Privacy in the Digital Age

By Shawn Dougherty November 17, 2014

Shawn DoughertyEarlier this month, I had the privilege of attending the 2014 Privacy Xchange Forum, my first cyber event not specifically about insurance. The forum, presented by IDT911, was a well-planned, well-executed event with excellent speakers.

Two speakers in particular caught my attention. The first was Kevin Ashton.

Ashton is known for coining the term Internet of Things (IoT). He began his discussion by presenting some statistics regarding the enormous implications of IoT: In the not-too-distant future, there will be close to 30 billion devices in the Internet of Things. There will also be an exponential increase in global shipments of digital cameras, geolocation devices, and civilian drones. You can see how those trends could affect our privacy; just take a look at any of the many videos on YouTube that shed light on what people with drones and cameras are capable of doing.

To illustrate his point, Kevin talked about the “I Know Where Your Cat Lives” data experiment from Florida State University. The experiment shows the location of cats on a world map using geographic data embedded in pictures of cats that people post online. The experiment demonstrated that the virtual address of each cat could be identified and then tied to the owner’s name and address.

How many people realize that posting a photo of their family pet on a social media site can lead to a potential invasion of their privacy?

The other speaker I thoroughly enjoyed listening to was Brian Krebs, the former Washington Post reporter who has made a name for himself as author of the Krebs on Security blog and reporting on data breaches.

It was a bit foreboding when he stated that, without exception, everyone’s private information — personally identifiable information (PII) and protected health information (PHI) — is available for sale on the Internet. He even offered to prove it afterward for anyone interested in testing his hypothesis.

He spoke about how hackers look at stealing and selling people’s information as a business. In other words, they steal millions of records and expect to sell only a fraction of them to make a return on their investment. He mentioned that there are many sites on the Dark Web where such information is transacted daily.

To make it more difficult for cyber criminals to access your account, he spoke about the need for using multifactor authentication (MFA). MFA is a computer access control that requires a combination of two or more factors to access your account, including biometric data, such as fingerprints; data that only you possess, such as an ID card or token; and/or something only the user knows, such as a password.

He pointed out that the largest data breach on record to date is the 2009 Heartland data breach. Even though it’s almost six years later, data breaches of large magnitude continue to occur. Something has to be done to stem the losses. I guess one thing we all need to come to terms with is how much inconvenience we as consumers and businesses are willing to deal with to keep our information safe. It’s a trade-off we all need to consider.

If you want to enter the cyber insurance market or learn about any of ISO’s various cyber insurance product offerings, visit the ISO Cyber Risk Solutions website, www.verisk.com/cyber, or e-mail me at sdougherty@iso.com. You can also follow me on Twitter @doughertyshawn


Shawn Dougherty

Shawn Dougherty is the assistant vice president of ISO's Specialty Commercial Lines Division. He is responsible for providing the overall direction, leadership, and client service for ISO's cyber liability (e-commerce), D&O (management protection), businessowners, crime and fidelity, financial institutions, employment-related practices liability, and professional liability (other than medical) insurance programs. He is also the ISO product manager for the Lloyd's Wordings Repository, an electronic database of policy wordings and clauses regularly used within the London market. Mr. Dougherty has worked at ISO since 1988.