What are you worth?

Determining the worth of something can be tricky. If you ever watched Antiques Roadshow on PBS, you know that often two values are given for an object; one for auction, one for insurance purposes. Two perspectives, two values. Sometimes a thing has different values depending on whether you want to keep something you have or get something you don’t have.
For example, people put different values on a reclining seat on an airplane depending on whether they were paying to prevent the seat in front of them from reclining or to allow their seat to recline. Your personal information has various values depending on who is buying or selling it. Let’s look at some
From www.bleepingcomputer.com, we see values for bank logs. Commonly found on underground markets, bank logs, are essentially access to victims’ bank accounts. Their value depends directly on the balance.

This gives an idea of what the black market value of some personal information is worth. But what about all those data brokers that collected, buy, and sell your information that you willingly gave for various reasons? Or, companies that acquire other companies to get access to their user base?
WhatsApp was acquired for $19 billion, or $30 per user. Instagram was acquired for the same price per user. But what if you want to get marketing information to use legally to sell product? Here are a couple of nuggets from Techcrunch.com.

These professionals collect all types of personal data (such as public data, loyalty card data, etc.) and sell it. The value of this data varies, but is often below $1.
…general information about an individual (age, sex, locality) costs only $0.0007.
…to obtain a list containing the names of individuals suffering from a particular disease, you need to spend about $0.30 per name.

Your information is worth anywhere from a small fraction of a penny to $60 or more. In an acquisition, it is not just your information that has been sold, it is you as a user. The sad part is that we are the product and don’t share in the profit.

How did this information get collected? In most cases, we give it willingly and with our permission by using loyalty cards, installing programs and apps on our laptops and mobile devices. A 2015 suit against Comcast showed that even paying to have your information kept private does not always work. Comcast had to pay $100 to users who paid to keep their data private, but was sold anyway. Apps we install on our phones have trackers that share data with all sorts of other companies, and this is almost never clearly stated when installing the app. But, who reads those terms and conditions anyway?

Between data breaches, programs that leak data, hackers, and phishers, it is surprising that any data is private anymore. While you may feel that the exchange of information for some perceived or real benefit is a good deal, keep in mind that cavalier data sharing can come back to bite you. Perhaps the real valuation of personal data comes when it is used illegally and we have to clean up the mess. Clearing identity theft damage can take a lot of hours, and money. With widespread data breaches and an unending barrage of phishing attacks, our data will get out. Our only hope is to be vigilant and actively scan for indications that we are exposed.

Periodically check https://haveibeenpwned.com to see if any email addresses you use have been exposed. There you can find out when and how you have been exposed. Additionally, https://breachclarity.com can give you an assessment of the severity of the breach. Setting up email alerts on all your accounts for new activity will let you know what is happening as it happens. In the age of information access, we need to be actively involved in protecting ourselves. No one else will do as good of a job as you, if you are willing to expend the effort. If not, please contact me as I have $10,000,000 that I need a trustworthy party to help me with. ????