Monday, 5 December 2016 Let’s start with the news that Optus, Telstra and Vodafone are scrambling to stop call centre staff in India selling their customer information. According to the Sydney Morning Herald, a Mumbai-based security firm is asking for between $350 and $1,000 for mobile phone records and home addresses. Based on these prices, the data of Telstra’s 17.2 million mobile customers must be worth between $6 billion and $17 billion dollars. But you won’t see that on its balance sheet. At the risk of repeating myself, businesses need to: Understand what their data is worth; and what is worth spending to protect it. The people to do this aren’t in IT; and Invest in infrastructure and in controls to manage, monitor and protect the data. The use of data with machine learning (artificial intelligence) may solve some of the world’s problems (cure diseases, identify terrorists, fix global warming etc.). But other uses are more sinister. Businesses can now track you via your mobile phone through a retail area. Bryant Park in New York has announced a partnership with data analytics firm PlaceIQ allowing the park to collect anonymised data from visitors' mobile phones. That data is used to create a picture of the park-goers and their movement or buying habits. Visitor numbers are a useful metric for planning park events and estimating foot traffic. But PlaceIQ's platform tracks more than just the size of the crowds. According to its handy Bryant Park infographic, PlaceIQ has already determined that only 19 percent of visitors live in Manhattan, the average visitor is 50 percent more likely (than the general population of smartphone users) to visit Macy's and twice as likely to shop at PetSmart or do their banking with Bank of America. This is all useful data for the park in courting potential sponsors for film nights in the park (sponsored by HBO), morning yoga on the lawn (sponsored by Athleta) or the seasonal "Winter Village" (sponsored by Bank of America). Aren’t we lucky the data is anonymised? Well yes, but… A study by MIT and Aarhus and Rutgers Universities analysed three months of anonymised credit card metadata from a Massachusetts shopping centre. Using four spatiotemporal points (where in the shopping centre and when the person transacted), they could re-identify 90% of individuals; including pricing information increased this percentage to 98%. Meaning that, whilst the shopping centre may not yet know your name, it will know, when you next arrive there, that you’re that person we tracked yesterday. If we combine that with use of face recognition on CCTV along with tracking your mobile phone using wifi and location services - Bingo! –we will know who you are and can direct you to a jacket to go with those nice grey trousers you bought yesterday… Other recent examples of concerning trends: 1. Google bought the online advertising network DoubleClick, back in 2007, with the assurance that it would prioritise user privacy as it developed new ad products. But now it has asked account-holders to opt-in to sharing more data, an oblique request for permission to bundle user browser activity with personally-identifying information to better cater for ads. In essence, signing up lets Google's ads know who you are, no matter where you go across different devices. 2. In August, Snapchat advised that it will soon bring to its app behavioural targeting, or advertising, based on data gathered from user activity. 3. In October, Yahoo came under scrutiny after former employees claimed that it designed software to enable U.S. intelligence agencies to scan incoming emails to all of Yahoo’s millions of users. Bill Gates observed: “Historically, privacy was almost implicit, because it was hard to find and gather information. But in the digital world, whether it's digital cameras or satellites or just what you click on, we need to have more explicit rules - not just for governments but for private companies.” Fine words, but the horse has bolted. Yes we can all be careful with passwords, and what we reveal on social media. But most of us, most of the time, accept small print, and do other things, on our small screens that give our privacy away. Turn your smartphone off for ever if you want (use it as a paperweight perhaps). But, short of that, accept that you’re being followed.