There's a Holiday for Everything 

No matter if you're a poodle enthusiast, a cheese lover or an advocate for cell phone courtesy, there's an observation holiday for you. 

In the month of April alone, there are more than 50 holidays recognizing everything from the wacky (Don't Go To Work Unless It's Fun Day on April 2) to the serious (Community Service Month).

For me, three April holidays really stand out. Can you guess why?
  • Mathematics Awareness Month
  • National Cannabis Awareness Month 
  • National Inventor's Month
If you guessed privacy, you're a winner! 
  • Inventors are on the front lines of privacy controls with the greatest potential to make sweeping changes to the way innovations are engineered. 
Go April! Love this month! Read on to learn more about privacy, including where society is winning and losing in the fight to keep our personal data private.

us  Data Security & Privacy Beacons
People and places making a difference**

CUNA , the Credit Union National Association, is advocating for legal privacy protections. Historically, industry associations have lobbied to avoid laws, insisting that privacy be a self-governed activity. This is a nice break from the norm.

A University of Minnesota student is fighting hard to change his school's student data records policy. It all started when he found home addresses and phone numbers publicly available on a university-owned online database. He began educating classmates and taking his concerns to the college's president and the board of regents. His work has added momentum to the university's focus on the issue. 

A Georgia school district enabled two-factor authentication (2FA), and the move saved the organization more than $2 million in potential fraud losses! Hackers, enacting a targeted attack, breached the school district's security and gained access to employee's private banking information. However, 2FA prevented any funds from actually being transferred to the hackers' accounts.  

The U.S. Department of Education is working to resolve what it calls "substantial misunderstanding" among local officials and educators around school-based threat to student data security and privacy. It recently issued a set of FAQs to help raise schools' and districts' awareness of the guidelines it published in December 2018. Kudos to them, as there is no such thing as overcommunicating privacy guidance. We look forward to seeing more privacy protection actions from them in the near future. 

**P rivacy beacon shout-outs do not necessarily indicate an organization or person is addressing all of their privacy protection activities perfectly (no one is). It simply highlights a noteworthy example that is, in most cases, worth emulating.
It's like an antibiotic for ransomware

Folks, ransomware attacks are getting worse and more frequent. It's more likely a question of when, not if you will be approached by an attacker who at least claims to have encrypted your data and insists on getting paid to release it back to you. 

Your best weapon against losing time, data and money to these criminals is making frequent, consistent, regimented backups. It's an absolute must. 

Have you performed a full backup of your important files lately? Like within the past month? Or perhaps the past week for those preparing financials and income taxes?

If you're unsure what to back up, ask yourself: If I lost this forever, would I be heartbroken or in legal or contractual trouble? If the answer is yes, back it up! P hotos, videos, tax data, emails, anything that has emotional or practical value, back it up.

Installing an automatic solution that backs up for you in the best way to make sure you stay on top of this, but if that's not right for you, set a calendar reminder. Works like a charm. And, if you have the means, back up to an external hard drive... just remember to disconnect it from your computer when it's not in operation... you don't want those ransomware creeps finding their way into it, too. 


Get more information on the holiday's website.

ftcLow Unemployment Creates Ideal Environment for Job Scammers
Before you consider a new job, look closer

As you listen to the above recording, keep in mind I never  requested any information, as the caller stated. Trying to make their calls seem legitimate is a common tactic among scammers attempting to head off complaints of unsolicited calls.

Fake Amazon Jobs: Candidates are promised six-figure earnings for working with Amazon vendors. 

Fake Seed Money: Candidates are sent a check and encouraged to return some of the money to the scammer and use the rest to get supplies they need to start their business. When the bank discovers the check is fake, the victim is on the hook for the money. 

Fake Secret Shoppers: A check and a job offer arrive in the mail. The recipient is asked to "secret shop" a Walmart or similar store's money transfer service using some of the money from the check. The rest is for them to keep. Except the check is fake, and just like with the scam above, the secret shopper is now on the hook with the bank. 

Fake Purchasing Clerk Jobs: Scammers contact jobseekers who have posted their resumes online to offer a unique opportunity to them based on where they live, often a state with no sales tax. The scammers convince the victim their "company" will save money by running purchases through them. The victim is asked to use their personal credit card for the local purchases, but not to worry... the "company" will reimburse... just send along your bank's routing and account number, and they'll deposit the funds. Of course, that never happens, and now the scammers have unfettered access to the victim's bank account. 

New NIST Privacy Framework needs input from everyone
I'm very proud to be among the privacy advocates working on a new privacy framework for businesses, non-profits, government agencies, inventors / innovators / developers and anyone else who has or will hold personal data. 

It's called the NIST Privacy Framework. NIST is the National Institute of Standards and Technology. It's their mission to provide the technology, measurement and standards that drive all kinds of innovations, from the smart electric power grid to atomic clocks. 

The agency, which is a part of the U.S. Department of Commerce, is very intentional about co-creating standards and measurements with the people who will one day use them or be impacted by them in some way. And when it comes to privacy, that's you; wherever you are located in the world! 

My colleagues and I would very much appreciate your review of our drafts and your sharing of feedback. Are we hitting the target for what needs to be included within a privacy framework? Where are we falling short?

You can find the drafts online at the NIST Privacy Framework website

Looking forward to hearing your thoughts!

 easyU.S. Senate Gives Equifax a Dressing Down
Always interesting to hear legislators' take on cybersecurity
As news of security incidents continue to hit mainstream media at a break-neck pace, legislators are increasingly pressured to get involved. After all, what concerns their constituents concerns them, and more voters than ever before are paying attention to the security and privacy of their personal information. 

When Equifax revealed its 2017 breach, one of the largest the world had ever seen, U.S. Senators promised to look into the incident. After investigating, a Senate panel concluded the breach was caused by an " institutional neglect toward cybersecurity" within Equifax. 

In his testimony before the panel, the Equifax CEO disagreed with the report's findings However, it's noteworthy that this CEO joined the company  after the 2017 breach. 

Lawmakers around the world, at local and federal levels, are becoming much more proactive in pushing for laws and regulations to better protect personal information. Organizations that handle (collect, use, share, secure, etc.) personal data can expect more hearings, penalties and new, more comprehensive regulations to come in the near term.

Rebecca, would I make a good data security and privacy professional? 
I get this question a lot, and even more so recently. Our industry and the advocacy around it is generating a great deal of interest, and I'm so proud to be among the leaders who get to field questions like this from aspiring privacy pros and their family members. 

The one thing I know FOR SURE is the information security and privacy industries could use more diversity. New threats, vulnerabilities and risks are being identified every day, requiring the development of inventive and effective solutions. We can achieve that much more quickly with a broader set of perspectives.

That's why I love getting this question from people who are unsure about their potential to thrive in data security and privacy careers. Those are the people we often need the most. They may not have the traditional background or education, but that's okay. Heck, it may even be GREAT. 

It is always advisable to be an expert in emerging areas (or at least the person who became knowledgeable before others). There are so many developing areas within the disciplines of security and privacy, so my advice would be to find a niche that inspires you and go after it with gusto. Just a few of these are artificial intelligence (AI), Internet of Things (IoT), cryptography and surveillance. 

Two other pointers:

Effective communications can be an important differentiator. Consider developing your talents by taking courses on business writing or speech and debate. 

Look into joining an industry association, such as ACM, IEEE, ISACA, IAPP and/or ISSA. Not only do they have fantastic training opportunities, but the networks available will be incredibly valuable as you work to develop inroads with potential employers and mentors. 

Best of luck!

PPInewsWhere to Find the Privacy Professor  

In the classroom... 

On the road...

May 7, Kansas City: Privacy Impact Assessments: Effective Tools to Identify and Mitigate Security and Privacy Risks, a 1-day SecureWorld PLUS class with 12 CPEs. Have you signed up yet? Hope to see you there! 

If you're looking for an experienced speaker who knows how to bring data security and privacy risks to life... on stage, on the airwaves or over the internet, please get it touch

On the air... 


I'm so excited to be hosting the radio show  Data Security & Privacy with The Privacy Professor on the  VoiceAmerica Business network . All episodes are available for on-demand listening on the VoiceAmerica site, as well as iTunes, Mobile Play, Stitcher, TuneIn, CastBox, and similar apps and sites. 

Hear the perspectives of incredible guests as they talk through a wide range of hot topics.

Some of the many topics we've addressed... 
  • identity theft
  • medical cannabis patient privacy
  • children's online privacy and safety  
  • applications and systems security
  • cybercrime prosecutions and evidence
  • government surveillance
  • swatting 
  • GDPR
  • career advice for cybersecurity, privacy and IT professions
  • voting / elections security (a series)
Please check out some of my recorded episodes. You can view a complete listing of shows to date, grouped by topic. After you listen,  let me know what you think ! I truly do use what I hear from listeners.

SPONSORSHIP OPPORTUNITIES: Are you interested in being a sponsor or advertiser for my show? It's quickly growing with a large number of listeners worldwide. Please get in touch! There are many visual, audio and video possibilities.

In the news... 

Healthcare Info Security

3 Ways to Show Some Love

The Privacy Professor Monthly Tips is a passion of mine and something I've offered readers all over the world for since 2007 (Time really flies!). If you love receiving your copy each month, consider taking a few moments to...

1) Tell a friend! The more readers who subscribe, the more awareness we cultivate.

2) Offer a free-will subscription! T here are time and hard dollar costs to producing the Tips each month, and every little bit helps. 

3) Share the content. All of the info in this e mail is sharable (I'd just ask that you follow


The readers of this tips message are passionate; I hear from so many of you often, and I'm so grateful. 

Please continue to send emails with your thoughts and tag me in social posts with your experiences. It's one of my great pleasures, and provides such reassurance that we're all in this together!

Have a lovely April,

Need Help?

share2Permission to Share

If you would like to share, please forward the Tips message in its entirety. You can share  excerpts, as well, with the following attribution:

Source: Rebecca Herold. April 2019 Privacy Professor Tips.

NOTE: Permission for excerpts does not extend to images.

Privacy Notice & Communication Infoprivpolicy

You are receiving this Privacy Professor Tips message as a result of:

1) subscribing through
2) making a request directly to Rebecca Herold; or 
3) connecting with Rebecca Herold on LinkedIn

When LinkedIn users initiate a connection with Rebecca Herold, she sends a direct message when accepting their invitation. That message states that in the spirit of networking and in support of the encouraged communications by LinkedIn, she will send those asking for LinkedIn connections her Tips message monthly. If they do not want to receive the Tips message, LinkedIn connections are invited to let Rebecca know by responding to that LinkedIn message or contacting her at 

If you wish to unsubscribe, just click the SafeUnsubscribe link below.
The Privacy Professor
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564

Visit my blog    Follow me on Twitter