You are viewing the legacy version of iKeepSafe.org Return to Current Website iKeepSafe

How is Consumer Data Exposed?

info-safeguardA new 1:40 minute video produced by the Federal Trade Commission (FTC) does a good job in explaining to consumers how their everyday actions expose pieces of information – sometimes highly sensitive information – about themselves. The video is a great starting place for consumers, especially youth, with its pragmatic approach and information.

Once you’ve viewed the video – and perhaps discussed it with your kids – there are two more aspects to understand:

  • Why you should care about the collection and resale of your information and,
  • How to take actionable steps to reduce the amount of data collected, sold, traded, and shared about you.

Why the collection and sale of your data matters

Your information is the commodity that drives the internet economy. It is collected through your online (and in-store) actions and the information you share, as well as through the exposure of your information by others.

Every piece of information you post, and every action you take online has value to some company or someone. That isn’t necessarily a bad thing. This trade in information lets you use the websites without paying money for your access, but the information you share may have consequences far beyond those you feel comfortable with.

Consider this example:

“Julia” is 60. She uses the internet to keep up with the news, research information and stay in touch with friends and family. She’s on Twitter with friends, on Facebook with her grandchildren, and on a social networking site for seniors with her interests.

Julia’s profile includes her full name, age, and location. She’s included a short line or two about her interests – chamber orchestra music, gardening, wine and photography. She’s taken a couple of online quizzes of her likes and dislikes which makes it easier for new people to see if they have something in common with her.

In one blog post she notes that she’s fed up with the democratic agenda. In another she talks about her grandkids that come to her house twice a week after school. And she says it’s hard to get motivated to exercise since her breast cancer surgery.

She tweets from the same doughnut shop every morning. On her senior site she joins a wine aficionado group and slyly acknowledges that while she only has one glass of wine a day – she frequently refills that glass several times over!

Julia’s photos Jenny are of grandkids, her dog and nature shots. There’s nothing embarrassing in what she’s posted, she wasn’t mean to anyone, but she doesn’t really understand the far reaching ramifications of what she posts.

The companies behind the websites she uses collect her information – as well as information about the website she was on before she came to their site (ah, she banks at Chase) and the website she navigates to when she leaves – (oh, she went to the appointment scheduling page of a doctor in the ABC medical practice). They collect the type of computer/phone being used (wow, that’s an old HP!), it’s operating system, IP address, location, etc.
The web service companies are likely to cross tab this information with other information collected by data aggregators from government websites like Julia’s her birth certificate – parents’ names, place of birth, date of birth, – and her marriage certificate.

Data aggregators have also collected the birth certificates of her children and grandchildren, her voter record, criminal record (clean), driving record (two speeding tickets in past 18 months). They’ve also gathered information on her deceased husband, what he did for a living (and her projected retirement funds), and information about her home, and previous properties she’s owned.
Crawling the web, data aggregators also see where she’s donated to charities, what her friends are saying about her, what information is discoverable through her photos, and the vehicles she has registered (one car, one boat).

How do others use Julia’s information?

What surprises Julia is that when she chooses to switch auto and boat insurers, she’s denied because of her potential drinking problem, which combined with her speeding tickets could be an expensive mess for the insurance company. She is also denied when she tries to purchase some life insurance – anyone who eats doughnuts every morning, hates to exercise and has already had cancer isn’t seen as a good risk.

Donation requests from music organizations, and catalogs from gardening, and pet supplies companies start showing up on a whole slew of websites Julia visits online – and more arrive in her mailbox.

Her granddaughter discovers she will have to pay more for medical coverage because the insurance company learned through Julia’s posts that breast cancer runs in the family.

Julia falls for an ID theft scam that looked like a request for information from her doctor’s office asking her to reconfirm her billing and insurance data for their records.

To make matters worse, Julia came home last week after her daily doughnut shop meet up, to find her home had been broken into. All of her photography equipment was stolen.

Once Julia recognized how information she posted was affecting her, and her family members, she immediately took down some of her posts. Unfortunately, the data aggregators, and web service companies still have their data sets, so the damage is permanent.

If you take this scenario, and expand it to all the communications, contacts, and digital data collected about you, you’ll begin to see the magnitude of the financial model behind web services and data aggregators, and why protecting your information is critical.

You can reduce the amount of information collected about you.

As a consumer you have many opportunities to manage the amount of information collected about you. Here’s a walkthrough of how to protect the kinds of information used to highlight data collection the video.

  • Loyalty cards in grocery stores – you do not have to use your real information when you fill in information for a loyalty card. Yes, you may miss out on emailed ‘offers’ but you’ll get the same discounts in the stores. I use an old phone number and different name and enjoy all the discounts with none of the privacy invasion.
  • Prescriptions – ask your pharmacy if they sell, trade, or share any information about you or your prescriptions. If they do, find a different pharmacy. With some insurance plans you can order in bulk through your plan and avoid the pharmacy entirely. For over-the-counter medicines, if you’re using a loyalty card see the advice above.
  • Online daily coupons – If you don’t want to have your location tracked and that information sold, don’t use your phone to find these, use your computer. They may know where you live, but they don’t have to know everywhere you go. You may also ask the restaurant or other business offering the coupon if you can get the same deal without using the coupon. Many will say yes.
  • Online ads – when you see an ad for something you’re interested in you can click on the link in the ad – and risk the information about the site you were visiting being collected or shared, or you can go to the website of the company offering the ad on your own using a search engine so your news browsing habits (or whatever else you were doing) is not collected.
  • Quizzes – there is only one purpose for online quizzes – and that’s to get information about you to sell, trade, swap, or share. The best rule is to never take quizzes online. You’ll notice they don’t show any privacy policy, terms of use, explain how your information will be shared or used, and often you don’t even know the company or organization behind it – it may well be a phishing scam through and through.

As the scenario with “Julia” shows, there are more ways for information to be collected than the 5 examples shown in the video. Yet, in each instance where data may be collected you can significantly increase your privacy by asking yourself some thoughtful questions like:

  • Is the information asked for more than a service needs to manage my account?
  • Could the information be used in ways that might harm me or family members in the future?
  • Am I comfortable with the site’s claims of rights to your information?
  • Does the service share your information with others?
  • Will the website remove the information if you ask them to?

Read the terms and conditions of the sites you use or want to use to help answer these questions. If you aren’t comfortable with the answers, consider using a different site or service.

Establish tight privacy settings on your online accounts, and set your search engine preferences to enable private browsing – which means that services cannot not retain information about the sites and pages you visit.

Be sure to have security software installed and set to automatically update so your information isn’t stolen by a virus or other malware program.

Lastly, you can contact any site about their data collection practices and lodge a protest of their privacy invasive practices.

Leaving the decisions about your privacy in the hands of companies and organizations is a mistake. No one will care more about your privacy, or the privacy of your children than you do.

Generation Safe
Blog
Google Plus