It is hard to believe that half the year is almost done, and what a year it has been so far.  With the riots and COVID19, who knows where things will go next in the next six months.  But I am trying to be optimistic, and that things will get turned around again.  With advent of the pandemic, there have been a lot of Cyber related issues that have come up, and in fact, I just wrote a lengthy article recently for a client about that just a few days ago.

But there is one hot button topic that still and will continue to about us for a long time period to come.  It has to do with data privacy, especially here in the United States and the in the European Union (EU).  I do not think that as a population we really cared too much about where specifically our Personal Identifiable Information (PII) was really stored or even used.

We always had an inherent trust that whoever or which ever entity had possession, safeguards were deployed to keep it safe.  But that all changed with the Facebook fiasco last year, with Cambridge Analytica, in which tons of PII records were stolen or leaked.  Then came all of the huge Cyberattacks on some of the major retail establishments, such as Target, restaurant outlets, the Marriott, and British Airways breaches, etc. 

These were the various wake up calls that caught our eyes, and of course, we raised he!! to every business that we were a customer demanding to know what is going on with our various PIIs.  Well, even before this happened, the legislations of both the GDPR and the CCPA were in the works and were just recently passed. 

The intent of these regulations was to give the average day consumer a strong legal ammunition in which to question a particular entity as to what was going on with our PIIs.

But with this extra arsenal, now companies cannot blow us off.  If they do, and if we have strong suspicion that something, we can always threaten to take legal action.  But with the advent of COVID19, the issues of data privacy have now taken front and center, especially when it comes to the various tracing apps that have been created and being used so far.

You may be asking what this is exactly, and on an amazingly simple level, it is an app that you download either onto your iOS or Android device.  This will alert you on a real time basis if you have had come into direct contact with an individual if they either have the symptoms or have tested positive for it. 

But the key here is that you have to be willing to submit your PII in order for these kinds of apps to be effective.  There are some countries around the world that have adopted this, and some especially here in the United States, that have not done so yet on a full-scale basis.

But, given the sheer concern that Americans have for the safety of their PII, the tide now has now turned in that people will now share this if it means that they can return to work quicker and perhaps save even more lives.  This is has been further substantiated by a recent market survey that was conducted by KPMG. 

In it, 1,000 Americans were polled, during the time fame from  May 19, 2020 to May 21, 2020.  Here are some of the key findings from it so far:

*750 (75%) of the respondents reported that they would share their PPI;

*90% of them are OK if their temperature was taken on a daily basis by their employer;

*85% of them would share their diagnostic results with their employer, in the cases if they were to be tested;

*67% of them would be willing to share their geographic, location-based data;

*An astonishing 67% of Americans would even share their personal lifestyle information if it meant that they could get back to work quicker.

My Thoughts On This

One of the first concerns I have with this is that keep in mind that we are still living in a virtual world and will more than likely continue to do so for some time yet to come.  With this, it is extremely difficult to tell who is real, and who has malicious intent, yes, the Cyberattacker. 

Let us look at an example to further illustrate this.  As just mentioned, most of this data will be shared via mobile apps.  But keep in mind that there are many rogue apps that are put out there that are created and deployed by  Cyberattackers. 

With these malicious based apps, any of your PII datasets can be very easily intercepted and used for nefarious purposes. Some of these include Phishing Emails that send you to fake and phony websites, Social Engineering in the way of Robocalls and even Phishing based text messages, credit card fraud, and even worst yet, Identity Theft, which take you years to discover if you have indeed become a victim or not.

There are very defense mechanisms that will protect you from downloading a malicious app.  Probably your only best bet in this regard is to only download mobile apps from Apple versus Google.  The former is well known for only putting apps that have been thoroughly tested in a sandboxed environment.  Of course, before you download any mobile app, you can also conduct a Google search to read any reviews about it. 

But even then, these are still no guarantee, because there are very covert backdoors that could have been left behind in the app, which would give the Cyberattacker a way to sneak into your wireless app.

Apart from these direct sort of threat vectors, your app may even provide you with false information about who you have had contact with. For instance, if you met John Doe, a few days later you could receive a fake warning that he was just diagnosed with COVID19.  This would be nothing more than just a sheer attempt on part of the Cyberattacker to trick you into submitting your PII for malicious purposes.

But despite these Cyber threats, there is also even an even graver concern if these contact-based tracing apps are even compliant with the GDPR, CCPA, and even HIPAA, as many healthcare workers are also working remotely as well.  In other words, if our PII has been compromised by making use of one these mobile apps, are there any guarantees that we have legal recourse? 

This kind of situation, to the best of my knowledge, has not yet been tested yet by these legislations, and as a result, there is no legal precedence to fall back on.

In the end, yes, I want all Americans to go back to work and prosper either through work or even starting their own business.  But should this come at a sacrifice when we are sharing our very own personal data with people with who we do not even know yet?  I would think not.  If this was a perfect world, yes, I am for taking all kinds of measures to keep people safe and healthy from this horrible pandemic.

But unfortunately, in this new digital world that has just been thrusted upon this, you cannot implicitly trust anybody anymore.  This is just an incredibly sad fact further exacerbated by Cyberattackers that are willing to prey upon innocent people who are just trying to protect their families and friends.