- August 19, 2017
- Posted by: cyberanalyst
- Category: Blog, CISSP, Consulting, Cyber-security and Ethical Hacking Training, Development, Others, Project and Research Nigeria, Softwares, Technologies
Some people have a habit of not reading through the Terms of Service whenever they want to get a new application or buy a new device. I must let you know that this is a big mistake because most of the apps that are available in the market commonly known as graywares rely on you to get access to your personal information. The developers know that a lot of people do not read through the Terms and Service so they often include languages that are capable of authorizing a massive invasion of privacy. You may have noticed at the same time that most of the Terms and Services are just boilerplates. Now how do you read through a Terms of Service in order to find out what it is it as concerning privacy without having to waste a lot of time on reading standard terminology?
What are Terms of Service?
The Terms of Service commonly abbreviated as ToS is legal document b\used by websites and internet service providers (ISPs) that contain user’s personal information like social networking services and e-commerce.
Elements of Terms of Service?
A typical ToS contains the following
- Definition of keywords and phrases and disambiguation.
- Rights and responsibilities of the User.
- Expected/proper usage or a potential misuse
- Accountability for all online actions, conducts and behaviour
- Outline of personal use also known as privacy policy
- Details concerned with payments like membership or subscription fees etc
- Policies for opting out-detailed procedures for opting out.
- Arbitration carrying details of how the dispute is to be resolved and the extent of rights to take issues to court.
- Notification of the user whenever any modification is made.
Privacy Policy
I mentioned privacy policy to be a key element of Terms of Service. Now I will shed some more light on privacy policies.
The area you really have to focus on when reading Terms of Service is the privacy policy because it is the aspect that handles security and integrity of your data. Every other information on the ToS is not really necessary as regards securing your data. Therefore, whenever you come across a typical ToS, just scroll to the part that has the privacy policy and start reading from there.
There is a second problem you may come across while reading through the ToS, which is the fact that the Terms of Service are usually written in legalese. This makes understanding some worth difficult even for people who are in the habit of reading such documents.
Let me teach you how to decipher the privacy policy document.
The first thing you must know is that every privacy policy basically has five parts:
- Notice: This part basically is the most important part of the privacy policy. It tells you what information you will collect and how that information will be used. It describes the information practices.
- Security: This is also another important part of the privacy policy in that it informs you on what the company is doing in order to secure the data that they have gotten from you. Possible security measures include: Administrative security, physical security and technical security.
- Access and Correction: This is the part that details out who can access your data and who the data can be shared with and the circumstances.
- Consumer choice: It provides an opt-out option as to how consumers may disclose their personal information to any unaffiliated third party agent.
- Enforcement: This involves details out measures on how to enforce the privacy policy. This can be managed by the company or by a third party independent agent such as BBBOnline and TRUSTe to check for compliance to the privacy policies.
Please take note that every renowned and reputable organization desires that their privacy policy is transparent as much as it can be while also adhering to the letter of the law. But on the hand, there are companies that may want to take advantage of you and therefore will make their policies unnecessarily complicated.
Details to look for in a Typical Privacy Policy
Since there is a plethora of privacy policies for different companies readily available online, it can be however very difficult to streamline directly to what can be found on the privacy policy. However, these are a few things you can look out for
- A comprehensive list of what kind of data is required from you. There are some kind of information organizations have to collect from you in order to make their products function for you. They always have to tell you what the type of data that should be collected from you.
- A list of all the persons they are sharing information with and why they should share the information. The general language here will be vague such as third parties.
But under what circumstances should your data be collected from you? And do they only share this with companies that have security policies and is it done in the course of a normal business transaction?
Now, if there are not properly explained clauses as to who these third parties actually are and when they can share your personal data, then this can be a big warning signal for you.
- The language of the privacy policy should be focused on how they are intending to protect your data. This will include a detailed explanation on how the data is stored. Now carefully look through for this part in the privacy policy. If it is missing then it is as well a good warning for you, go on and look for another or better still a competing piece of software or hardware device that performs the same function.
- If you have any doubts, be sure to send an email to the customer service of the provider with all your questions clearly outlined. Reputable organizations or companies will normally and most likely answer all your questions promptly.
Sometimes the problem may not be that the company does not want to answer your questions or do they have an intention to do some nefarious with your personal data. It might just be that they are not taking seriously your internet security and privacy seriously enough. This can be just a type of lax security which sets you and them up for a major security breach.
As parting words, it is very important that you take a little time to read through licensed documents and terms of services. At least scroll through for a minute before checking the “i agree” box. Subscribe to learn our security course at SOUTECH Ventures where you will thought and equipped on things you need to know in order to become security conscious. Call us today to get a certification in CEH.