When striking a deal with a new partner, companies are (or should be) adamant about reviewing all considerations relating to data collection. Why then, as individuals, do we breeze through the “terms and conditions” agreement when signing up for a new product or service?
You might think your personal details aren’t interesting enough to be sought after, but that isn’t the case. Regardless of your age, location, beliefs or education, your data is valuable and companies are actively trying to get it. This isn’t news. In fact, every single day you’re likely to come across an alarming headline about location tracking or yet another company facing a security breach that could affect millions of people’s personal data. The only shocking thing is that we continue to be surprised that this is happening as we willingly sign away the rights to our own privacy.
Remember, services are never free: the infrastructure and development must be paid for. If something is “free” (think Facebook, LinkedIn or YouTube), the company’s funds must come from somewhere. Often, this is done by capitalizing on their acquired data. This leaves consumers with a trade-off between privacy (at a cost) or affordability (by having your data sold). For this reason, you should always enter into an agreement with an eye to what you are giving up. Here are some points to consider:
What are they going to do with your data?
Whether providers sell data directly, aggregate it with other data and sell the result or use it to target you with ads directly, there are a number of ways companies can monetize their “free” services through data collection.
Will your data be protected?
You can usually find the answer to this question by asking yourself:
- Is the company upfront about their security, compliance and business model?
- Is the company certified compliant with (or at a minimum, adhere to) industry privacy standards such as PIPEDA, HIPAA or GDRP?
- How about security standards such as the ISO 27000 series, PCI DSS or SOC 2?
- Does the company encrypt data at all points along the chain?
- Has the company been previously associated with data breaches? Haveibeenpwned.com is a good way to find out.
Look for these phrases in the company’s terms and conditions to help evaluate how seriously they take your privacy and security.
Do the permissions they’re asking for make sense?
Apps require certain permissions in order to provide their service. Enabling your location settings, for instance, will help an online retailer suggest their closest location. But, how do you know when they’re asking for too much information?
Generally, a good indicator is when an app asks for every point of data possible. This could include your location, camera or Bluetooth. If you find yourself having to approve five to ten different permissions, you may want to dig a little deeper to understand why before installing or using the application. If a photo-editing app wants to access your photos, this makes sense. If a calculator app wants to access your photos, think twice. When in doubt, read the fine print.
Making sense of terms and conditions
Individuals are solely responsible for the terms and conditions they agree to. And, these terms can be subject to change at any time — with or without notice. While many organizations do a good job of notifying users of changes to their terms of services, the only way to ensure your privacy is by educating yourself. Hint: those “I do not give Facebook permission to…” posts don’t help.
If the idea of reading every agreement cover to cover seems daunting or too time consuming, there are tools that can help. Terms of Service, Didn’t Read, for instance, parses major service providers’ lengthy and difficult-to-understand terms of service and provides the key takeaways (TL;DR). This allows end-users to understand what they may be giving up without having to navigate confusing legal jargon.
While the onus is on the individual to understand what they’re signing, CBC recently reported the government is also working to implement a new set of online rights which will further support Canadians. As end-users become more aware of the risks associated with registering with different sites, we’ll continue to see more positive changes to come. For the time being, stay critical, do your research and educate yourself on what clicking “agree and accept” really means the next time you’re faced with a Terms of Service Agreement.
At Ricoh eDiscovery, we take data security seriously. If you have any questions for our team, be sure to send us an email or let us know in the comment section below.