March 25, 2021

Privacy in Action: Cat Coode, Digital Privacy Engineering and Law Specialist

Cat Coode, Digital Privacy Engineering and Law Specialist

Cat Coode has an extensive background in digital privacy and cybersecurity. She has two decades of experience in mobile development and software architecture, as well as a certification in data privacy law.  She specializes in Privacy Regulation Compliance and delivering privacy education seminars. She’s the Founder of Binary Tattoo, a company that helps parents, schools, and other companies protect their privacy and comply with data privacy regulations. We follow her on Twitter, and we recommend you do as well!

Interview with Cat Coode:

Startpage: What does privacy mean to you?

Cat Coode: To me, privacy is the ability to own and control the information about you. Before the digitization of the world, privacy was what you did behind closed doors. That was largely conceived as actions because thoughts were locked in your head. I suspect that’s why so many people shrug at the notion of personal privacy and answer with “I have nothing to hide”.

Now we are using applications and technology to manage not only our actions but also our thoughts (preferences), our connections (via social media), and ourselves (biodata). This data is then being used to make controlled decisions, sometimes without our knowledge. Which brings me back to the fact that privacy isn’t the data itself, but rather the ability to control it, and retain ownership of what should be yours. 

Startpage: We know confidentiality is one of the components of the CIA Triad of cybersecurity. Is there a difference between confidentiality and privacy?

Cat Coode: Confidentiality is ascribing a level of access to a piece of data. Your name may be public, your age may be partially confidential, your SIN is a need-to-know basis. The level of confidentiality is based on sensitivity of data and risk of harm. Privacy is a much bigger concept and involves the entire lifecycle of the data. Confidentiality answers the who should have access but privacy also answers what is collected, why it is required, how it is transferred and stored, and when it is destroyed. 

Startpage: Tell us a bit about Binary Tattoo.

Cat Coode: I come from a tech background, having studied engineering and worked for over a decade at BlackBerry as a software developer, architect, and in management. I watched how data was collected and used by mobile devices, and how so few people using the products understood how they worked. I started Binary Tattoo in 2013 with the mission to help people understand their digital identities and the permanence of them- hence the binary tattoo. 

Over the years I evolved from cyber hygiene and digital safety seminars to corporate consulting. With a certification in privacy law, I found there was a large gap where companies understood how to check legal boxes but not always how to do the technical implementations that the regulations required. I guide companies through privacy by design methodologies to ensure they have a privacy-first foundation in all their products and services, and assist in getting the right processes and policies in place to reach compliance.

Startpage: You’re an expert on the GDPR, PIPEDA, CCPA, and LGPD. Could you describe what those are for newcomers?

Cat Coode: GDPR (EU), PIPEDA (Canada), CCPA (California) and LGPD (Brazil) are what is known as Privacy Regulations. They are a set of rules determined by a government that ensures that companies are not using and abusing the data they collect from individuals. Regulations like PIPEDA have been around for decades but with the ease of over-collecting and processing data, new regulations like GDPR (2018) and CCPA (2020) were put into place to protect individuals. They come with fines and penalties for companies that do not comply. In some form, all the regulations cover: privacy program governance, privacy engineering/privacy by design, consent management, individual rights with their data, data breaches with notifications, and employee training.

Startpage: What are some misconceptions about digital privacy that laypeople often have?

Cat Coode: Too often people think that companies are looking out for them when they are not. As the adage says, unless you are paying for the product, you are the product. And then even sometimes you pay for the product and it still takes your data (Netflix, Smart TVs, IoT devices). Your privacy is your responsibility. Every time you sign up for a service or buy a digital product you really need to consider what you are giving away to use and if it is worth it. And safest to assume all products are always on- Siri is always listening even when you are not using her, cameras on products are always recording, and so on.

Startpage: What are some ways that digital privacy risks threaten physical safety offline?

Cat Coode: Lots of data can be used and abused in ways not intended. The riskiest of this is location data. Three examples of abused location data:

1. Two developers created multiple bot accounts on Tinder that targeted women until 3 or more bots were able to match with an individual, giving them her location within 150m.

2. Photos contain ‘metadata’ which is hidden data about the photo. This can include the longitude and latitude of the photo location. This data is easily pulled with tools and can often be found in shared photos online

3. Abusers use location on their victims phones to ensure they know where they are at all times. Be very careful when you are using location based apps. Try to set them to ‘only when in use’. Review your settings to remove location based access when not required.

Startpage: What are some things ordinary people can do to better protect their privacy?

Cat Coode: Know your rights. Companies should only be collecting the data from you that is required to run the service. Anything else should be optional. For example, there is a large streaming service that requests both your gender and your birthdate on sign-up. They want this data to better pinpoint music suggestions. For example, they could say if you are a woman born in the 80s, then you are likely to want to listen to the same choices as other women in the 80s. But neither of these pieces of info are required to stream music. The better privacy choice would be to collect an age range (born in the 80s, for example) as birthdate is often used in identity fraud. If you are signing up for any online service, always question what you need to give and what you don’t.

Use your privacy settings. Take the time to go through all of the privacy settings on your phone. It will take a while but you will be shocked about the data you are giving away that you don’t even know about. Make sure to turn off GPS, cameras, and microphones to any apps that do not require them. Do not share access to photos, calendars, or contacts unless required.

Startpage: So Startpage is the world’s first private search engine! What do you think of private search engines? What are features you’d like private search engines to have?

Cat Coode: I love the idea. Google is by far the biggest collector and processor of data. It is great to be able to search without that extra piece of information being added to the stack of what they already have. Since I value privacy, I would be willing to pay for a model that had no ads. Much like cable versus streaming networks, there could be options for no cost use and ads or paid use and no ads.

Startpage: Do you have any other interesting ideas to share with us?

Cat Coode: The internet is a lot like a knife. It is inherently dangerous, but if you learn how to use it safely it is an excellent tool. Do the research, ask questions, and use it safely.


Privacy in Action is a series of interviews with privacy-minded Startpage users from diverse backgrounds. If you are interested in participating in the Privacy in Action or would like to nominate someone to be interviewed by us, reach out to us at [email protected].

The views expressed in this Q&A are those of the interviewee and do not necessarily reflect those of Startpage.

 

Was this article helpful?

Go Private

Make Startpage your
default search engine

Set as default