Low-Tech Data Protection is Important Too!

Recently, I read about a music-related lawsuit that sounds like fake news but isn’t. A Canadian Court awarded aspiring professional clarinetist Eric Abramovitz a six-figure judgment in an identity theft lawsuit he brought against his ex-girlfriend, Jennifer Lee. [1]

Abramovitz, a student at McGill University in Montreal, was in the running for a highly-coveted full scholarship. If he won the scholarship, he would have given him the chance to study in Los Angeles under one of the finest clarinet teachers in the world, Yehuda Gilad. After the audition, Gilad had told Abramovitz he had won the coveted scholarship. Abramovitz was disappointed never to receive the promised written offer. Instead he received an email informing him he had received only a small stipend–not enough for him to be able to afford the move.

As it turns out, Lee, a flutist, was concerned that her relationship with Abramovitz would end if he moved to Los Angeles. She accessed his email and turned down the scholarship. Then, she created a fake email address for Gilad and sent Abramovitz an email offering him the much smaller stipend. Lee also turned down Abramovitz’ acceptance to Julliard, one of the finest music schools in the U.S.

While much of the recent news has been dominated by tales of sophisticated cyber attacks, this anecdote shows that low-tech approaches can be just as damaging.

Data Compromise from Snooping

As horrible as Lee’s behavior was, she was a musician, not a computer hacker. Indeed, from the reports it sounds like Abramovitz played a role in his own fate–by sharing his password with Lee. She was able to use that password to access his email and respond to Abramovitz’s Los Angeles and Julliard acceptances with him being none the wiser.

But, not all security breaches are caused intentionally. For instance, on public transportation, coffee shops, or libraries, your neighbor can gain access to your personal information simply by looking at your screen.[2]

Fortunately, this type of low-tech security risk is easily thwarted via a privacy screen protector. I use a removable privacy screen with my Surface Pro whenever I use it in a public place. This simple device is designed to block out side view of the screen so that someone can only see it when staring straight onto it. Similar privacy screens are available for other devices, including iPads, iPhones, Samsung Galaxy, and laptops.

Security breaches also can occur when people leave their computers or other devices logged in when leaving their desk. Although most devices eventually will log off after a period of inactivity, before that happens, a thief could access the computer and the data stored on it.

Individuals who use public computers at a library or Internet café need to be even more cautious. Of course, they need log out of the computer. In addition, at the very least they also need to log off of every browser and website accessed with a password during use of the computer, and clear the browser history and caches if possible. Needless to say, one should never save a password to a public computer.

Data Compromise from Device Theft

Theft of a device also can result in compromise of personal data, particularly if the owner has not properly logged off or has weak passwords. It goes without saying that even if logged off, devices should not be left unattended in a public place or anywhere else where they might be vulnerable to theft. However, businesses also should be cautious about providing physical access to devices to individuals who do not need to use them, particularly when the devices are portable and easily stolen.

If a device is stolen, security apps like Find My iPhone allow tracking of stolen items and can aid in their recovery. Another option might be a tracking device such as a Tile, which uses crowdsourcing among Tile users to help locate lost items. Going one step further, many apps also allow an owner to remotely “wipe” a stolen device, providing further protection against data compromise.

Businesses should be cautious about the use of portable media used to store data. With data storage media becoming smaller and smaller as CDs have been replaced by flash drives, data has become more vulnerable to loss. Data easily can be compromised via loss of storage media. Unlike with the loss of a device, storage media is not easily tracked and remotely wiped. Before discarding storage media, it should be destroyed or wiped.

Compromise of Data in Paper Format

Data also can be compromised when in paper format. Locked file cabinets and shredders should be standard in offices that maintain paper records. As with devices individuals who have a need to access paper information should have keys. However, businesses also need to be careful about human error and carelessness by employees who use the data.

Several years ago, I was at an organization that was “going green” by using the back sides of copy paper in the recycling bin for scratch paper. When I turned over the “scratch paper,” I saw that the printed side included individual information which was required by law to be kept private. Most likely, someone in the organization had put that used paper in the recycle bin instead of the shred bin.

More recently, I went to a client meeting and received a stapled handout with the agenda and several legal documents. As I read through the documents, I noticed at the end of the stapled packet was a contract for an entirely different transaction. Probably, a staff person had been careless about removing documents from the copier and had stapled an extra document at the back of the packet for our meeting.

I have for several years maintained a paperless office. However, it is important that those who continue to work in paper take the extra time to check every page of documents before distributing them.

Loss of Data Due to Environmental or Technological Issues

Data also can be lost or impaired due to environmental situations. Anything that puts the location where the data is stored at risk puts the data at risk.

For example, failure to maintain backups can result in large losses. Twice I have experienced hard drive failure. Because my paperless office practices included automatic storage on a cloud drive, I lost no data with those experiences.

For those who don’t store data in the cloud, regular backups to an external hard drive, flash drive, or similar device is critical. It also is important that the backups be stored in a secure physical location different from where the device is stored, so that the backup can be accessed in the event of fire or other casualty.

Computers not plugged into surge protectors may suffer data compromise in the event of a power surge. High temperatures, exposure to magnetic fields, a spilled cup of coffee on a laptop or a “drowned” smart phone can result in loss of data.

Protect Data with Both Low-Tech and High-Tech Methods

Good virus and malware protection, complex passwords, encryption, and other high-tech data protection techniques remain important. However, when establishing a data protection plan, businesses should not forget the low-tech risks to their data. A good data protection plan will evaluate risks specific to the business and establish protocols designed to minimize data compromise and loss, including loss from human error and environmental factors.

© 2018 by Elizabeth A. Whitman

DISCLAIMER: The content of this blog is for informational purposes only and does not provide legal advice to any person. No one should take any action regarding the information contained in this blog without first seeking the advice of an attorney. Neither reading this blog nor communication with Whitman Legal Solutions, LLC or Elizabeth A. Whitman creates an attorney-client relationship. No attorney-client relationship will exist with Whitman Legal Solutions, LLC or any attorney affiliated with it unless and until a written contract is signed by all parties and any conditions in such contract are fully satisfied

[1] See Samantha Schmidt, Clarinetist discovers his ex-girlfriend faked a rejection letter from his dream school, Washington Post (June 15, 2018) and Camila Domonoske, Musician Wins $260,000 in Lawsuit Against Ex-Girlfriend Who Sabotaged Career, NPR (June 15, 2018).

[2] See Sue Shellenbarger, Forget the Hackers, Watch Out for the Phone Snoopers Over Your Shoulder, Wall Street Journal (May 9, 2018).