Data Privacy Day

28 January, 2023

Today is Data Privacy Day and we spoke with our IT manager John about the importance of protecting our data.

Data Privacy – it can be a bit, well….overwhelming, or hard to figure out why it’s important exactly.  We’re told that it’s important and often we just accept that as being the case. But it can get in the way of things we’re doing on the internet – Booking Tickets? Accept Cookies? Yes – I’m in a hurry and it’ll be fine. Email offering me a ‘refund of an overpayment’ on a bill? I’m with that company, I’ll fill in my details and it’ll be fine…

But Data Privacy is important. We wouldn’t willingly give much of our information – bank details, PPS Number, Date of Birth etc. – to a person we just met in a supermarket, in a café, on a bus. Imagine if a staff member at a supermarket checkout asked you for your PIN number? Would you give it? Think of how easy it is to ignore a ‘refund of an overpayment’ offer that appears to come from a company that we don’t have a contract with. Should we then be cautious of any ‘refund of an overpayment’ offer that appears to come from a company that we do have a contract with?

So, what is Data Privacy?

There’s no shortage of definitions, so let’s take a short and simple one;

Data privacy is the measure of control that people have over who can access their personal information. (https://gdpr.eu/data-privacy/)

Now, here are a few things about ‘the measure of control that people have’:

  • People may not know they have control
  • People may not exercise the control they know they have – by accepting cookies, by accepting default security settings for apps such as Facebook, Twitter etc.
  • People get so caught up in what they’re doing that they forget all about control – accepting cookies by default, willingly giving more information about themselves than is reasonable

In general, most websites we visit offer us the choice of accepting or rejecting cookies – small files that keep some information about our visit to the website – sometimes for a very long time. We can choose to reject cookies. Most apps offer us settings that we can configure to limit who has access to information that we post. We can choose to limit access to information. If we’re willing to accept cookies and we’re willing to let everybody see content that we post online then we’ve made our decision about our control.

But we can trust most websites, right?

Yes and no… Most organisations make sure that their websites work within the legal and regulatory frameworks applying to them. From time to time, we do see disagreements between regulators and organisations in relation to data privacy. It often comes down to an interpretation of something in the legal and regulatory frameworks. Organisations holding information that they shouldn’t have asked for in the first place. Organisations holding information beyond a reasonable timeframe. An organisation’s failure to adequately protect the information that they hold etc.

Then there are websites that we can’t trust. Websites that are pretending to be something they’re not; A copy of a genuine website or a website offering goods or services that will never be delivered etc. There are SMS messages we can’t trust e.g. messages appearing to come from courier companies and service providers asking us to click on a link and fill out some details in a form. And phone calls and emails we can’t trust.

We can see that there are many pitfalls when it comes to privacy, so what steps can we take to protect ourselves?

Here are some suggestions;

  1. Know what information you will never share.
    Familiarise yourself with the ways in which your personal information may be sought – unsolicited emails, SMS messages, phone calls, website forms. Know what information you’ll never share so that you won’t get caught unawares.
  2. Take note: Data Privacy is important.
    Take note of the advice given when being told that Data Privacy is important. Financial institutions frequently tell you that they’ll never ask for passwords, PIN numbers, security codes etc. and they never will. If you’re asked for such information don’t give it and do inform the financial institution to make them aware of what was requested.
  3. Take your time.
    Don’t respond in haste to SMS or email messages. The sender is hoping to get lucky and ‘pressure’ you into a reaction without having you think too much about what you’re doing – pressuring you into clicking on a link and entering information, pressuring you to respond to an email and provide details that you might not otherwise be willing to provide.- Always give yourself more time to consider a few things –
    – Why am I getting this message?
    – Am I expecting this message?
    – Is there a possibility that it’s not genuine?
    – Is it looking for information that I’m unwilling to share?If you’re not sure of the validity of a request, contact the organisation that the message ‘appears to come from’ directly – they’ll be happy to help you.
  4. Make sure your connection is secure
    If you’re shopping online, make sure that the website you’re shopping on is genuine. If you’re not sure, there are websites that will help you to check whether a site is genuine.
    When making payments, make sure that your connection is secure – look for the Lock icon next to the address in your browser’s address bar.
    Don’t use public WiFi for making payments, checking balances etc.
  5. Use a Password Manager
    Don’t use the same password for all your profiles – if your password for one profile is stolen it can open the door to all of your profiles. Consider using a password manager to help you manage multiple passwords.
  6. Multifactor Authentication
    Use Multifactor Authentication (MFA) where possible. Typically this will involve the receipt of a verification code to your phone or email address.

In Conclusion…

The above list isn’t exhaustive – exhausting maybe, but not exhaustive. As we conclude, it’s worth revisiting the earlier definition of Data Privacy;

Data privacy is the measure of control that people have over who can access their personal information.

Take time to understand the measure of control that you have over who can access your personal information and the ways in which you can apply that control to your activities, your profiles, your subscriptions etc. Make sure that the choices you make reflect the control you wish to have over your personal information.

Your personal information has a value to many – protect it to make sure that it’s you who retains control.

«

»

Categories