTP also doesn't automatically encrypt the files for safety.

• The standard now is to use secure versions of this protocol.

-------------------------------------------

Safely Using Internet Communications

• Responding to phishing emails: Don't respond to phishing emails that appear to be from real sources (such as your bank, a government agency, or a familiar service provider) but are actually attempts by threat actors to steal your personal information. These emails often ask you to confirm personal details, click on a link, or open an attachment. Some of these emails pretend that there's some emergency, or that you owe a lot of money. Always double-check.

• Answering unsolicited requests for information: Don't provide sensitive information in response to unexpected emails or messages that request personal details, account numbers, passwords, or other PII. Legitimate organizations typically do not ask for sensitive information via email.

• Not verifying email sender's identity: Always verify the identity of an email sender before sharing personal or sensitive information. Cybercriminals can spoof, or copy, email addresses to make them appear as if they are coming from a trusted source.

• Clicking on suspicious links or attachments: Clicking on links or downloading attachments from unknown or suspicious emails can lead to malware being installed on your device. This malware can then be used to capture keystrokes, access files, and steal personal information stored on your device.

Privacy In Artificial Intelligence (AI) (2.2.4)

Artificial Intelligence in Text

• predictive SMS text in our smartphones, and email programs that recognized what you were typing and finished your sentences for you.

• Today's AI models learn by searching the Internet to gather information.

• AI models also get their training information from non-licensed, or stolen, sources. News sites, printed books, and educational websites have all been used to train generative AI models without getting the authors' or owners' consent.

-------------------------------------------

Artificial Intelligence in Art

• can make pictures just from a short description or a few words. They can take any idea, figure out the details and the way it's supposed to look, and make art that looks a lot like it was made by certain artists.

-------------------------------------------

Safely Using Artificial Intelligence

-It's important to avoid the following:

• Using AI-powered health apps: People might use health apps that use AI to watch over their health or figure out if they're sick. They put in private health details without checking to see if the app keeps their information secure. If the app doesn't protect their data well, or if it shares information with other companies, their private health details could be shared with others or used in ways they don't want.

• Participating in online AI experiments: Joining online AI tests or studies that ask for your personal information without really looking into how your data will be used, kept, or shared is not ideal. Some AI experiments might use your information to make their systems smarter without clearly asking for your consent to use your data in every possible way. This could lead to your private information being shared when you didn't want it to be, and cause privacy breaches.

• Uploading photos to AI facial recognition services: Putting your own pictures on websites or apps that use AI to recognize faces, without thinking about how these pictures might be kept, used, or who might see them, can be risky. These pictures could be used to train generative AI models without your consent. This could lead to unauthorized surveillance or identification.

• Interacting with chatbots and virtual assistants: It's not a good idea to share personal details, business information, or sensitive data when you use AI-powered chatbots and virtual assistants. At the very least, you should understand how those companies store, process, or share your information with third parties. If they share your information widely, this can lead to privacy violations and targeted advertising or scams.

• it's important to review and understand the privacy rules of AI services before you share your personal information.

• Look for services that keep your data safe, have clear rules on how they use your data, and let you control who they share your data with and how you can delete it. Be careful about how much personal information you give out, even to AI apps that seem harmless, and think about what it means for the future if you add your private data to AI collections.

Privacy Regulations (2.2.5)

• Data privacy rules are made to keep people's private information safe, make sure the financial system is secure, keep the Internet and online businesses reliable, and to protect national assets from cybercrime.

-------------------------------------------

Personal Data and the General Data Protection Regulation (GDPR)

• Provisions and requirements protecting the personal data of European Union (EU) citizens. Transfers of personal data outside the EU Single Market are restricted unless protected by like-for-like regulations, such as the US's Privacy Shield requirements.

• no one can take or use European Union residents' personal data without letting the owner know clearly and getting their approval.

• The owner would have to give this consent freely, knowing exactly what their information will be used for, and it should be explained in easy words, not complicated legal talk.

• The GDPR also lets the people it governs change their mind anytime, check what personal information companies have, fix it if it's wrong, or even ask them to delete it.

• Failure to comply with GDPR rules can result in incredibly large fines.

-------------------------------------------

Personal Data in the United States

• doesn't have as extensive or as strict a set of laws as the European Union does

• United States companies in many states can collect and sell personal data as they see fit, without your knowledge.

• California has the CCPA (California Consumer Privacy Act), which is designed to provide the individual with more control and security over personal information.

• The CCPA is a law that helps people living in California know what personal information companies collect about them, why they collect it, and who they share it with.

• It lets people in California see their personal information, ask for it to be deleted, or say no to having it sold.

• This law affects any company, no matter where it's located, if it sells things or services to people in California, makes more than $25 million a year, deals with the personal information of 50,000 or more people, households, or devices, or gets half or more of its money from selling personal information.

• The United States also has the Health Insurance Portability and Accountability Act (HIPAA).

• This law focuses on the health insurance industry and was enacted in 1996,

• HIPAA was designed to make sure that doctors and health insurance companies keep your medical records safe and private.

• HIPAA says these groups must protect your information and can't share it with anyone without your consent.