The global pandemic has accelerated a long-term trend toward living more and more of our lives online. Working, schooling, shopping, socializing and many other daily activities that used to conducted principally offline have now migrated to the digital realm. One consequence of this shift has been the proliferation of personal information publicly available on the internet and rising concern about privacy.
Someone performing a simple, free Google search on your name will likely learn where you live, where you work, where you went to school, your date of birth, who your family members are and a host of other personal information. This information can pose a risk to both individuals and organizations if it’s leveraged for nefarious purposes like identity theft, stalking or spear phishing.
Taking control of your data online is an uphill battle—it’s much easier to give your data away, than to claw it back. But there are steps you can take to significantly reduce your digital footprint.
How is Your Data Collected?
When seeking more control over your data on the internet, it’s important to know how it got there in the first place. The top three sources are: information that you willingly post online, especially on social media accounts, public records and data scraping.
The quantity and nature of public information about you on social media is largely driven by your own behavior—and that of your friends. Both discretion in what information you post, and use of privacy settings to limit your audience, are critical in keeping personal information off the public web. Also consider who is permitted to share your posts or tag you in photos, as their security habits may differ from yours. In addition to social media, there are many other means through which you may be sharing information without even realizing it. Examples include signing up for mailing lists, participating in polls, entering contests and using free credit check services. Free credit monitoring companies collect any information you provide and often sell it to other parties.
Public records, such as utilities information, include personal data that’s frequently shared without your knowledge or consent. Even if you don’t use social media, you probably have phone, electric, water and other utility records.
Data scraping, which involves the use of software to extract data from websites, is another way your personal information gets onto the web. This data is regularly collected and resold, often without permission. Data scraping was blamed for several major privacy leaks in 2021, including the exposure of 533 million Facebook accounts and 700 million LinkedIn accounts. The legality of this practice was reaffirmed in a recent court case that declared LinkedIn could not prevent hiQ Labs, a data analytics company, from scraping LinkedIn’s website for employee data.
The ever-growing array of smart devices that have replaced our phones, watches, televisions, thermostats and other home appliances are also constantly collecting data. The information gathered by our phones and IoT devices can be extremely personal. The GPS sensors in phones along with the logs on smart thermostats and other devices can be correlated to provide a highly accurate picture of our daily routines. Personal health tracking devices even have insight into intimate areas like menstruation cycles and sleep patterns.
And, of course, data from hacked accounts is available for sale on the dark web.
Adopting a Realistic Approach
The myriad ways personal data is collected can feel overwhelming, and you may feel a desire to completely erase yourself from the internet, but it’s important to maintain a realistic perspective. Despite what any company may promise, there’s no way to completely wipe your online data. Some data collection methods can be stopped or minimized, but others cannot. Online exposure is a fact of modern life. However, you can take back some measure of control by being intentional about what you share, choosing privacy when given the option and exercising your rights.
Taking Back Control
If you are willing to put in some time and effort, there are several methods to limit how much of your personal data is published online. Here are some recommendations:
- Identify what information you’re willing to share: Make a list of basic information that you’re comfortable posting online, such as your name, city of residence or email address, then only share that information when requested. If you decide to share anything additional, keep a record of what else you shared and where, so you can later make a request to have that information removed if necessary.
- Stop personal data leakage: Avoid sharing personal information unless necessary. For example, disable tracking and location data for any smartphone apps that don’t need that information. Take the same approach with devices like smart TVs that often have cameras and microphones—if you aren’t using those features, disable them. For IoT devices, always opt to store data locally rather than send it to the manufacturer.
- Exercise your rights: Whenever possible, you should avail yourself of your right to privacy. Every site that you register on should have a privacy policy. Hardly anyone reads these, but you should make a point to look for an option to opt out of data collection. If there isn’t one, send an email making that request. Consider drafting a generic opt-out request and sending that to the site anytime you create a new account.
Some states have begun rolling out laws that afford residents the right to request deletion of personal information. For instance, California grants its residents the right to request deletion of any data that a company has collected from them, while Virginia’s Consumer Data Protection Act enables residents to request that companies cease publishing any personal data they hold, regardless of who collected it. Some companies, such as Spotify, Uber and Twitter, will honor data deletion requests even from people living outside these states.
Wherever you live, you can submit requests to specific websites to not publish your data. However, this is a time-consuming, manual process with mixed results. Upon receiving such a request, some companies will cease posting your data, while others will soon buy another aggregated list that includes your information, putting you back into their published databases. Another approach is requesting that Google remove you from their search results.
- Utilize a reputation management service: There are many companies that offer to remove your personal data from the internet by submitting do not publish requests on your behalf; however, the effectiveness of these services can vary. Alternatively, you can access a list of data brokers that have your data, such as the one at onerep.com, then send data deletion requests to each.
- Protect your child’s privacy at school: Education technology companies regularly capture student information to store or share, with little accountability or oversight. Over the years, this data can accumulate into comprehensive dossiers documenting students’ lives from childhood to adulthood. You should consider opting your children out of these school programs when possible. Otherwise, create a throw-away email account without providing your child’s real name or personal information, and use that account when signing them up for school-related applications or online accounts.
Looking for more insight into the fast-changing world of privacy and data protection? MBL Technologies offers comprehensive privacy services, including privacy risk assessments, breach response, regulatory compliance and training. Contact us today to learn more!
