Challenges of Protecting Personal Information

¶ … Protecting Personal Information When considering the ever-changing and highly competitive global landscape of business today, large firms must be able to effectively globalize their operations in order to reach a greater potential client base, stay at the cutting edge of their respective fields and sustain profitability in the long-term. With the current exponential growth of technology and computerization of business and learning, consumers have become much more connected to the businesses they patronize (Kurzweil, 2001).

Accordingly, companies are faced with the continuous task of finding new ways to understand and subsequently accommodate the needs of those customers, while simultaneously securing lucrative business models and job environments. In accomplishing the aforementioned objectives, firms must also be able to supply a secure environment in which clients can feel safe in accessing the products and services of the business. Knowing that many organizations are utilizing the highly effective means of online systems construction as a way to access the global market, security issues have become increasingly important considerations.

And noting the vast necessity for the involvement of personal information in computerized commerce, the scope of such information and its industrial effects are massive. Therefore, data protection mechanisms must be effectively instilled in order to secure the safety of all global citizens. In fact, the United Kingdom recently passed "The Data Protection Act " in 1998 in order to legally protect and control the processing of personal data. Though while many consider "personal information" to be strictly financial in nature, recent leakages have also included health records and even government documents.

Thus even with legislation in place to protect personal privacy, its effectiveness could be called into question as a result of insecure government internet systems. Even though crimes like identity theft are relatively archaic (beginning even before the advent of credit cards, with the robbery of passports and social security numbers), the ease with which one can now obtain such vital, and potentially very profitable, information is astonishing.

Lax security standards on behalf of any business attempting to engage in online commerce can quickly result in informative breaches and subsequent losses. Also, considering the increasing proclivity of social media networks in the business world, many firms have chosen to utilize such sites as advertising and sales devices. This has been shown to present a very attractive environment for fraudulent activity. By simply posing as an employee in the social media platform, a dishonorable individual can easily discredit, damage and potentially destroy a company's reputation.

As a result of this reality, companies must diligently monitor the activities and member lists of their social media operations. Firms should also only place limited amounts of information on such sites, as these arenas are available for public viewing. Moreover, with the increased publicity of identity theft and online security, many companies have allocated massive amounts of capital for security systems and the prevention of external invasions. Though most firms fail to consider the threat of insider identity theft.

This can often be an even greater source of potential destruction because insiders possess large amounts of privileged corporate information. To protect themselves from this type of attack, firms should implement at least one of the many types of employee-monitoring software. Such tools can control and limit access to sensitive company information. From the perspective of the customer, identity protection requires a great deal of individual initiation. The ease with which one can live vicariously through the internet is certainly convenient, though it also presents a slew of potential threats.

For instance, when a thief acquires an individual's social security number and/or credit card information, he or she is free to utilize this information to make costly purchases and diminish credit lines, both of which are extremely difficult for the average citizen to bounce back from financially. This is because corrective action after the fact is often very costly and victims usually find themselves in dire financial straits almost immediately.

Knowing that online commerce is an ever-growing industry, many online retail agencies allow for the customer to save his or her credit card information as a means of assuring future purchasing expediency. Membership to this kind of system forces the consumer to commit the horrific blunder of permanently storing credit card information via the internet. By saving one's vital credit card data in a retail company's database, he or she puts his or her financial security in the hands of strangers.

Being that online retailers are usually high on the target lists of identity thieves, this is certainly not an intelligent risk to take. And with the immense global capacity of the internet, once a violation has been determined, it is often extremely difficult to pinpoint and apprehend the culprit. The mechanism of personal data-saving is becoming increasingly utilized in modern ecommerce, yet it presents just one example of the many threat structures consumers face in the online marketplace.

And in knowing that countless other threats exist, customers must be knowledgeable and thoroughly able to utilize any and all protective mechanisms at their disposal before entering this threatening forum. Such defensive techniques are often as simply as not using the same password for all retail accounts, continuously updating anti-virus programs and even simply turning off the computer after continuous use. However, in order to provide oneself with truly sufficient levels of protection, it is often advantageous to become educated about more sophisticated protective devices.

Such items can include encryption, anonymous browsing and virtualization software. The encrypting of one's sensitive data ultimately amounts to the encoding of such information. This means that if a hacker were to stumble upon an individual's personal info, he or she would likely have to spend a significant amount of time trying to break the code. As a result of this labor-intensive task, most identity thieves will simply pass over encrypted information in search of easier targets.

The tool known as virtualization software can also be very useful in that such software allows customers to be alerted to viruses and potentially fraudulent activity in a virtual environment before it actually affects their computer or their actual personal information. Thus, in knowing that an individual is solely responsible for protecting himself or herself, and contemplating the devastating aftermath associated with the loss of one's financial identity, becoming educating about all the available protective measures seems like quite a profound necessity.

Regrettably, an individual's financial information is not the only vulnerable data in the world of computerization. Rather, health records are now at risk in the electrified age of patient documents. Assuming that one's health is their most vital asset, such misconduct can be ultimately life-threatening in some cases. While the advent of electronic health records certainly has its advantages in that it "enables the electronic exchange of patient data, which yields cost and quality of care benefits," many potential threats also arise from this systematic approach (Smith, et al., 2010, p. 1).

In fact, according to a study done at North Carolina State University which involved an extensive exploratory security analysis of current structural components of the electronic health records system, there are many gaping holes that allow for extraordinarily destructive action (Smith, et al., 2010). Some examples of such unfortunate potential consequences include, "the exposing of all users' login information, the ability of any user to view or edit health records for any patient, and the ability to deny service for all users" (Smith, et al., 2010, p. 1).

Therefore, with the essentiality of information-sharing in the healthcare field, the ease with which one can tamper with such critical data is striking and disheartening. The healthcare system itself relies on patient histories in order to ensure that patients receive the proper treatments and medications. Hence, the corruption of such materials can result in mistaken procedures, failures to accommodate a patient's allergies or predispositions and the exposition of embarrassing personal health data (Terry & Francis, 2007).

With such horrifying potential consequences, one would naturally assume that the Certification Commission for Health Information Technology (the entity responsible for overseeing the integration of electronic health records) would implement a vast cornucopia of high-level security measures. However, this is not in fact the case. Instead, researchers have been able to infiltrate this system and its patient pool using elementary hacking techniques such as "phishing" (Smith, et al., 2010, p. 8).

Phishing is often described as, "a form of social engineering in which an attacker attempts to fraudulently acquire sensitive information from a victim by impersonating a trustworthy third party" (Jagatic, Johnson, & Jakobsson, 2007). The conductors of the aforementioned exploratory analysis performed at North Carolina State University, were able to acquire patients' login information through the use of phishing and the creation of false login templates (Smith, et al., 2010). The simplicity with which these researchers were able to access sensitive information superbly illustrates the scope of the shortcomings of this system.

Consequently, these experts recommend several revisions to the current structure. For instance, the storing of patient files should be done in a .pdf format because this type of presentation does not utilize the easily-penetrable JavaScript format (Smith, et al., 2010). Also, administrators should integrate software that prevents users from being redirected to new URL's that are not within the healthcare firm's stated domain (Smith, et al., 2010).

Similarly to the aforeposed preventative mechanisms, the researchers at North Carolina State University recommend a multitude of security test programs to be implemented as soon as possible (Smith, et al., 2010). In an industry where people's lives are at stake, security should be of the utmost importance. Furthermore, government documents are yet another source of vital information that has proven to be vulnerable to computerized attacks. With the highly publicized case involving Wikileaks, the gaping failure of government protection systems became apparent to the entire world.

Therefore, in realizing the vast and potentially devastating consequences that can appear as a result of this kind of criminal activity, immediate corrective action is once again highly necessary. With reference to the aforeposed high profile Wikileaks case, this occurrence has shed lots of light upon the fact that the United States Government is not nearly as secure in its data protection systems as it claims to be.

This fact becomes strikingly obvious when comparing the amounts of data leaked from homeland operations to that leaked from the smaller (yet presumably more vulnerable) satellite embassies around the world: As exemplified above, what was previously thought to be one of the most secure government entities (The Office of the Secretary of State) is actually responsible for divulging the largest amounts of sensitive government information. This is often considered to be a result of the promulgation of insider identity theft within governments.

With many competing interests working "cooperatively" within any given governmental organization, the possibility for the damaging or discrediting of others (including those in the general public) grows exponentially. This reality is compounded by the fact that almost all governmental employees only occupy their positions on a temporary basis. The fact that government officers are always coming and going makes any permanent corrective measures extremely difficult to truly enforce.

Though most citizens can appreciate the need to protect sensitive government documents (especially in a nation at war), this issue presents quite the controversy. Continuing to use the Wikileaks situation as a template, the judge in this case initially ordered the site to be shut down, noting that he (as well as the United States Government) did not want sensitive military documents to fall into the hands of enemies or terrorist organizations.

However, after this ruling was passed down many protestors began to conspire and claim that this ruling was unconstitutional, as it was in direct conflict with one's First Amendment rights concerning freedom of speech and freedom of the press. Accordingly, and after much deliberation, the judge reversed his ruling about a week later citing its unconstitutional nature.

Therefore, while corrective action is certainly a tricky obstacle for a government to overcome, the only feasible solution seems to be the creation of a truly reliable data protection system; one that will protect against internal as well as external breaches. And while the precise intricacies of such a system will not likely be disclosed for obvious reasons, its general cornerstones should be clear. Knowing that government entities are typically separated.