How risk averse are you? The Privacy Paradox

In an interview for an earlier IT (Information Technology) Architecture job, I was asked “How would you rate your attitude toward risk on a scale of 1 to 4? Four being willing to take risks, one being unwilling”.  I thought hard about this – I knew they were a safe organisation not known for taking risks, but on the other hand, maybe they felt stuck in a rut, and they wanted someone to think freely, take a few risks, get things done. 2.5 wasn’t a choice either! I can’t remember if I gave a single answer – I think I probably discussed those exact points – but I got the job!

In case you missed it, May 9-14 was New Zealand Privacy Week, and the Office of the Privacy Commissioner released a new Insights Report on Privacy Awareness and Engagement in Aotearoa. It says that three-out-of-five New Zealanders are concerned about businesses sharing their personal information without their permission, information being collected about children online without parental consent, and security of their personal information on the internet.

But despite this concern, most people’s online behaviours don’t mirror those concerns. This is the ‘privacy paradox’ and a lot is written about it online, but despite this the paradox shows no signs of abating.

It seems there are two main reasons for this:

1. Privacy is still too inconvenient. Normal people don’t read privacy policies, they don’t use VPNs (Virtual Private Network), they will use the defaults, they like free stuff, and they like convenience.
2. The risk is vague. While we’ve wised up about Nigerian lotteries and support calls from Microsoft, most people haven’t yet made the link between their personal data, and believable phishing messages and identity frauds.

Legal protections come slowly, and they only ever get created after severe damage has been done. A lot of new privacy laws are happening across the globe right now, but despite this I fear we will see a lot more identity fraud before most people will take this risk seriously. So how risk averse are you? Do you turn down free things that require you to follow them on Facebook? Do you readily share your location with websites? Can TikTok access your whole photo library? Do you use a password manager?

A few months ago, Apple released an App Tracking Transparency feature which gives users control over what apps are allowed to track them. Basically, it asks the user “Do you want to allow this App to track you”? Interestingly, according to Deloitte, US users chose to opt-out of tracking 96% of the time! That goes to shows how when privacy becomes easy people will choose it. And Facebook said in February that because of this iOS privacy change, they will take a US$10 billion revenue hit this year.

As IT professionals we owe it to our friends and family to give them good advice. They may not listen to us, but three good pieces of advice are:

1. Stay vigilant about online & crypto frauds. Remember that not everything you see online is real. Be a little bit paranoid and when an offer sounds too good to be true, it probably is. The same is true for alarming communication you receive. If a text message or email is written with extreme urgency or asks you to send money or act about your account, stop and go directly to the source to confirm whether it is legitimate. Never send money (traditional or crypto currency) to sources that you cannot confidently verify in person.
2. Use strong and unique passwords. There are good free options, often built into the systems people already use.
3. Guard your personal data & share information only when needed. Think twice before you share your personal data. Consider why a company is requesting information what they might do with it before you enter it online. You shouldn't give out your birth date, driver’s license, or phone number unless there's a good reason for it.

Most services are now required by law to allow you to opt out of allowing them to use your personal data for advertising purposes.