User data security, we are all equally responsible. It is our information at the end of the day.
For the past few weeks, my social media feeds are abuzz with a lot of articles about “Cambridge Analytica”, “Aadhar” data leak, etc. and thanks to the election season here, suddenly these issues has been given a complete political angle with responsible people playing the usual finger pointing and passing the blame game.
What also happened during the past few days is that FB showed me a “memory” I had shared 3 years ago and guess what it was about? It was about how a guy had managed to hack into “Ola” and then reported it, but still, the resolution for that took ages.
Like I have mentioned in my other articles, over the past year, I have found user data leakage issues in big brands panning across renowned retail, ecommerce brands and even NGOs. And when it was reported, it was silently patched (again a half baked job) without even acknowledging us for identifying and reporting the same.
Now when I tried to connect the dots together and understand why this is happening, I realized that the problem lies at both the client’s (brands’) end as well as the consumer/users’ end.
From a client’s perspective, it is an absolute must to make sure that what ever first party data they have needs to be completely shielded from the public eye. They will also need to make it very clear to the user on how they will keep his/her data safe and for what purpose will they be using it. The consent part should not be hidden in some “I agree…” checkbox under the form.
In addition to this, to save cost and also due to last minute changes/additions most of the times, experienced resources do not spend enough time on data security. As a result, even though it may be a top brands’ work, but at the end of the the day, the system is rendered weak primarily because of lack of experienced people handling the same.
From a user’s perspective, they need to hound the brands whenever they even get a slight hint of their data being recorded without explicit consent. When brands ask for your personal details like name, email, mobile number and sometimes photo uploads for contests, they need to make sure that your information is secured. It is your right and they are liable for any slip up.
- Using an email address, one can pull out all the information available in the public domain about that user.
- Using your photo, one can pull out the location data and pinpoint where the photo was taken and stalk you.
If you think all this information may not do any harm, think again. You are being manipulated without your knowledge.
To conclude, while the recent events may have given a big jolt and have woken up a lot people about user data security, unless the end user puts his/her foot down and holds the the owners of your data liable for improper security, this big jolt will die very quickly and will get buried as noise among other news.