The tree rings of US immigration

Here’s an unusual way of representing population growth. Pedro M Cruz, from Northeastern University in Boston, takes two centuries of US census data and shows the increasing population as rings of a tree, one for each decade.

For a radical new perspective on immigration, picture the US as an ancient tree
According to Cruz, the tree metaphor ‘carries the idea that these marks in the past are immutable’ and it ‘embodies the concept that all cells contributed to the organism’s growth’. As with so many renderings of US history, indigenous populations are conspicuously absent from the tableau. Still, Cruz’s skilfully deployed data doubles as a resonant work of cultural commentary, offering a rich and often surprising look at the ever-evolving makeup of the country.

There’s more information on the video’s Vimeo page.

Simulated dendrochronology of U.S. immigration (1830-2015)
Trees in their natural setting have annual growth rings that reflect varying environmental conditions; the rings’ forms are neither perfect circles nor ellipses. The algorithm is inspired by this variation and accordingly deposits immigrant cells in specific directions depending on the geographic origin of the immigrant. Rings that are more skewed toward the country’s East, for example, show more immigration from Europe, while rings skewed South show more immigration from Latin America. With this, it is possible to observe the quantity of immigration through the thickness of the rings. The color of the cells corresponds to specific cultural-geographical regions.

Re-thinking supposedly anonymous data

This is a little alarming.

Anonymised data isn’t nearly anonymous enough – here’s how we fix it
We developed a machine learning model to assess the likelihood of reidentifying the right person. We took datasets and we showed that in the US fifteen characteristics, including age, gender, marital status and others, are sufficient to reidentify 99.98 per cent of Americans in virtually any anonymised data set.

Some more examples.

The simple process of re-identifying patients in public health records
In late 2016, doctors’ identities were decrypted in an open dataset of Australian medical billing records. Now patients’ records have also been re-identified – and we should be talking about it.

‘Anonymous’ browsing data can be easily exposed, researchers reveal
A journalist and a data scientist secured data from three million users easily by creating a fake marketing company, and were able to de-anonymise many users.

[…]

“What would you think,” asked Svea Eckert, “if somebody showed up at your door saying: ‘Hey, I have your complete browsing history – every day, every hour, every minute, every click you did on the web for the last month’? How would you think we got it: some shady hacker? No. It was much easier: you can just buy it.”

Lancaster University’s student data stolen

University application processes are in full swing, but here is some reputationally damaging news from Lancaster University.

Lancaster University hit by cyber attack, hundreds of students’ personal data stolen
The full scale of the cyber attack was revealed yesterday (July 22), when university chiefs confirmed that hackers had breached IT systems and accessed student records. […] It said it regretted that the breach has led to fraudulent invoices being sent to some undergraduate applicants demanding large sums of money.

Two days later, and the police have arrested someone for it.

Man arrested over UK’s Lancaster University data breach hack allegations
Names, addresses, email addresses and phone numbers were among the categories of data visible to the hackers. Fraudulent invoices were sent to some, the university admitted. With overseas applicants (of which Lancaster had 575 last year from non-EU countries and 375 from other EU countries) paying fees measured in the tens of thousands of pounds per year, the potential for high returns is great.

Our sources added that around half a dozen students had paid these fraudulent invoices. The highest undergraduate fees for overseas (non-EU) students is Lancaster’s Bachelor of Medicine, Bachelor of Surgery (MBChB) course at £31,540.

It’s more than a little embarrassing, as Lancaster University is one of a number of universities offering degrees in cyber security

Cyber Security MSc – Lancaster University
In addition to the taught modules, you will also work on an individual research project, supervised by two academics from two of the four departments. Through this project, you will obtain an in-depth understanding of the theoretical and practical aspects of cyber security and technology. You will put the skills and knowledge you have developed throughout the year into practice and gain experience of tackling real-world cyber security issues.

Well, there’s a ‘real-world cyber security issue’ for you.

More data breach fines

Flying off to a nice hotel somewhere?

British Airways gets hammered with a record £183m fine for data breach
The incident came to light last September, when British Airways revealed that a sophisticated hack had led to 380,000 customer accounts being compromised, although that initial figure turned out to be an underestimation, with some 500,000 people actually affected, the ICO reckons.

Those folks had the likes of names, addresses, emails, credit card numbers and expiry dates – as well as the security codes on the rear of cards – stolen over a two-week period beginning on August 21, we were told at the time. Although the ICO claims that the thefts began occurring as early as June 2018.

Marriott to face £99 million GDPR fine from ICO over November 2018 data breach
The breach revealed in November 2018 involved the leak of 500 million customer records from the guest reservation database of Marriott’s Starwood Hotels and Resorts division. The attackers – who are unknown but believed to have links with China’s Ministry of State Security – appear to have had access to the system since 2014.

The organisation only became aware of the compromise in September 2018 following an alert from an internal security tool over an attempt to gain access to the reservation system. The company claims that it “quickly engaged” a group of security experts to investigate the apparent attack and “learned during the investigation that there had been unauthorised access to the Starwood network since 2014”.

Update 15/07/2019

Meanwhile.

Facebook’s $5 billion FTC fine is an embarrassing joke
Facebook’s stock went up after news of a record-breaking $5 billion FTC fine for various privacy violations broke today.

That, as The New York Times’ Mike Isaac points out, is the real story here: the United States government spent months coming up with a punishment for Facebook’s long list of privacy-related bad behavior, and the best it could do was so weak that Facebook’s stock price went up.

[…]

From some other perspectives, that $5 billion fine is a big deal, of course: it’s the biggest fine in FTC history, far bigger than the $22 million fine levied against Google in 2012. And $5 billion is a lot of money, to be sure. It’s just that like everything else that comes into contact with Facebook’s scale, it’s still entirely too small: Facebook had $15 billion in revenue last quarter alone, and $22 billion in profit last year.

[…]

That’s actually the real problem here: fines and punishments are only effective when they provide negative consequences for bad behavior. But Facebook has done nothing but behave badly from inception, and it has only ever been slapped on the wrist by authority figures and rewarded by the market. After all, Facebook was already under a previous FTC consent decree for privacy violations imposed in 2011, and that didn’t seem to stop any of the company’s recent scandals from happening. As Kara Swisher has written, you have to add another zero to this fine to make it mean anything.

Known unknowns

An introduction to what promises to be a fascinating new blog from Anna Powell-Smith, “about the data that the government should collect and measure in the UK, but doesn’t.”

Missing numbers
Across lots of different policy areas, it was impossible for governments to make good decisions because of a basic lack of data. There was always critical data that the state either didn’t collect at all, or collected so badly that it made change impossible.

Eventually, I decided that the power to not collect data is one of the most important and little-understood sources of power that governments have. This is why I’m writing Missing Numbers: to encourage others to ask “is this lack of data a deliberate ploy to get away with something”?

By refusing to amass knowledge in the first place, decision-makers exert power over over the rest of us. It’s time that this power was revealed, so we can have better conversations about what we need to know to run this country successfully.

MI5’s poor surveillance data handling

It’s not often a data protection or records management news story gets this much press attention.

MI5 accused of unlawful handling of surveillance data
MI5 has been accused of “extraordinary and persistent illegality” for holding on to data obtained from members of the public. The human rights organisation Liberty has taken the security service to court over the way that it gathers and stores information under the Investigatory Powers Act.

MI5 ‘unlawfully’ handled bulk surveillance data, lawsuit reveals
“The documents show extraordinary and persistent illegality in MI5’s operations, apparently for many years,” said civil liberties organisation Liberty, which is bringing the case. “The existence of what MI5 itself calls ‘ungoverned spaces’ in which it holds and uses large volumes of private data is a serious failure of governance and oversight, especially when mass collection of data of innocent citizens is concerned.”

MI5’s use of personal data was ‘unlawful’, says watchdog
The security service MI5 has handled large amounts of personal data in an “undoubtedly unlawful” way, a watchdog has said. The Investigatory Powers Commissioner said information gathered under warrants was kept too long and not stored safely. Civil rights group Liberty said the breaches involved the “mass collection of data of innocent citizens”. The high court heard MI5 knew about the issues in 2016 but kept them secret.

Liberty’s challenge to UK state surveillance powers reveals shocking failures
The challenge, by rights group Liberty, led last month to an initial finding that MI5 had systematically breached safeguards in the UK’s Investigatory Powers Act (IPA) — breaches the Home Secretary, Sajid Javid, euphemistically couched as “compliance risks” in a carefully worded written statement that was quietly released to parliament.

This was first reported last month …

MI5 slapped on the wrist for ‘serious’ surveillance data breach
Home Secretary Sajid Javid has confessed to Parliament that MI5 bungled the security of “certain technology environments used to store and analyse data,” including that of ordinary Britons spied on by the agency. In a lengthy Parliamentary statement made last week, Javid obliquely admitted that spies had allowed more people to help themselves to its treasure troves of data on British citizens than was legally allowed.

Sajid Javid admits MI5 committed serious safeguard breaches
In a written statement to parliament last week that was not widely noticed, Javid said he was notifying MPs of “compliance risks MI5 identified and reported within certain technology environments used to store and analyse data, including material obtained under the Investigatory Powers Act”.

… but now the story has been picked up by everyone, including the Middle East Eye

UK’s MI5 spy agency handled surveillance data unlawfully, court hears
An internal agency review warned more than three years ago that storage systems may have become “ungoverned spaces”, which would mean that they were operating in breach of both UK and European law. Despite this, MI5 continued to build new electronic storage systems which did not allow the agency to review its contents and decide what material should be deleted, as the law requires. The problems were withheld from the official watchdog, the Investigatory Powers Commissioner, until earlier this year, the High Court was told.

… and even Russia Today and Sputnik News are getting in on it.

‘Extraordinary & persistent illegality’: UK’s MI5 accused of mishandling bulk surveillance data
MI5 has no control of its storage of vast volumes of people’s calls, messages, web browsing history, as well as other personal data that the agency has managed to obtain on the basis of surveillance warrants, which were often issued under false pretext, the High Court heard on Tuesday in a legal challenge brought by the human rights organization Liberty.

Outcry as High Court finds MI5 engaged in ‘unlawful’ storage, handling of bulk surveillance
Ten internal documents from senior MI5 officials, including an 11 March letter from director Sir Andrew Parker, revealed significant non-compliance issues in how citizens’ data had been kept and used, including a subsequent cover-up of internal failures and that “data might be being held in ungoverned spaces in contravention of our policies”.

Let’s hope some good comes from all this.

Setting precedents for privacy: the UK legal challenges bringing surveillance into the open
These debates highlight the importance of collective efforts to assert respect for privacy and other rights as a core part of public life. We are on the cusp of a positive shift in power towards open public debate and accountability about data and the way it is used against us.

Excel timesavers

I sit and stare at Excel for a significant proportion of my day. I can’t believe I’ve not been aware of this simple trick with copying formulas without messing up cell references. It’s saving me an immense amount of time.

Copy Excel formula without changing cell references (or without file references)
It’s quite simple actually!

  1. Highlight the are you’d like to copy
  2. Go to Home / Find & Select / Replace (or press Ctrl + H)
  3. Search for = and replace with a text that’s not in your file – in this example I chose “notinfile” (note as mentioned in the comments in YouTube, you can also replace with ” =”, i.e. a space before the equal sign)
  4. Go back to Home / Find & Select / Replace (or press Ctrl + H) – search for your text – in my example “notinfile” and replace with =.
  5. That’s it!

Here are a few more tips and tricks.

10 easy Excel timesavers you might have forgotten
Microsoft has packed Excel with all kinds of different ways to get things done quicker. However, you can’t take advantage of these features if you don’t know about them. These ten techniques may only save you a few seconds every time you use them. That might not sound like much, but if you can integrate them into your workflow, you’re sure to reap the benefits over time.

Ta ra, Theresa

The press are keen to analyse her political legacy (blah blah blah blah), but I’d rather look at Prime Minister May’s time at Number 1O via two of my favourite things – photos and charts.

The political life of Theresa May – in pictures
A look back over May’s political career, from being elected as MP for Maidenhead in 1997 to Brexit, the snap election that backfired and her onstage dancing at the 2018 Tory conference.

ta-ra-theresa-2

ta-ra-theresa-1

Theresa May: Premiership in six charts
1. She hasn’t been in office long
Mrs May has developed a reputation for surviving in almost impossible circumstances, but she is still among the UK prime ministers with the shortest time in office.

ta-ra-theresa

Google’s GDPR probe

A year on from GDPR Day, and Irish eyes are staring in Google’s direction.

Irish regulator opens first privacy probe into Google
Google’s lead regulator in the European Union, Ireland’s Data Protection Commissioner, opened its first investigation into the U.S. internet giant on Wednesday over how it handles personal data for the purpose of advertising.

The probe was the result of a number of submissions against the company, the Irish Data Protection Commissioner said, including from privacy-focused web browser Brave which complained last year that Google and other digital advertising firms were playing fast and loose with people’s data.

Ireland’s Data Protection Commissioner launches investigation into Google’s advertising and compliance with GDPR
Dr Ryan [Chief Policy Officer at Brave] said his evidence to the DPC “revealed a massive and ongoing data breach” in which Google’s DoubleClick/Authorized Buyers “leaks intimate data about the people visiting these websites to thousands of companies every day”.

I noted The Register‘s footnote on this story, about that “privacy-focused web browser Brave”.

Irish data cops are shoving a probe right into Google’s ads
There is some irony in Brave being built on Chromium, the browser engine built and maintained by – who else? – Google. Ryan told us that Brave had “certainly not” seen any pushback from Googlers involved in the Chromium project.

It could be an extremely expensive problem for Google though, as all the reports are keen to point out, although I can’t imagine it would come to that.

Google is facing its first GDPR probe from Irish privacy regulators
If found guilty, the potential penalties for Google would be enormous. The GDPR authorizes fines as high as four percent of global annual revenue, which would total $5.4 billion in Google’s case. Even more damaging, the company would have to fundamentally reshape its ad system in order to avoid future fines.

There’s quite a lot of attention on Ireland’s Data Protection Commission already.

Ireland sits idly by as GDPR goes unenforced
Politico shares an investigation into why the GDPR’s lead regulator Ireland has failed to bring a single enforcement action against the big tech companies it is supposed to watchdog.

These are hugely complex cases, that will be setting precedents that may redefine how these companies operate.

Irish data official defends tech investigation record: ‘They’re not overnight’
Helen Dixon said the reality is it will take time to produce results from the 18 major technology investigations her office is pursuing — 11 of which involve Facebook or its platforms WhatsApp and Instagram.

“These aren’t matters where we can take in a complaint today and tomorrow make a conclusion on it,” Dixon, Ireland’s data protection commissioner, said during an interview at POLITICO’s Washington-area headquarters. “They’re not overnight, and anyone who understands anything about the process understands it takes time.”

Others agree.

Is Ireland too soft with GDPR enforcement, or just being prudent?
Jules Polonetsky, CEO of the Future of Privacy Forum (FPF), comes down on the side of patience. In fact, he argues that while fines tend to get most of the headlines, they aren’t as important as the major precedents that regulators will be setting – precedents that will “redefine business models.” That, he said, takes time to be done right. […]

Danny O’Brien, international director of the Electronic Frontier Foundation (EFF), an aggressive privacy advocacy group, also isn’t troubled – at least not yet – about GDPR enforcement taking some time to get in gear. “There’s a lot about how the whole system was going to be organized that was left unsaid in the GDPR, so I think it’s fair to say that no-one was expecting anything to happen very quickly,” he said. “It’s not necessarily the Irish DPC’s fault.”

Let’s wait and see, then.

Remember buying music?

Here’s a simple but very effective chart showing the rise and fall of various music formats. This brings back memories.

Visualizing 40 years of music industry sales
For people of a certain age group, early memories of acquiring new music are inexorably linked to piracy. Going to the store and purchasing a $20 disc wasn’t even a part of the thought process. Napster, the first widely used P2P service, figuratively skipped the needle off the record and ended years of impressive profitability in the recording industry.

Napster was shut down in 2002, but the genie was already out of the bottle. Piracy’s effect on the industry was immediate and stark. Music industry sales, which had been experiencing impressive year-over-year growth, began a decline that would continue for 15 years.

remember-buying-music

(Via Cool Infographics)

A typical day, comically speaking

Via FlowingData, here’s a witty visualisation of how we spend our days, on average. It’s just a stacked bar chart, but turning it into a comic “can allow the audience to identify with the story, sparking self-reflection: “Is this how I live my life? How am I different?””

A day in the life of Americans: a data comic
There are three settings in this comic (a bedroom, an office, and a bar), each serving as a metonym for an activity (sleep, work, and leisure). I have also included colors and positions as redundant, but clarifying, codes of classification. Such scenes allow for a novel method of highlighting data; a setting inside a panel is “lit up” by a light source if the activity for which it stands occupied those two hours of Americans the most.

a-typical-day

Self-improvement

The Economist’s charts are usually very clear and helpful, but that’s not to say they can’t be improved – as they themselves show.

Mistakes, we’ve drawn a few
At The Economist, we take data visualisation seriously. Every week we publish around 40 charts across print, the website and our apps. With every single one, we try our best to visualise the numbers accurately and in a way that best supports the story. But sometimes we get it wrong. We can do better in future if we learn from our mistakes — and other people may be able to learn from them, too. […]

Misleading charts
Let’s start with the worst of crimes in data visualisation: presenting data in a misleading way. We never do this on purpose! But it does happen every now and then. Let’s look at the three examples from our archive.

Mistake: Truncating the scale

self-improvement-1

 

Another data protection failure

Hot on the heels of Facebook’s latest password problem, TechCrunch has news of another online service with a very shoddy approach to data protection – i.e. there wasn’t any.

The app, Family Locator, allows families to track each other’s movements, similar to the location sharing option in Google Maps. But it seems the backend database for their nearly a quarter of a million users wasn’t protected at all.

A family tracking app was leaking real-time location data
Based on a review of the database, each account record contained a user’s name, email address, profile photo and their plaintext passwords. Each account also kept a record of their own and other family members’ real-time locations precise to just a few feet. Any user who had a geofence set up also had those coordinates stored in the database, along with what the user called them — such as “home” or “work.”

They tried to get in touch with the developer, React Apps, but to no avail.

The company’s website had no contact information — nor did its bare-bones privacy policy. The website had a privacy-enabled hidden WHOIS record, masking the owner’s email address. We even bought the company’s business records from the Australian Securities & Investments Commission, only to learn the company owner’s name — Sandip Mann Singh — but no contact information. We sent several messages through the company’s feedback form, but received no acknowledgement.

On Friday, we asked Microsoft, which hosted the database on its Azure cloud, to contact the developer. Hours later, the database was finally pulled offline.

What makes good governance?

In an attempt to get rid of the sour taste left in our mouths from yesterday’s post about the rise of populist politics, here are some more award-winning data visualisations via David McCandless and the Information is Beautiful people.

The winners of the World Data Visualization Prize
Conducted in partnership with the World Government Summit, the prize focuses on how governments are improving citizens’ lives. We asked entrants to use the power of data-visualization to illuminate data on the innovations and decisions – seen and unseen – that drive progress.

Here’s my favourite, an interactive overview of the different factors that contribute to happy countries (or not).

GOV|DNA — Discover the DNA of a good government
This interactive visualization enables the exploration of the DNA of a good government. You can analyze and compare multiple indicators to investigate their influence on countries and the related behaviour and performance of governments.

what-makes-good-governance-1

Where is everybody?

Each six months Andy Kirk of Visualising Data highlights some of the significant developments in data visualisation. It’s a great collection, but this one in particular caught my eye.

10 significant visualisation developments: July to December 2018
2. ‘Human Terrain’: A genuinely captivating project from Matt Daniels of ThePudding, ‘Human Terrain’ is a staggeringly detailed, explorable prism map of the world’s population that can trap you into browsing for far longer than you can realistically afford. It evokes memories of a classic graphic from 2006, created by Joe Lertola for Time magazine. There is also a wonderful companion piece, ‘Population Mountains‘, where Matt walks through ‘a story about how to perceive the population of cities’.

When you fly from one part of the world to another, it becomes very quickly apparent just how crowded some places must be, compared to others.

visualising-populations-2

Human Terrain: visualizing the world’s population, in 3D
Kinshasa is now bigger than Paris. Guangzhou, Hong Kong, and Shenzhen are forming an epic, 40 million-person super city. Over the past 30 years, the scale of population change is hard to grasp. How do you even visualize 10 million people?

visualising-populations-3

It puts those incredibly dense housing schemes in Hong Kong I mentioned earlier into context, doesn’t it?

Population growth, like charity, starts in the home, so here’s an animated chart on family sizes in the US.

How many kids we have and when we have them
The chart above shows 1,000 timelines, based on data from the National Survey of Family Growth. Each moving dot is a mother. Age is on the horizontal, and with each live birth, the dot moves down a notch. The green bubbles represent the total counts for a given age.

visualising-populations-1

It’s interesting to watch the chart populate. You’ve got to wonder about the stories behind those outliers though.

GDPR is still a thing, right?

Some recent data protection stories that have caught my eye.

French data watchdog dishes out largest GDPR fine yet: Google ordered to hand over €50m
The French agency, CNIL, ruled today that the search giant had offered users inadequate information, spreading it across multiple pages, and had failed to gain valid consent for ads personalisation. […] The CNIL concluded that Google had breached the General Data Protection Regulation in two ways: by failing to meet transparency and information requirements, and failing to obtain a legal basis for processing.

Amazon, Apple and Google face data complaints
General Data Protection Regulation (GDPR) rules say EU customers have the right to access a copy of the personal data companies hold about them. However, privacy group noyb said it found that most of the big streaming companies did not fully comply. It has filed formal complaints, which if upheld could result in large fines.

Google accused of GDPR privacy violations by seven countries
Consumer groups across seven European countries have filed GDPR complaints against Google’s location tracking (via Reuters). The European Consumer Organisation (BEUC), of which each of the groups are a member, claims that Google’s “deceptive practices” around location tracking don’t give users a real choice about whether to enable it, and that Google doesn’t properly inform them about what this tracking entails. If upheld, the complaints could mean a hefty fine for the search giant.

The NOYB organisation gets mentioned a number of times there.

Max Schrems: The privacy bubble needs to start ‘getting sh*t done’
After years locked in numerous long, drawn-out and often bitter legal battles, Schrems decided to launch a nonprofit aiming to help people bring their own consumer privacy cases to court.

The plan is for NOYB (None Of Your Business) to take advantage of the incoming European Union General Data Protection Regulation, which offers more options for collective redress across the bloc, and harness the momentum Schrems has built up with various high-profile court cases.

Seems to be working. (Via)

The best data visualisation work of 2018

Another end of year roundup, this time looking at data visualisation design.

Information is Beautiful Awards 2018: The Winners
Let’s raise a glass to dataviz that pushes boundaries, illuminates truth, and celebrates beauty. Thank you to everyone who joined us on the Information is Beautiful Awards journey this year – now see which entries took home trophies at tonight’s spectacular ceremony.

There is so much to pour over, here. Two that stood out particularly for me was this visual representation of a Beethoven string quartet and this unusual view of our lively planet.

Dynamic Planet Interactive Scientific Poster
The Interactive Scientific Poster „Dynamic Planet” was designed and developed for the exhibition „Focus Earth” of the GFZ German Research Centre for Geosciences in Potsdam. One of the main advantages of a digital poster is that it can display dynamic content. This is at the same time the essential statement of the scientific poster “Dynamic Planet”: our earth never stands still, is permanently shaken by earthquakes. These tensions are measured by three measuring points of the GFZ and their data is visualized in real-time in an interactive poster in the exhibition context. The viewer is given a direct impression, he can be a “witness” to current measurement and research.

data-visualisation-2018

This video demonstrates how people can interact with the poster, to navigate the large amount of data presented in an intuitive, visual manner.

Dynamic Planet – Scientific Poster
The challenge for the interface design was to ensure a clear overview, despite of the massively many events. The solution consists in an interactive graphical representation of the events by filtering the earthquakes by eg. magnitude and depth. A special visual feature of the scientific poster “Dynamic Planet” is the representation of the earthquakes depth in a transparent, rotating globe.

Introducing children to data visualisation

The economist and dataviz blogger Jonathan Schwabish took on an unusual challenge, to introduce his son’s primary school classmates to data visualisation.

I wouldn’t know where to start — I’m still not sure of the difference between a histogram and a bar chart — but cleverly, Jonathan begins with examples of diagrams everyone is familiar with. Maps.

Teaching data visualization to kids
I then introduced the term “choropleth” and showed them this map of graveyards in the US and this map of McDonald’s (a couple of kids actually tied the two together!). I also showed them a clip of Aron Koblins’ Flight Patterns project (my son loves this one)—the simple and intuitive animation, and black and white color scheme make it easy to follow. I also showed them a video of Martin Wattenberg and Fernanda Viegas’ Wind Map, again, something I think they could all relate to.

He then asks the children to draw their own maps, of their homes rather than the whole world, and to add in any data they liked.

I then passed out tracing paper and, bringing up the graphs I showed them earlier in which color, dots, lines, and bubbles were placed on top of the map, I asked them to plot any data they liked. … Could they add differently-sized bubbles to their favorite rooms? Could they draw lines showing their paths through the house? What about smiley faces for the most fun room?

children-data-visualisation-1

What a fantastic idea. I hope others are similarly encouraged to spread the word in this way. As he says in his conclusion, helping children to understand graphs is a good thing for many reasons.

I’d love to see a way to make data visualization education a broader part of the curriculum, both on its own and linked with their math and other classes. Imagine adding different shapes to maps in their Social Studies classes to encode data or using waterfall charts in their math classes to visually demonstrate a simple mathematical equation or developing simple network diagrams in science class. The combination of the scientific approach to data visualization and the creativity it sparks could serve as a great way to help students learn.

(Via FlowingData.)

Stolen millions

More announcements of company data (our data) being stolen. The numbers involved each time are just incredible.

Hackers breach Quora.com and steal password data for 100 million users
Compromised information includes cryptographically protected passwords, full names, email addresses, data imported from linked networks, and a variety of non-public content and actions, including direct messages, answer requests and downvotes. […] In a post published late Monday afternoon, Quora officials said they discovered the unauthorized access on Friday. They have since hired a digital forensics and security firm to investigate and have also reported the breach to law enforcement officials.

Whenever these stories are reported, the articles often end with a little summary of other recent snafus. The one above ended with:

Quora’s post is only the latest disclosure of a major breach. On Friday, hotel chain Marriott International said a system breach allowed hackers to steal passport numbers, credit card data, and other details for 500 million customers. In September, Facebook reported an attack on its network allowed hackers to steal personal details for as many as 50 million users. The social network later lowered the number of accounts affected to about 30 million.

A post from The Register, about that massive Marriott breach, concluded with this reminder of previous losses.

Marriott’s Starwood hotels mega-hack: Half a BILLION guests’ deets exposed over 4 years
Few hacks of individual firm’s customer data have come close to the scale of this one. The Yahoo! breach in 2013 saw three billion email accounts breached, while Carphone Dixons, the UK electronics retail chain, managed to lose control of 5.9 million sets of payment card data. In the US, the US Government Office for Personnel Management (which handles sensitive files on millions of government workers) had the personal data of 21 million employees’ breached by hackers.

Another day, another data protection issue

We’re generating data all the time, without realising, and without really knowing where it all goes.

Users told to ditch OneDrive and Office 365 to avoid ‘covert’ data harvesting
Microsoft Office and Windows 10 Enterprise uses a telemetry data collection mechanism that breaches the EU’s General Data Protection Regulation (GDPR), according to a 91-page report commissioned by the Dutch government, and conducted by firm Privacy Company.

It’s not just Microsoft in the firing line, of course.

With GDPR now several months into play, data watchdogs across Europe are beginning to take their first steps in the new regulatory landscape. Microsoft is the latest in a line of major companies accused of breaching GDPR, with Oracle and Equifax among seven firms reported for violations by a data rights group last week.

And that story about Google’s AI company having access to NHS data is still rumbling on.

Google: Our DeepMind health slurp is completely kosher
DeepMind told The Reg: “It is false to say that Google is “absorbing” data. This data is not DeepMind’s or Google’s – it belongs to our partners, whether the NHS or internationally. We process it according to their instructions.”

That claim, echoed by DeepMind Health chief Dominic King, brought a swift correction from legal experts. “It doesn’t belong to DeepMind’s partners, it belongs to the individuals,” Serena Tierney partner at lawyers VWV. “Those ‘partners’ may have limited rights, but it doesn’t belong to them.”

I wonder if we’ll be seeing more of these issues, what with one thing and another.

What the potentially useless draft Brexit agreement means for tech
One of the big questions for Brexit is data protection, and the agreement seeks to hold onto the status quo. Scroll through to Article 71 for the text, which says that EU data protection law will continue to cover the UK before and after the transition period, which runs until the end of 2020. That means personal data can continue to flow between the UK and the EU.

“This issue is critical to the tech sector and to every other industry in a modern digitising economy,” says Tech UK CEO Julian David in a blog post. Data’s the oil that greases tech, and all that.

That doesn’t mean that GDPR will continue to apply in the UK post Brexit. Christopher Knight, privacy lawyer at 11KBW, notes that the UK will become a “third state”. That means the UK won’t be required to apply GPDR and other data laws to “wholly internal situations of processing”.

Update 20/11/2018

Well, here’s a thing. I’m still getting used to this new Android phone, with its Google news feed thing, and some time after first drafting this post I was browsing through it and came across the article below. How did it know to surface stories about DeepMind? I’m sure I hadn’t searched for it, but came across it in a newsletter. Is Google reading what I type into WordPress?

Inside DeepMind as the lines with Google blur
Last week, the line between the companies blurred significantly when DeepMind announced that it would transfer control of its health unit to a new Google Health division in California. […]

In March 2017, DeepMind also announced it would build a “data audit” system, as part of its public commitment to transparency. The technology would allow NHS partners to track its use of patient data in real time, with no possibility of falsification, DeepMind said. Google did not comment on whether it will finish the project.