With the rise in online activities such as social networking, shopping, and banking, we now share vast amounts of information on the internet, personal and non-personal, but it should ultimately be down to each individual as to how much information they may want to disclose and what it is used for.
Why Your Information is WantedData is a valuable commodity with many online businesses including the giants such as Google, Facebook, and Amazon effectively trading on its value to power their advertising revenues and marketing strategies. These companies use profiling information to target their audiences more specifically for each product and service they are promoting. The more accurate the profile is the better they can judge whether the individual is likely to convert, i.e., respond to the advert and buy the product. How much information you disclose to these companies is ultimately down to personal choice, and it may be that you are willing to give more away in return for more personalized services. The common pitfall for online users when signing up for services they want is to be tempted or encouraged into giving a little extra away without really realizing it.
However, personal information is also used for more nefarious means by people in the criminal world, creating stolen or fake identities under which they commit crimes, most commonly fraud. If you’re not careful you can leave a trail of personal information on the internet which can be obtained and aggregated by anyone without any need to break the law. Many cybercriminals, though, also resort to illegal tactics such as phishing (emailing which misguide you and encourage you to visit a fake site and supply personal information), pharming (where people try to redirect you to fake sites while surfing the net), and malware (viruses which can steal information stored on computers or log activity such as the keystrokes for passwords)
Data Protection Act
It is easy to see that attempts to steal your information would be classed as illegal but some laws govern the appropriate use of data that you have willingly supplied online.
In the UK we are protected by the Data Protection Act. This act applies to all information whether paper-based or electronic and at the heart of it is the stipulation that organizations can only use the personal information they have gathered for the explicit purpose for which you supplied it (this doesn’t apply to non-personal/non-identifiable information). To that end, there are further specific principles such as the requirement that data is not held longer than is required for its purpose and that it is kept secure and accurate.
Organizations can, however, ask for permission to use your information for other purposes when you first supply it. You’ll probably receive a boiler-plate response requesting that you authorize the transfer of your records to a third party should you have any questions or concerns.
If you are operating an online business you are likely to be required to comply with the Data Protection Act as a matter of course. For example, ClickBank is a payment service provider and is required to have a comprehensive 24-hour protection service in place.
Privacy and Electronic Communications
You are also protected by the Privacy and Electronic Communications Regulations which cover the information that organizations use for marketing, data about online behavior, and data on user preferences. The regulations complement the data protection act, providing more detailed guidance for online marketing, ensuring that your information, whether explicitly obtained or gleaned from online activity, cannot be retained, traded, and used for any purpose that you are not benefiting from or have not agreed to. This applies even when the data can’t be used to identify you (e.g., a company just has your telephone number which they want to use for marketing purposes).
Some more practical information on using the regulations can be found on the Department of Banks website which is dedicated to all aspects of online security.
What you can do to protect yourself?
A few simple steps can tell you how to protect yourself on the internet.
1. Look for the “consent” button on a page. It should say “yes” or there should be a similar button next to it.
2. Don’t give out personal information such as full date of birth, addresses, etc unless you are positive.
3. Don’t respond to emails that request personal information or you certainly wouldn’t want to give it.
4. Be aware of any communications that you may receive that look suspiciously. The word for the word often passes as English and if you don’t know the language well enough to decipher it, look at the place where the email is from and ask someone you trust to do it for you.
5. If you receive an email asking for personal information, don’t reply to it. Or if you do, don’t click on any links included in the email. Banks and other institutions will never ask for personal information via email.
More on our secure blog: