Data Privacy

Lately the social media giants have gotten a lot of attention because of data privacy violations. In this episode Doug and walk through the issues surrounding data privacy. Hope you enjoy.

Data Privacy Take Aways

  • You are the product for social media companies.
  • Social Media has a lot of catching up to do regarding personal information.
  • Use two factor authentication where you can.

Data Privacy Podcast Transcript

Adam Small: Hey there. Adam Small here with Agent Sauce, and this is the Real Estate Marketing Podcast. With me as always is, Doug Karr.
Douglas Karr:: Hello sir.
Adam Small: How you doing today Doug?
Douglas Karr:: Fantastic.
Adam Small: Awesome. Hey listen, there’s been a lot of stuff in the news lately, and it just seems to get worse and worse. I’m not talking about politics, I’m talking about Facebook. Facebook-
Douglas Karr:: Which started from politics [crosstalk 00:00:26]
Adam Small: Yeah, well, it kind of did didn’t it? Right. The security and data privacy issues of Facebook, I just read a headline that said that, it could in fact be that every user on Facebook has had their data privacy compromised in some way shape or form. You got to be a little bit careful with the headline right. Because, what they were really getting at if you read the article is, they were talking about if you put your information as public, it could have been scraped right?
So if you had it as private, then it [crosstalk 00:00:49] not have been. And that’s an issue to begin with. But, the bigger issue is their selling of data and their data privacy in general. So I was hoping we could talk about data privacy today.
Douglas Karr:: Yeah. For clarification, it’s not just if it was public. They actually had a … if you built a Facebook app at one point, you could get the friends of the person that signed up [crosstalk 00:01:15].
Even if you were private, they could collect data on you[crosstalk 00:01:22]
Adam Small: Well, I was talking about data privacy[crosstalk 00:01:22]
Douglas Karr:: Now they [crosstalk 00:01:23] couldn’t see the public profile [crosstalk 00:01:24] yeah.
Adam Small: That’s what I was talking about – data privacy.
Douglas Karr:: This wasn’t scraped. This was all done through apps-
Adam Small: No, the scraping was an entirely different data privacy issue, which, if your stuff was public, it could have been scraped.
Douglas Karr:: Right, right, right.
Adam Small: That’s what I was talking about, that’s what that headline was talking about. But it was really misleading, because it required you to have made your stuff public to begin with-
Douglas Karr:: Sure.
Adam Small: Which, the intent of making it public is so anybody can see it. So it’s kind of … like you said, it was a little bit misleading. But, there are some really serious issues going on here with Facebook in general, in data privacy as well as other social media platforms, Google’s got issues, and other big tech giants are starting to feel some of the brunt of it because Facebook’s gaff here. So-
Douglas Karr:: Well-
Adam Small: Wanted to talk a little bit about that and how it relates to agents in marketing in general.
Douglas Karr:: Yeah. I mean, here’s the thing is, consumers are getting absolutely fed up with abuse of data and data privacy-
Adam Small: Right.
Douglas Karr:: And, the problem is that, especially in the United States, I think the EU has been ahead of us on the data privacy aspects.
Adam Small: They’re a bit more stringent. Even with email marketing, there are just some data privacy concerns there, but not near as much as social. But, they’re very much ahead of us on a lot of that.
Douglas Karr:: And here, we’re pretty much loosey goosey, kind of capitalist-
Adam Small: Right.
Douglas Karr:: However you use data. We put terms of service in there that are basically blanket statements that we can use-
Adam Small: You’re giving me this information, I’m going to do what I want with it.
Douglas Karr:: Yeah, exactly. And so … But people are starting to get tuned into that, that, even in the case of Facebook, I don’t blame them totally, it was people said, yes I want to install this app and play it on Facebook, and yes I’m going to give you permission to me and all my friends-
Adam Small: Exactly.
Douglas Karr:: And that the system was abused as is always a bad thing. But the fact is that consumers got themselves into it.
Adam Small: Consumers agreed to the lack of data privacy and the problem with the … there are two sides to it right?
Douglas Karr:: Yeah.
Adam Small: On the one side, you’re right. The consumer agreed to it and the consumer said yeah, sure I want to do this. And of course, excuse me, the agreeing to it is a whole different issue. Because, who reads services anymore [crosstalk 00:03:48] they’re 40, 50 pages long, they’re legal speak and you can’t understand half of it anyway, right?
So people just click through. And then the other side of it too, at least the part that I had read was that, and as an app developer, I know that the requirements were that you not cash certain information and that sort of stuff. And even though it was passed to you, you aren’t supposed to do it. So the app developers were in fact violating the terms of service from Facebook’s side and the consumers data privacy.
So Facebook can step back say, oh, we’re blameless. But, at the same time you have the memo-
Douglas Karr:: You left the door open.
Adam Small: They left the door open number one. But they also have the memo that was just released last week or two weeks ago, whenever it was, where the guy had sent out earlier this summer and it said, early last summer and it said something on the lines of, our business is to connect people and if somebody gets shot because we connected them it’s not really on us. We need to connect them … and that’s kind of a paraphrasing, that’s the impression that I got from … Just to kind of make disclaimer there. But, that really doesn’t sound good.
Douglas Karr:: Yeah, is it. But, where it comes down to for folks like real estate agents and brokers and everything else is that, you have a wealth of data typically on your client’s and a data privacy obligation.
Adam Small: Right.
Douglas Karr:: Sometimes you have … Sometimes it’s down to the having their credit card numbers and log ins and everything else. The problem is that and I’m going to, hopefully I don’t embarrass too many of your listeners but, if you’re opening a spreadsheet to get your passwords and log ins, you’re putting yourself and all of your clients at great risk.
Adam Small: Right, right.
Douglas Karr:: And it’s because these … I forget what the stats were on the password. Like the password actually be password-
Adam Small: Being the number one password?
Douglas Karr:: Yeah. Or like 26% of break ins or something like that. That’s the thing, is that these hackers have software that they just brute force and keep trying common passwords and-
Adam Small: Well it’s a dictionary attack. I get notifications on some of my websites every day. And so, it reached a point where I literally sat down and wrote a script, and any time I get a hack attempt, a dictionary attack, I just walk the IP address automatically. But it’s, every day it happens.
Douglas Karr:: Exactly. And so the problem is that as we’re becoming more and more connected with our devices, our fitness watches, our toasters or-
Adam Small: Everything. Internet [crosstalk 00:06:34] anything and everything that can save data-
Douglas Karr:: Those are gateways-
Adam Small: Exactly.
Douglas Karr:: And they’re gateways into people’s homes. Then, the other problem is that new technology is great and it’s secure and everything else, but we still have a lot of old technology around that’s insecure. Something as simple as if you send a login and password through email, you’re putting … You might as well just be broadcasting that information out, because-
Adam Small: To everybody. And then the fact that you probably use the same password for, if not everything, most things, then you’re exposing those, right. It’s just amazing the amount of data that can be-
Douglas Karr:: Exactly.
Adam Small: Accessed with just one password.
Douglas Karr:: And that’s why, I know this is never a sale show for your software, but that’s why CRM is critical, right. Your CRM is behind SSL, it’s secure, you’re monitoring for intrusion, you’re monitoring for all of that. The data is even encrypted on the database. And so someone is going to have a really hard time hacking and trying to pilfer that data out of there.
Adam Small: That’s not a challenge to anybody just so you know. It’s true statements but, yeah you’re right. We do, we make it as hard as possible for somebody to get in there that shouldn’t get in there. We validate all the queries, we have penetration testing, so it becomes a very secure, or quite secure product for storing data. Because it is essential data you know.
And then beyond that, financial information. Unless someone is putting it in into like the notes field in our database, we don’t store any financial information, even though we bill for credit cards on a monthly basis, those are stored by our financial institutions and they’re secure systems.
Douglas Karr:: And so, I guess the lesson to any agent that’s listening is, if you are dealing with passwords and staff, get a password manager.
Adam Small: Right.
Douglas Karr:: And you can … Something like Dashlane, one password you can actually give permission to somebody to use a password-
Adam Small: Without actually sharing the password itself, right.
Douglas Karr:: Yeah, they just auto log in through a browser.
Adam Small: Right, they can’t see it.
Douglas Karr:: And then, if you’re … Obviously if you’ve got CRM to keep personal information about these people in, put it in there, don’t sit there and put it in a notepad on your desktop.
Think about everything that you do, do you have to log in through a secure channel in order to either save that information or get that information? If you don’t, then you’re at risk. And then like you said, if you’re using weak passwords which password managers really help out there too.
Adam Small: Exactly.
Douglas Karr:: I don’t know any of my passwords. I know my master password to my Dashlane account, and then I have double authentication. So, even if someone knew my master password, it would still text message my phone and say, here’s what it is.
And so, I can’t say it enough. All of those things you … If you’re dealing with people’s personal information via electronic means, everything that you do and save should be through something. Because if you’re caught, it’s not a matter of … It’s beyond the embarrassment of getting caught, it’s the one, if they get into your credit and they get into your … Start charging stuff to you and everything else.
And the problems that that causes and arguing with credit card companies and trying to get that money back, then imagine with your customers. Having them go through that and how that makes you look, because someone was able to get into your email and capture [crosstalk 00:10:43] capture some of that information [crosstalk 00:10:43]
Adam Small: Well, that’s [crosstalk 00:10:42] that I was going to bring up is, it’s plain and simple. Even if it’s a huge hassle for you, it’s still very much a trust issue, you’ve lost that whole factor of trust with your customer because if they’re hacked because of you.
Douglas Karr:: And so to save five seconds on something instead of going through a login, you’re putting your career at risk, that’s just not worth it.
Adam Small: It’s absolutely not.
Douglas Karr:: And then of course nowadays, it’s public. And eventually, there’s going to be legislation that you have to make it public.
Adam Small: Exactly.
Douglas Karr:: These guys are going to get sued. I forget the latest one that M Fitness Pal I think it was [crosstalk 00:11:24]. Just-
Adam Small: Oh yeah. Just last week or something like that yeah-
Douglas Karr:: But they just made it-
Adam Small: Public.
Douglas Karr:: They just made it public even though it’s been out for a couple months, and they’re going to get their butts sued off for that. Because, you’re going to have to tell people immediately that there’s been a hacker break in and stuff.
And then, even a worst point here is, you may not even know that you were hacked. If someone has your Gmail logon and password, and you don’t have dual authentication, they can go in there, get all your information, maybe even add a blind cc-
Adam Small: Well, that’s actually a really good point, because you’re seeing that a lot these days with closings where the agent’s email gets hacked and they don’t realize it. So the hacker sits there and waits until there is a closing. And then the day of the closing, they pretend to be the agent and send an email to the customer, to the buyer saying, hey transfer your money via wire to this account. And then the buyer loses tens of thousands of dollars, and then they can’t buy the house because they don’t have the deposit.
Douglas Karr:: Just ’cause someone spoofed the email.
Adam Small: Well they spoofed email but, they had to get into the agent’s email address to begin with, their email account to begin with. Because they know who the buyer was, they know when the closing date was, and they pretended to be the agent and sent them a message the day of. And of course the buyer’s like, oh came from the right address and, it’s a couple hours, I’m just going to do it so I can get the closing going. And then they’re out tens of thousands of dollars.
Some of them do manage to recover the money, but most don’t, and it’s just a shame because, someone is losing out on buying their dream home.
Douglas Karr:: And you know, so people know email is pure raw, so whatever you put in email could be read-
Adam Small: Right.
Douglas Karr:: SMS?
Adam Small: SMS is open … [crosstalk 00:13:31] I wouldn’t trust it to be as secure right-
Douglas Karr:: It’s not encrypted, but it’s difficult to read, right.
Adam Small: Right. And it depends on how it’s being sent. I mean, like with our SMS, from us to the carrier is terminated, it’s over secure, it’s over SSL, so that’s good.
But then from the carrier to the phone, I can’t guarantee it, because I don’t control that. We don’t send any secure messages anyway, any that require security, but I don’t know that [crosstalk 00:14:05]-
Douglas Karr:: Well just saying to people, they go whoa, okay, well, email’s not secure so I’ll use text message [crosstalk 00:14:10]-
Adam Small: SMS. I don’t know that [crosstalk 00:14:11]
Douglas Karr:: Yeah, you don’t[crosstalk 00:14:11]-
Adam Small: Do that either, so yeah.
Douglas Karr:: Exactly. And then, of course websites if you’re … Even if your personal website has-
Adam Small: If all you’re doing is collecting an email address, just run SSL, right?
Douglas Karr:: Absolutely.
Adam Small: So-
Douglas Karr:: And that’s what I was just going to say was, no matter what data you’re collecting, I wouldn’t put data into a website that wasn’t SSL, and I wouldn’t have a website. And nowadays SSL comes free with a lot of the hosting packages out there.
Adam Small: Let’s Encrypt in particular, you don’t even have to have a hosting package with them, you can just get free SSL from them. And they’re actually very easy to set up and use. So there’s no excuse these days not to have SSL on your website.
Douglas Karr:: And that’s probably about it from a communication standpoint. Some people … There are those times that you run into problems where you have to … You just [inaudible 00:15:06] like, I can’t do this, I got to send this information.
Adam Small: Right.
Douglas Karr:: There’s a thing called salami slicing, have you ever heard of this?
Adam Small: Oh, yeah, I’ve heard [crosstalk 00:15:15] the term-
Douglas Karr:: It’s a funny term, but it’s send it a piece at a time. So like, maybe send half your login by text message, and the other half send it by email.
Adam Small: Right, right.
Douglas Karr:: And so the whole idea is that if somebody is monitoring one thing, they can’t get all of it.
Adam Small: Exactly.
Douglas Karr:: And that’s a pretty interesting way to do it as well. The other one too is, I said it before, but dual authentication is great for data privacy. Look at everything that you have-
Adam Small: Two factor authentication is what –
Douglas Karr:: Yes two factor-
Adam Small: They call [crosstalk 00:15:46] the areas. And like Doug said, anything and everything that you have, your investment accounts, your bank account, your-
Douglas Karr:: Everything, I have everything.
Adam Small: Yeah. And anything that you can, anywhere you can, even your domain accounts like with GoDaddy or whatever, they offer two factor authentication, use it. It’s a slight pain in the butt, but it’s worth it because otherwise, you could end up losing domains, you could end up with the money out of your accounts, you could end up losing … Your email being hacked [crosstalk 00:16:14]
Douglas Karr:: Just think about anywhere where you have a lot of information, and if someone was able to get to that, what would that do to your customers?
Adam Small: Exactly.
Douglas Karr:: And you don’t want to be on the front page of the news that there was a … You got hacked and 14 of your clients then got hacked and everything else.
Adam Small: Exactly.
Douglas Karr:: It’s just not worth it.
Adam Small: Right, right.
Douglas Karr:: And you get those processes in place. Nowadays, and like I said, everywhere where you record or look up data, make sure that it’s secure.
Adam Small: Right.
Douglas Karr:: Get those processes in, nowadays and it’s going to keep getting easier, the tools will get better and better over time and it’ll be quicker and quicker.
I started using Dashlane a couple years ago because of our clients, and at first it was, I was grunting and groaning and everything else. Now, it takes me a second to pop it up and get the password and log in.
Adam Small: Absolutely. Alright, cool. Any other thoughts on privacy there Doug? Alright well-
Douglas Karr:: That’s it.
Adam Small: Guys, stay secure, thanks for listening, we appreciate it. If you have any other questions, want to learn more, check us out of agentsauce.com, or email us at info@agentsauce.com. Thanks and have a great day.