Episode Transcript
[00:00:00] Speaker A: Danielle, welcome aboard to the show. So happy to have you with us today.
[00:00:03] Speaker B: Oh, thank you for having me.
[00:00:05] Speaker A: If it would be possible, I'd love for you to share your origin story. What led you to writing your two digital assassin books?
[00:00:14] Speaker B: The I want to say the first one was more of, in my mind, a protection mechanism. I am a whistleblower against the federal government here in the United states. And in 2022, I noticed that events and documents were being fabricated. And I will say, I won't say that I was scared, but I became very concerned. And so that's what led me to write the first digital assassins book, which was, I say it's a fictional book, but it's based on true events. So I wanted to be able to tell my story and exactly what was happening again, because I saw events and documentation being fabricated and I wanted to have a documented record in the public that explained what was happening. And so after that, I want to say about a year later, I wrote the second book, which talked about my experiences in using the judicial system or filing complaints with inspector generals. So that's kind of where my origin for me to write the book started.
[00:01:24] Speaker A: Are you able to share us, share with us a little bit of what the issues exactly were? What were the concerns that you had?
[00:01:32] Speaker B: Sure.
What I tell people again, that I'm a whistleblower. The events that I whistleblow or that I told about were not salacious. They were extremely boring. It was, in my opinion, certain acquisition laws were not being followed or personnel policy wasn't being followed. And the response that I got to me making those disclosures to me was, I mean, I couldn't believe the response I was getting. And so the first I'll say responses were retaliation from management, such as like lowering my performance, appraisal, interfering with other job opportunities, things like that. Mostly more administrative issues. Then when I left, I believe I was blackballed. I'm having problems finding another position.
[00:02:28] Speaker A: Where do you think that you would have advised the general public on looking at their own matters and making sure that they're properly secure?
[00:02:40] Speaker B: I would say for me, because I'm not an overly technical person, I am more of an operations, more of a administrative person working in IT and security is that you can have the best technical solution, but human behavior or human misbehavior will trump a good technical solution every time. So what I said, one of my goals, especially now that I look at my experience holistically, is education, awareness, not only to the general public, but for those of us like me, who are project managers or program managers that we can look at, I say insider threats and that we can become the insider influence to look at things more from a human behavior or risk management perspective. Like I said, you can have the best technical solution, but if the policies aren't in place, if there aren't technical solutions to support those technical, those policies, you can have bad actors who can put both you or your company or organization at great risk because we didn't look at human behavior as part of our risk analysis.
[00:04:02] Speaker A: Daniel, I have a really difficult question to you and this is something that we experienced as well. Personally, when you have bad behaviors in the organization, you know, it's not ideal, but there can be serious repercussions for individuals reporting. How do you balance out that decision to report a bad behavior and be able to sleep at night as opposed to and in addition, you know, pay that very personal price.
[00:04:33] Speaker B: Based on my experience. And you're right, it is not a pleasant, like I said, for me, I've been going through this for seven years. So the first thing that what I would recommend or the advice that I would give people is that to connect with a some type of whistleblowing community, that would be the first thing that would tell anybody before you report on any behavior, connect with that community. Because what they will be able to do is to get you prepared for the retaliation that more than likely you're going to face. I have not encountered anybody that didn't say that they didn't encounter any type of retaliation. The second thing is that in general, whether you're a whistleblower or not, is that get in the habit of taking good notes and keeping good records. Because the other thing that I see, because I think most of us in the general public, we are law abiding citizens and we want to do the right thing. And if you notice a bad behavior or something that was illegal or unethical and you don't report it, when it does show up, the organization or management, they will be looking for a fall guy. And the person who's going to be the fall guy is the person who does not have good documentation. So even if because you're concerned about your safety or how that might impact you from a financial perspective, and those are good and understandable concerns to have, just make sure that you have your documentation where you notice the behavior, who it was that was doing it, that you weren't part of it. And then if there were questions, because they will, well, why didn't you report it? Well, look what happened to The Boeing whistleblowers or look at what happened to whomever. I had a concern that I didn't want to be one of those individuals. So make sure you keep good records. Also.
[00:06:39] Speaker A: Is there, is this just, you know, something you write to yourself or is there a way that, you know, this information and records can also be considered legal or illegal in the future?
[00:06:51] Speaker B: I would say that would have a few ways of doing that. So one, keep a journal where you for yourself, for your own records. The second is that you can use email, for example. If you are directed to do something that you with which you're not comfortable or you believe it violates either a law or a company policy, you can always follow up with that individual who gave you that direction. And like I always tell people, you don't have to be rude or belligerent about it. You can just say so and so, you know, Jane Doe or John Doe. I just wanted to follow up on our conversation earlier.
This is my understanding you requested that I, X, Y and Z and I wanted to ensure that that was your direction. And the reason that I'm following up is that, you know, just on my interpretation of company policy X or whatever law, this might be in conflict with that. But if my interpretation is incorrect and that is your direction and there's no conflict there, I just want to make sure that you know, I'm doing the correct thing and you can send that email.
And what my experience has been is that a lot of people don't like to respond in writing, but you just keep that paper trail to yourself and send it to that individual. It'll be in your sent box, print it off and keep a copy.
Another thing that I do also tell people is that anything electronic can be manipulated.
Electronic records can be manipulated. And even though, and I understand and I support, I do support for environmental reasons, we try not to keep a lot of paper. But until laws are changed and things have changed, paper records are the best way to be able to cover yourself.
[00:08:49] Speaker A: On the one hand, the second that you're let go or you separate from an organization, they're closing down your account. You do not have access to it. So if there's any illegal matters which require it, actually your employer has all the information, you have nothing. But on the other hand, all those interactions were your employer's data. And if you printed take it out home, is there a concern here that you're actually taking information that you don't own?
So you're maybe breaking a different law? What's the balance between those Two items.
[00:09:24] Speaker B: I would say, and that would be something for each individual. You would have to do your research. For example, there are some things that would be considered like organizational company property.
I have heard, I'm not going to say I've talked with anyone directly, especially people who do contracting, whether it's the government property or not. I'm keeping all of these records because I think they lost like seven years, and after seven years, they'll get rid of it. But especially I want to say here in the US with contracting records, you can go to jail. And so they're like, I'm more concerned about being set up later. So for the first things that people to keep, to do your research, to see what you can keep and what you can't keep. And there's another way that you can get information, at least there should be, I think, in every country, but definitely here within the United States, there's like a Freedom of Information act or some type of information act at the state level where you can request records, where you do a formal request for certain records and they'll have to provide you something. And even if they're redacted, you able to get the records that way. So there are a few ways that you can. If you can't necessarily get the information while you're, even while you're at the employer, you can use those information acts or information laws to request the information and get a copy to make sure that you have it for your records.
[00:11:12] Speaker A: Interesting.
So first of all, I need to counteractivate you. You have just released your latest book called Protecting How Data Theft Can Impact you.
What doesn't the public know about their private information online? What is data theft? What does that look like?
[00:11:30] Speaker B: So, and I will say this is Danielle Spencer's definition of it. Data theft occurs when someone who's in a trusted position, and when I say trusted position, it's someone who, because of their job duties, they have access to your data. So it's someone in this trusted position and they abuse that position and they either collect, disseminate, share, they do something with that information that is not in line with the company or the organization's rules. And I'll give it like a really quick example. This could be someone who works in the doctor's office. And let's say they see patient that come in and out all the time. And one of the. And they have no ill will, but they're curious. I see this one patient and they're coming in the doctor's office all the time. I want to know what's going on with them. And so they'll look at the person's medical history to find out what's going on with them. Again, no ill will, but curiosity is not a basis for looking at someone's medical records. So that is kind of what data theft is. And it is my belief that it occurs a lot more than what people realize. And when people, regardless of their motive, can use their position.
Like I said, the office worker could be database administrator, it could be an HR individual. Anyone can use their position to access your personal information, and you don't know their motive.
That puts all of us, even organizations, at a disadvantage because that information can be shared, it can be sold, anything, it can be used in retaliatory records, anything. But it's your information. And most of the time, because it's data theft and the person's in a trusted position, they're talking about factual information. It's actual facts. It's not something that's made up.
[00:13:33] Speaker A: And I mean, you know, we go into the doctor, we give the information that they, that they need. Is there any way for us to protect ourselves? I mean, what, what would somebody even do in a situation like this?
[00:13:45] Speaker B: Well, that's one of the things I want to say, me personally, is a, an area of passion that I have. Now, I never thought about this before, especially not before becoming a whistleblower, is that how much of our data and our personal data either is available online or that people have access to. And there aren't laws, there aren't policies really to protect us. There are some things out there, but it really is nothing like to protect us. And I'll use a different example in the federal government here, if you're associated with or connected or employed by, they have at least seven. And it could be if you've worked for a federal government a long time, up to 30, 40 years of your personal data. And right now, as long as the person says it's within their scope of their duty that they can access your data and use any excuse that they want. And so right now, like I said, the laws are not there to protect us. The what? I believe there's somewhat of an infrastructure there when people, especially if it's electronic, you can get a log of who's accessed data, but there's no laws or anything that are really there that compel governments or private organizations or even nonprofit organizations to disclose to individuals that, hey, your data has been accessed by this person and, or any type of notification. So those are the things that I have A passion about making sure people know that these are something that we need. Especially as things become more electronic, things become more digital, that we know that these things are occurring and laws and policies need to change or be updated or even created so that our privacy is protected.
[00:15:53] Speaker A: Neil it's one thing when you know, you're giving information in a healthcare or government situation, but we're giving our information, sensitive information freely online on social media is an aspect of this also around today's culture as opposed to the laws in some respect.
[00:16:15] Speaker B: And let's say with social media, you're not necessarily given information such as where you've lived for the last seven years.
There's some people like when they take trips, they might do that, but you're not giving them your license. You know, you're not giving your license number or your passport number, you're not giving the date of birth of your in laws or your stepchildren. Majority of us are not giving that type of information. So there is, I would say with social media there is some concern there. But for me, the more or the bigger concern is companies being able to collect our data and be able to disseminate. And I'll give an example in the state of Maryland, let's say if you have some type of lawsuit, you can go online and get all this lawsuit information.
And let's say that someone was going through a financially rough time when the company is suing them for whatever they owe, that all that information is available online. So you can just go into this database. You don't have to have a business reason to know, but you can pull up a low point in someone's life and get part of their Social Security number, their address, who the company is, all of this information. And am I thinking, when I saw this, I said, why is that information available? What good is it to the public to know this information and not even being able to track who's accessed it and see if there was a need for them to know. So I'm gonna say that's more my concern. There is some concern with social media and I think especially with younger people teaching them, once you put it out there, it's out there all the time. But the bigger concern is factual information that's being put out by organizations and us not knowing who's accessed it and what they're doing with it.
[00:18:22] Speaker A: Daniel, I appreciate you coming on the show today. We have just one question that is scripted and we ask everyone, and it's a difficult question at that.
If you had to go back to 20 something year old. Danielle, what would you advise her?
Wow.
[00:18:45] Speaker B: At the age of 20 I was, I want to say mid point in my career and I would probably have given her like different career advice.
I wanted to be a doctor. That's kind of where I started off in my mind. I wanted to be a doctor.
When I went to my first autopsy, it was not a pleasant experience but I learned that that was not the right way to go. So if I could go Back to the 20 year old me, I probably would have said instead of going into the medical field, you probably should have done something like criminal justice or something in the legal field. So that would be the advice that would have given my 20 year old me that a different career field is probably where you should have been.
[00:19:32] Speaker A: Neil, thank you so much for coming on the show today. I appreciate you.
[00:19:36] Speaker B: Thank you.
