Why Compartmentalization is the Most Powerful Data Privacy Strategy
You’ve no doubt heard the saying, ‘Don’t put all your eggs in one basket’, but have you ever thought how it applies to data privacy?
The egg/basket advice is basically about spreading risk and diversifying assets, right? If all your valuables (eggs) are in one place (basket) and that place is compromised (basket breaks), you’ll lose all your valuables. Eggs are fragile and baskets break, so you’re facing a real risk, but it’s one you can easily mitigate by spreading your eggs across more baskets.
And that’s where the link to data privacy comes in. If we put all our personal information in one place (the internet) by using it everywhere we interact online, then we risk losing all that information in one incident (data breach, identity theft, credit card fraud etc.). What’s more, we risk having it correlated by data brokers or ad tech, stolen by hackers, or sold by the service operator itself.
Here’s how it works: data broking services can collect enough data to determine (or infer) a user’s legal identity online, then they can track that user across the many different services and sites they access. By tracking users in this manner, these applications can correlate enough datapoints to assemble the full set of Personally Identifiable Information (PII) about the user. This PII can divulge highly sensitive information about the user, such as medical history, personal finance, employment, social relationships and so on. Usually, this type of PII is information the user would prefer to remain private (at least outside of the context in which they want it to be used). On top of that, the user is at risk of those applications storing the information indefinitely, selling it to other organizations, or having it exposed through a data breach.
So, in our digital lives, ‘Don’t put all your eggs in one basket’ is really talking about compartmentalization—categorizing and separating our private data into many different compartments to reduce the impact when it is compromised. Compartmentalization recognizes no system is perfect, breaches are always possible, so it’s wise to manage the risk. You might lose an egg or two, but you won’t lose them all.
Compartmentalization is widely regarded as the most powerful way to protect personal information. It means limiting access to information to only those people or organizations who need it in order to perform a certain task or function. Originating in the military with classified information, the concept can be further understood with another military term: ‘managing the blast radius’. In information security, compartmentalization is equally about spreading the risk so if there’s any impact (breach) we’ve limited the damage to our personal information and the harm and recovery effort are far less.
We already compartmentalize in the offline world. We organize our closets (socks in one drawer, gym clothes in another), our banking (separate accounts for everyday expenses, bills, savings and emergencies), and our email (filed in folders). We even compartmentalize our daily interactions (work/social) and our weekend activities (drinking buddies/family time). Compartmentalization in the online world is essentially the same—but arguably far more urgent.
Data privacy is at crisis point. Cybercrime will likely cost $6 trillion a year globally by 2021, and data breaches are at an all-time high. Most of the world’s four billion internet users lack the privacy and cybersafety characteristics they require and deserve—and a massive majority are rightly concerned about how best to protect their personal information online. Latest research on Americans’ perception of online privacy highlights a shared sense of lack of control.
Compartmentalization gives people control. Our digital privacy can feel as fragile as those eggs, but we can act to protect it in much the same way by separating our personal information into different compartments and limiting impact.
MySudo app makes compartmentalization simple. The MySudo app is based on the concept of a Sudo (a digital identity) that allows users to talk, text, email, browse and shop privately and safely. A Sudo is a customizable digital identity that intentionally differentiates from a user’s legal identity and mitigates the risk to that user’s highly sensitive PII.
We all have many online accounts, and when we repeatedly use the same personal information to access these accounts, they become linked together. If a breach occurs on just one of those accounts, all our other accounts and their associated data are also at risk of being compromised.
Users can create up to nine different Sudos and use them in any context (e.g. for banking, selling on Craigslist, catching up with friends, and booking travel). MySudo is compartmentalization at its simplest and best. Learn how to apply MySudo to effectively compartmentalize your digital life.