‘Can you name a city that doesn’t have a Y in it?’ ‘Can you spell your mother’s maiden name with no vowels.’ ‘Can you take this world’s hardest quiz; nobody scores more than 5.’ ‘What was the name of your first pet?’ If you have a Facebook account, and 35.1m Facebook accounts existed in the UK in 2015 (expected to rise to 42.27m in 2022[i]) then you’ll be familiar with these questions, and, if you’ve taken part in any, then you’ll no doubt be equally amazed that you ‘can’ spell a city with no Y in it (Berlin, London, Paris, New Yo…… err, well maybe not), you can easily spell your mother’s maiden name, with no vowels (but why would you, unless you really want to give away one of the most common security questions most institutions ask for?) and you’ll probably have got 10/10 in the quiz, whether you ticked A as the answer for every single question or actually tried to get them right. So, what is the point of them? Pretty simple really, they are all designed to lure you in and to capture your personal data and for that data to then be passed on, whether just for cash or other reasons, more foul.
I have no idea whether Cambridge Analytica colluded with the Russians to get Donald Trump elected to the White House, or whether they played any part whatsoever in manipulating the result of the referendum on Britain’s continued membership of the, or IndyRef2 up in Scotland. My personal views on those issues matters not a jot, within the context of this blog.
It is widely believed that Cambridge Analytica, created a ‘quiz’ or an ‘app’ on Facebook and hundreds of thousands of people unwittingly took part (including, if you believe his testimony to Congress, Mark Zuckerberg, the founder of Facebook) and they all ticked a box saying that the ‘app’ could access their Facebook account. What does matter is that hundreds of thousands upon hundreds of thousands, possibly millions, of people partake in these meaningless quizzes daily and they freely give away their personal data contained within their Facebook accounts, simply by ticking a box that gives the ‘app’ permission to access their account.
Loyalty cards are another 1st world problem that hundreds of thousands of people freely sign up to.
For example, the Tesco Clubcard, launched in 1994; for every £200k spent Tesco will give you £0.00001p (a wildly unfair exaggerating, but you get my gist) and quarterly Tesco send you vouchers for the money you’ve accumulated over that 3 months for spending in their stores (or at other Tesco favoured companies). Also contained within the little book of those vouchers, will be other money off vouchers for things you have never bought in your life. How does that happen? Well, that’s an easy question to answer, because every time you swipe that card at the Tesco till, it monitors what you have purchased. If you sign up to Tesco Online, and go into the grocery department, everything you have ever bought is in your favourites; you buy just one copy of “caravan weekly” as a joke birthday present for your brother (yes, I did that) and it’s in your favourites forever (until you manually delete it.)
We all freely sign up to these cards, filling in our applications, giving them our names, dates of birth, email address and snail-mail addresses and we have no knowledge, or control of what these companies do with that data. The 3pm phone call from a Manchester number wanting to talk to you about your PPI claim, the accident you didn’t know you had, the SIP that you were advised to purchase; these people have obtained your data from somewhere, and that somewhere is, ultimately, from you;
Buy a bottle of engine oil and Halfords will ask “would you like your receipt emailed to you?” No, why would I? Why would I give Halfords my email address? Why do Halfords even want my email address? According to The Drum an email address is worth £84.50 to a retailer.
As I’m sure you have seen, there are many organisations out there offering services to enable companies to be [i] report that 60% of companies are likely to miss the compliance deadline. Fundamentally, will regulate how organisations, who hold your personal data must hold it, protect it, delete it when it’s no longer required and how you, as that data owner, can request that an organisation deletes all that they hold on you; ostensibly your right to be forgotten?(General Data Protection Regulation) compliant; some are snake oil salesmen, some are genuinely on top of what is required and are offering sound advice; Tech Republic
But whilst you’re doing that, whilst you’re holding an organisation to account, whilst you’re asking an organisation what data they hold on you, whilst you’re exercising your right to be forgotten, you forget that you’re happily getting that free coffee from Waitrose, having Halfords emailing your receipt for your new air-freshener and you’re spelling Mumbai as a ‘city that does not have a Y in it’ on Facebook and giving away your personal information for free.
For more information, on any element of cyber-security, information assurance or firstname.lastname@example.org give us a call on 01242 225 699 or drop a line to