…or are they far more prevalent and significant than some would have you believe?

That depends. What do we mean by “data breach”? According to the bastion of impartiality that is Wikipedia.com, it is defined as:

A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment.

Not “authoritative” enough for you? According to the Cambridge University Dictionary a data breach is:

an occasion when private information can be seen by people who should not be able to see it

The venerable Macmillan English Dictionary for Advanced Learners simply defines a breach of…


3 Cardinal Rules to Follow When Avoiding Responsibility for Cybersecurity Incidents.

First and foremost, let it age for a month after discovery. It is important to appreciate that data breaches get better with age, so give it time before you get around to pen some well turned phrases.

That was a bonus tip. It almost goes without saying that the sooner you let people know you dropped the ball on their data, the sooner they’ll panic. Be kind and let them have a few weeks to savour their false sense of privacy.


By simply reading this page, you may be inadvertently sharing some info with faceless companies (other than Medium.com). What gives?

A quick look at some of the gremlins that show up as being blocked in my browser confirms it: DataDogHQ, Optimizely, Parse.ly and Google Analytics are just a few of the data aggregation tools used by this blog platform — Medium.com — to compile analytics on … well… you.

Is that a problem? Let’s ask one of the largest data aggregators:


How Spammers Wag The Dog By Exploiting Telus’ New Online Community, the Neighbourhood

Imagine you were a spammer looking for your next mark. Would you want to use the same tired old email lists or would you instead prefer to reach fresh new audiences without even having to use your own list?

Enter Telus Neighbourhood forums, apparently the phone company’s latest idea about building an online community no one asked for! I thought that was my job.

But the Telus Neighbourhood isn’t anything like the Agora. …


Or how companies collect and share our information before even asking for it.

Let’s get one thing out of the way. You must never, ever, ever surf the Web unprotected. You would not walk into a store if you had to fill out detailed application forms from strangers, so why would you summarily surrender your identity without even bothering to ask who wants to know?

The concept of the privacy paradox is well documented. It presents the gap between the expectation of privacy and its associated salience. It laments the fact that as a species, we care about things we…


“Based on our sharing of your data without consent, will you recommend us?”

It’s always perplexing when legitimate, unsolicited emails appear to intentionally masquerade as phishing expeditions. It’s even more confusing when banks, the very organizations that claim to understand security intimately, demonstrate precisely what not to do.

This pearl recently landed in my inbox.


Companies forced to secretly share information about their customers used to rely on the warrant canary mechanism to alert the public of secret requests for information. Is it time to bring them back?

Between Amazon’s Ring & Alexa and Google’s Nest and Home, more than a quarter of Canadians are broadcasting from inside and outside their homes, having granted consent to those companies to collect the video, audio and likely mountains of other data.

But when Amazon, Google and their ilk are required to share that information using legal subpoenas, user data requests and other government orders, customers are kept…


A Data Privacy Day (#DPD) article filled with metaphors, appropriation and metaphoric appropriation.

Happy #DataPrivacyDay or as they call it in Europe, #DataProtectionDay!

As a two-bit agitator against ignorance and corruption, I am increasingly concerned about the question of climate. The global digital ecosystem, fickle as it may be, has fostered a climate in which humans are able to communicate, transact and co-exist thanks to a fabric of trust weaved together by mathematical algorithms.

Bit by bit (and soon, qubit by qubit), unimaginable volumes of activity unfold in a vast, sustained effort to power the modern world. If it were…


Pandemic Excuses Enable School Boards and Edtech Companies to Force Parental Consent for Student Data Collection

With the vastly expanded use of remote learning during the Covid-19 pandemic, some school boards are taking the extraordinary step of forcing parents and students to agree to risky data collection practices and privacy-invasive technologies.

Months after the start of the new year, some public boards are apparently realizing that their rush to adopt educational technologies may result in more data collection than initially thought, and as everyone knows, once that data is collected, it’s impossible to get it back.

According to the Auditor…


Google indicates 31,600,000 hits on the unhyphenated phrase WhatsApp switch to Signal. Many of these have popped up in the past week, riding a wave of concern about a Privacy Policy update from Facebook indicating that its WhatsApp data would be accessible to the company that owns it. There is nothing new here, other than an announcement by Facebook that — as any other commercial company — it is collecting user information in exchange for providing a free method of global communication.

The company’s WhatsApp platform is popular for a good reason: it does a great job of encrypting all…

Bad Privacy

Fīat jūstitia, ruat cælum. Personal musings on data protection fails, snafus & oddities, collected & edited by Claudiu Popa; author, educator, booknerd.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store