A u2013 A company passes 9/9 tests B u2013 A company passes at least 6 tests C u2013 A company passes at least 3 tests F u2013 A company does not even pass 1 test. Send immediately to detention!
Image | wk1003mike“You may not realize this but companies are often shady about the information they collect and what they do with it. Companies often will give or sell your information to other companies. Companies should always disclose this in a privacy policy on their website u2013 but sometimes they donu2019t even have a privacy policy! A company that wants to obtain better than an F grade needs to have, at a bare minimum, an easy way to find their privacy policy on their website. Can you find it easily? Is it in fancy legal jargon or is it easy to understand in plain English?
Image | Giphy“A company can get a C grade if they clearly list in their privacy policy exactly what information theyu2019re collecting from you.u00a0 Sometimes they can collect information about you that you do not even provide, such as your location and unique computer information.
Image |u00a0Giphy“A company can get a C grade if they list in their privacy policy exactly which other companies they share your information with and what kind of information they are sending.
Image | Sergey Nivens“Image Credits:Shutterstock (opens in a new window)A company can get a C grade if they transmit your personal information securely. Do they explicitly state this in their privacy policy? If not, you can verify this by going to their website and looking at the URL in your browser. Do the first few letters say HTTPS or just HTTP? The u201cSu201d stands for secure.”A company can get a B grade if they disclose whether or not they allow u201ccookiesu201d (little files that live in your browser and collect information about you) and how long they allows these cookies to live. Cookies can live forever, but only approximately an hour is reasonable.”A company can get a B grade if they require you to have a password that is more than 8 digits long and involves letters, numbers and characters. The average hacker can acquire an 8-digit password within in a day! Does the company also have security questions to fortify the password policy?
Image | Giphy”A company can get a B grade if they make sure that any product they have can be updated securely if they discover a flaw that could lead to being hacked. Do they give a time estimate for how long it will take them to fix any flaws that emerge?”A company can get an A grade if they make sure that you and only you can get permission to see your information by validating your identity. These two methods (certificates and pinning) are equivalent to double-checking and then double-checking the double check!
Image | eurobanks“Image Credits:Shutterstock (opens in a new window)A company can get an A grade if they clearly explain when they will ask you to enter sensitive information. Will it be only on their website or by email? What email address will this request come from? This clarification prevents hackers posing as the company and stealing your information.”A company can get an A grade if they will not let someone try to log on to an account more than 10 times in an hour and instead forces the person trying to log on to provide verification information. A hacker can use a program that attempts to log in to your account 1000 times per second.”Image Credits:Baloncici (opens in a new window) / Shutterstock (opens in a new window)
I believe it’s paramount that in an increasingly digitized world you, as a proactive consumer, learn what exactly companies are doing with your data – and how to rate them on it, just like you rate a hotel on Trip Advisor or a product on Amazon. If they don’t have a passing grade, don’t give them your data!