CSC410 - Professional

Practices in IT
Instructor Name : Sidra Nasir
Email : [email protected]
 6/5/2020
Lecture -2

Privacy Risks and Principles

2
Topics Covered in this
Lecture
• Privacy key issues
• Role of identity thefts
• Key Data Thefts
Learning outcomes of this Lecture

• To understand the Key Privacy issues

• Role of Identity theft in Privacy.
• To know different types of Identity threats under new era.
 Key Privacy Issues
• The rest of this lecture discusses a number of
current and important privacy issues, including:
⮚ Identity theft
⮚ Customer profiling
⮚ Need to treat customer data responsibly
⮚ Workplace monitoring
⮚ Spamming
⮚ Advanced surveillance techniques
 Identity Theft
• Theft of key pieces of personal information to gain
access to a person’s financial accounts
• when someone steals key pieces of personal
information to impersonate a person
• Information includes:
 Name
 Address
 Date of birth
 Social Security number
 Passport number
 Driver’s license number
 Mother’s maiden name
 Identity Theft
• Fastest growing form of fraud in the United States
• Lack of initiative in informing people whose data
was stolen
• Using this information, an identity thief may apply
for new credit or financial accounts, rent an
apartment, set up utility or phone service, and
register for college courses—all in someone else’s
name.
 Identity theft
• Four approaches are frequently used by identity thieves
to capture the personal data of their victims:
1. Create a data breach to steal hundreds,
thousands, or even millions of personal records.
2. Purchase personal data from criminals.
3. Use phishing to entice users to willingly give up
personal data.
4. Install spyware capable of capturing the
keystrokes of victims
 1: Data Breech
• An alarming number of identity theft incidents involve
breaches of large databases to gain personal identity
information.
• The breach may be caused by hackers breaking into
the database or, more often than one would suspect,
by carelessness or failure to follow proper security
procedures.
2: Purchase of Personal Data
• There is a black market in personal data.
• Credit card numbers can be purchased in bulk
quantity for as little as $.40 each, while the login
name and PIN necessary to access a bank account
can be had for just $10.36
• A full set of identity information including: date of
birth, address, Social Security number, and
telephone number—sells for between $1 and $15.37
 3: Phishing
 Attempt to steal personal identity data
 By tricking users into entering information on a
counterfeit Web site
 Spear-phishing - a variation in which employees are
sent e-mails that look like they came from high-level
executives within their organization
 4: Spyware
• Keystroke-logging software downloaded to users’
computers without the knowledge or consent of the user
 Enables the capture of:
 Account usernames
 Passwords
 Credit card numbers
 Other sensitive information
 Operates even if an infected computer is not connected
to the Internet
• Identity Theft and Assumption Deterrence Act of 1998 was
passed to fight fraud
E-mail Used by Phishers
 Consumer Profiling
• Companies openly collect personal information about
Internet users when they register at Web sites,
complete surveys, fill out forms, or enter contests
online
• Cookies
 Text files that a Web site puts on a user’s hard drive
so that it can remember the information later
• Tracking software: to allow their Web sites to analyze
browsing habits and deduce personal interests and
preferences
• Similar methods are used outside the Web environment
• Databases contain a huge amount of consumer
behavioral data
 Aggregating Consumer Data
• Large-scale marketing organizations such as DoubleClick
employ advertising networks to serve ads to thousands of
Web sites. When someone clicks on an ad at a company’s
Website, tracking information about the person is gathered
and forwarded to DoubleClick, which stores it in a large
database. This data includes a record of the ad on which
the person clicked and what the person bought.
• Affi liated Web sites
 Group of Web sites served by a single advertising
network
• Customized service for each consumer
Collecting Data from Websites
Visits
• Marketers use cookies to recognize return visitors to
their sites and to store useful information about
them.
• Types of data collected while surfing the Web
 GET data
 POST data
 Click-stream data
Collecting Data from
Websites Visits
• Four ways to limit or even stop the deposit of cookies on hard
drives
 Set the browser to limit or stop cookies
 Manually delete them from the hard drive
 Download and install a cookie-management program
 Use anonymous browsing programs that don’t accept
cookies
Personalization software
• Used by marketers to optimize the number,
frequency, and mixture of their ad placements
 Rules-based
 Collaborative filtering
 Demographic filtering
 Contextual commerce
• Platform for Privacy Preferences (P3P)
 screening technology
 Shields users from sites that don’t provide the
level of privacy protection desired
Consumer Profiling (continued)
• Rules-based personalization software uses
business rules tied to customer-supplied preferences
or online behavior to determine the most
appropriate page views and product information to
display when a user visits a Web site. Car rental
adds on holiday booking websites etc.
• Collaborative filtering offers consumer
recommendations based on the types of products
purchased by other people with similar buying
habits. Same type of story writers etc
Consumer Profiling (continued)
• Demographic filtering is another form of
personalization software. It augments clickstream
data and user-supplied data with demographic
information associated with user zip codes to make
product suggestions.
• Contextual commerce, associates product
promotions and other e-commerce offerings with
specific content a user may receive in a news story
online.
THE END