What problems you face with data privacy and cybersecurity that you are ready to pay for someone to solve?

[Creator]

What problems you face with data privacy and cybersecurity that you are ready to pay for someone to solve?

Background
I am in brainstorming phase trying to identify problems within cybersecurity and data privacy (law) domains. I am interested in combining both domains as I have vast knowledge of both. Combining I hope will make the entry harder for others, and steer me out of the oversupply of cybersecurity tools.

My data privacy law knowledge covers especially GDPR (I'm from Europe), but any problems concerning data privacy otherwise are welcome as well.

So far I have only come up with system auditing that combines both cybersecurity and GDPR compliance and/or completes Data Protection Impact Assessment (DPIA). Consulting is not necessarily what I want to do in the long run though, as it is tied to my time unless I hire others.

I am very grateful for any ideas you can throw in for inspiration

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[techvx]

Good question, yet not necessarily the best of places to do your market research in. You might be better off interviewing a few executives, managers, and heads of security departments for that. Their answers might be quite revealing.

As for me personally, at an individual level - the honest answer would be, essentially, "none".

Privacy, data safety, and cybersecurity are gradually becoming areas of the bare minimum that must be ensured if a business intends to build a long-lasting reputation / brand / good will in the minds of the people they serve.

You expect a restaurant staff to service you well, for their food to be 10 / 20 / 50 better than a frozen pizza you could buy at a local store and heat up in the oven, for it to have an appropriately relaxing and comfortable environment for a romantic date with your wife or a great evening out with your whole family.

You expect not to curl up in the ball the next day because of a food poisoning, not to be treated with disdain and contempt, and not to be assaulted as you enter, stay in, or exit their premises. That's the absolute bare minimum.

Similarly, as more and more people get to have all kinds of negative experiences because of the businesses they've chosen to trust with their phone numbers, email addresses, and sometimes - much more personal, private, sensitive information (think of journalling), more and more of them will become quite sophisticated and demanding in this aspect.

Is my information going to be E2E encrypted, or stored as a plain UTF-8 text file, that anyone at AWS / GCP / Azure can read, if they want to? Can I scrap my info from the DB of the web site that I am no longer interested in, or will I have to jump through 100 loops of hell only to get slapped in the face with a generic, ticket-style, politically correct version of "sorry, our startup was too busy implementing the new shiny thing for our next round of seed funding to bother with any privacy concerns; we'd also love to reduce the friction of you coming back to us, and to have a chance to continue sending you unsolicited emails; worst case worst, we'll sell your data to other spammers for a bit of cash".

Just as I don't intend to pay anything extra just to make sure I'm able to have a peaceful meal with my family when going out, without being harassed by the waiters, I see no reason to pay anything extra to a business for the bare minimum level of a peace of mind that comes from knowing my information is still mine. Which is why it's been ages since I've used Facebook and WhatsApp as daily personal messaging tools. I don't trust Zuck to give a damn about my interests, given that all of his incentives are aligned only with the interests of the advertisers, milking the hell out of the ecosystem he's now trying to keep afloat.

Perhaps you could crystallize this concept in a vision of your own, and begin to get businesses on board with what's coming. Provided you get to the point where you have a perfectly clear way to structure it all, with the entry barrier further reinforced by your own proprietary, perfectly compliant, and extensively audited encryption/decryption backend solution - you just might position well perfectly well for a fastlane, going forward. But I don't quite see how you could convince someone, at a level of personal relevance, to give you money just to not be harassed by the consequences of the business doing whatever the heck it wants with the information you've entrusted it with. Just the sound of it all smells of extortion tactics.

 

[Kevin88660]

What problems you face with data privacy and cybersecurity that you are ready to pay for someone to solve?

Background
I am in brainstorming phase trying to identify problems within cybersecurity and data privacy (law) domains. I am interested in combining both domains as I have vast knowledge of both. Combining I hope will make the entry harder for others, and steer me out of the oversupply of cybersecurity tools.

My data privacy law knowledge covers especially GDPR (I'm from Europe), but any problems concerning data privacy otherwise are welcome as well.

So far I have only come up with system auditing that combines both cybersecurity and GDPR compliance and/or completes Data Protection Impact Assessment (DPIA). Consulting is not necessarily what I want to do in the long run though, as it is tied to my time unless I hire others.

I am very grateful for any ideas you can throw in for in

1) One problem would be credit/debit card details theft. Two years back my bank informed me that they stopped a suspicious transaction of 2K trying to go through my debit card. Ever since that I lowered my limit and separated the accounts. Only keeping a small amount of cash to the account that is linked to my card.

2) Design different users login for smart phones. I am not sure why this is possible for computers but not smart phone. You can literally lend your phone to anyone without worrying your details being compromised. For family members who live together this could enhance the privacy.

Maybe the solutions exist and I just don't know.

 

[Creator]

Good question, yet not necessarily the best of places to do your market research in. You might be better off interviewing a few executives, managers, and heads of security departments for that. Their answers might be quite revealing.

As for me personally, at an individual level - the honest answer would be, essentially, "none".

Privacy, data safety, and cybersecurity are gradually becoming areas of the bare minimum that must be ensured if a business intends to build a long-lasting reputation / brand / good will in the minds of the people they serve.

You expect a restaurant staff to service you well, for their food to be 10 / 20 / 50 better than a frozen pizza you could buy at a local store and heat up in the oven, for it to have an appropriately relaxing and comfortable environment for a romantic date with your wife or a great evening out with your whole family.

You expect not to curl up in the ball the next day because of a food poisoning, not to be treated with disdain and contempt, and not to be assaulted as you enter, stay in, or exit their premises. That's the absolute bare minimum.

Similarly, as more and more people get to have all kinds of negative experiences because of the businesses they've chosen to trust with their phone numbers, email addresses, and sometimes - much more personal, private, sensitive information (think of journalling), more and more of them will become quite sophisticated and demanding in this aspect.

Is my information going to be E2E encrypted, or stored as a plain UTF-8 text file, that anyone at AWS / GCP / Azure can read, if they want to? Can I scrap my info from the DB of the web site that I am no longer interested in, or will I have to jump through 100 loops of hell only to get slapped in the face with a generic, ticket-style, politically correct version of "sorry, our startup was too busy implementing the new shiny thing for our next round of seed funding to bother with any privacy concerns; we'd also love to reduce the friction of you coming back to us, and to have a chance to continue sending you unsolicited emails; worst case worst, we'll sell your data to other spammers for a bit of cash".

Just as I don't intend to pay anything extra just to make sure I'm able to have a peaceful meal with my family when going out, without being harassed by the waiters, I see no reason to pay anything extra to a business for the bare minimum level of a peace of mind that comes from knowing my information is still mine. Which is why it's been ages since I've used Facebook and WhatsApp as daily personal messaging tools. I don't trust Zuck to give a damn about my interests, given that all of his incentives are aligned only with the interests of the advertisers, milking the hell out of the ecosystem he's now trying to keep afloat.

Perhaps you could crystallize this concept in a vision of your own, and begin to get businesses on board with what's coming. Provided you get to the point where you have a perfectly clear way to structure it all, with the entry barrier further reinforced by your own proprietary, perfectly compliant, and extensively audited encryption/decryption backend solution - you just might position well perfectly well for a fastlane, going forward. But I don't quite see how you could convince someone, at a level of personal relevance, to give you money just to not be harassed by the consequences of the business doing whatever the heck it wants with the information you've entrusted it with. Just the sound of it all smells of extortion tactics.

Thanks for the long and elaborative answer! This is not market research but just idea generation

I very well agree that the solution should most likely be something to sell to the businesses, who want to/are forced to keep their clients data secure and keep the users informed and in control of how the data is used. Of course there are products that try to empower the top .1% most privacy conscious people, such as the blackphone, but I don't know if that market is large enough.

The problem I see with GDPR currently is that it is toothless; Google Analytics for example is illegal, but as the majority use it and nobody is there to punish them all for using it, they can just keep using it. In the worst scenario for businesses they will be given a warning first, at which point they can switch to some alternative before getting any real punishments.

The GDPR officials suffer from resource exhaustion, they are too slow to handle any complaints. And as the first measure they likely will take is a warning, there is no incentive for businesses to use GDPR compliant alternative tools, which as new services/software may be behind in their features. In risk handling sense the risk of getting GDPR penalty is very low for minor breaches of the rights of their users. This makes it hard sell for others than idealistic organizations and public sector actors.

And the other frustration is that many individuals dont care how their data is used. Or maybe they would but they are not able to understand it or they just take the "we take your privacy seriously" at the face value. The outcome is that only small number of users demand data privacy.

Even if someone made free tools/services for individuals to demand their rights, I don't see any mass adoption of them happening. Except maybe as a part of some mass boycott mobbing.

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[Creator]

1) One problem would be credit/debit card details theft. Two years back my bank informed me that they stopped a suspicious transaction of 2K trying to go through my debit card. Ever since that I lowered my limit and separated the accounts. Only keeping a small amount of cash to the account that is linked to my card.

2) Design different users login for smart phones. I am not sure why this is possible for computers but not smart phone. You can literally lend your phone to anyone without worrying your details being compromised. For family members who live together this could enhance the privacy.

Maybe the solutions exist and I just don't know.

Great ideas, thank you

The credit/debit theft problem space contains some partial solutions already, but I am not equipped yet to see whether they are enough.
First there is credit monitoring, which is basically a service you pay monthly that will keep eye on the charges on your card, and will raise alarm if something suspicious is detected. Another is a "honey card" which is basically a credit card issued by a credit union, which they can plant in store databases and such. The honey card will raise alarm if anyone is trying to use it for anything. This makes it possible for detecting and tracing payment card breaches, and makes life of the hackers terrible as their batch of cards will go bad shortly after they try to use the honey card

2. Never thought about this myself! Android at least supports multiple users: Supporting Multiple Users | Android Open Source Project However, it is unknown to me how good support vendors have for actually using it that way.