Privacy and You: Protecting Your Personal Data
Privacy. This single word has stirred up a great deal of controversy throughout the technology industry. Indeed, it can even create a divide between people who care deeply what others know about them, and those who casually wonder what the big deal is.
Why do corporations want people's data, and what types of data are of most interest to corporations? Spam e-mails and phone calls are annoying — but what other aspects of personal data harvesting put you at risk? What is truly at stake for individuals? Finally, for those who do care, passionately, about privacy, what are simple steps that every individual can follow to protect personal data?
We have begun to take steps as a society to protect ourselves from businesses and organizations that have a technically legitimate, if rapacious, interest in our personal data. Individuals also need, however, to consider protecting their data from hackers. Hackers want to obtain sell your data just like corporations — they just want to do it illegally.
I have a close friend who always tells me that corporations (and hackers) want to own you. When I ask him what he means by that, he says that someone who owns your data owns you. If you think about it, he is right. Someone who had my SSN number, my address, a reasonable facsimile of my signature, my driver's license number, my credit card number — the (largely nefarious) possibilities are endless.
For a company, the impact of a data breach can be momentous and include lawsuits and loss of reputation. This can spell millions of dollars of loss when the dust settles. For individuals, who are generally not as well protected or insured as corporations, the financial impact can be devastating.
What is at stake?
First of all, it's good to reflect that, data privacy primarily centers around two ideas: your protection from corporations, and your protection from nefarious individuals. Legally mandated privacy protection hasn't taken off throughout the United States yet, but California put into place a data privacy ruling that limits what corporations can do with personal data and how they must safeguard.
For example, under California law, citizens now have a right to know what personal data is being collected about them, as well as whether (and to whom) and of that data is sold or disclosed. The end user can also say "No" to the sale of personal data. (We all know that this is what corporations want to actually do with personal data.)
An individual is allowed to access their personal data and can request a business to delete any personal information about a consumer collected from that consumer. Also, they cannot be discriminated against by any business or corporation for exercising their privacy rights.
The specific data in question is mostly defined as being PII, or Personally Identifiable Information. The California Consumer Privacy Act (CCPA) defines PII as being information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to (directly or indirectly) a particular consumer or household.
PII can include a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, e-mail address, account name, social security number, driver's license number, passport number, or other similar identifiers.
PII further encompasses data that identifies, relates to, describes, or is capable of being associated with a particular individual. This includes, but is not limited to, a name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Anything that can identify a person specifically through being combined with other data — for example, an address where a specific person has lived — is considered "linked information." Of note is the fact that cookies on a web browser are not considered PII, but cookies can track you to the point that they link you to your PII, thus identifying you.
Take action
It's clear that privacy protection should be a point of at least some concern for everyone. So what can a person do to better protect themselves and their loved ones from a data privacy perspective?
First, don't ever send anything to anyone that you wouldn't send to your grandmother. Indecent or provocative pictures and videos are regularly come to light through misplaced trust, casual behavior, and outright theft. I don't think it's right to steal anyone's private pictures or videos, but there are people out there who will do it just to say they did, not even for profit.
Thus, an important first step to protecting yourself is to not create or store incriminating content in the first place. Don't take pictures you don't want everyone to see. It sucks that we live in a world where such content can't be guaranteed to remain private, but that's life. So be smart and pay attention.
Next, change passwords frequently and use a password app to keep track of them. Many such apps, in addition to being secure and inexpensive, will prompt you to change your passwords on a regular basis. Your passwords are like your underwear in this respect: change them frequently.
On a related note, remember to also periodically change your password hints. Everyone knows what password hints are. The "What was your dog's name when you were little" or "What was your first car" password reset questions. Answer these truthfully and that could spell disaster for your pocketbook.
Hackers carefully surveying your browser history, Facebook timeline, or talking to a friend of yours could get this info. For this reason, don't ever use truthful answers in response to password hint questions. Invent some weird answer and keep a record of it in your password app.
Also, don't ever allow your passwords to be remembered by helpful web browsers. As a people, humans hate to do repetitive tasks, but you must type your password every time, no matter what. A browser that remembers your password is storing it somewhere. Stored data is often not encrypted, providing an easy target for anyone who knows how and where to look.
If a site asks you to remember cookies, don't. This is a pretty new feature for some sites but as U.S. law catches up with GDPR and other international privacy standards, you will see it across the board. The right to be forgotten and the right not to be tracked. You have these rights now, and you ALWAYS need to exercise them.
Delete suspicious e-mails. Especially don't forward them to others to see whether they are "bad." Just delete them. This has been my go-to tip forever. When you receive an e-mail that is questionable for any reason, just delete it. Don't pass it along to tech support, or your computer friend, or your nephew. You are only opening them up harm.
Any time that you can, put two-factor or other locks on transactions. Even if they are a pain, put a code on your e-mail that texts you a second-level passcode. If your bank allows it, put a lock or phone verification on your money transfers.
In summary, the little inconveniences that you have to go through end up making huge inconveniences for hackers (and even corporations) who want to get a piece of your action. Everyone wants to own your data, own your decisions, and own the outcome of your decisions.