It’s OK to feel a bit ambivalent about data privacy right now. For years, privacy experts have been telling us we need more control of our personal information and how others use it. However, governments are now asking people to give up some of this control to contain the spread of the coronavirus. Such an abrupt about-face is bound to give rise to uncertainty, fear, and lots of questions about the tradeoff between privacy and protecting community health.
While there are some valid reasons to share some personal information right now, it’s important to understand when an organization is using your information for a good cause and when it is violating your privacy.
These are the key questions you need to ask yourself before giving away your personal information online:
- Is this request legitimate?
- Do you understand what you’re agreeing to?
- Are they asking for more information than they need?
- Are they asking in a scammy way?
- Is their website secure?
Below, we’ll discuss which red flags to look for and how to determine if the business you’re considering is likely to keep your information secure.
Is this request legitimate?
Before you hand over your personal data to anyone, you need to consider the purpose behind the request. Is the company just looking for another way to make money off of you, or is there a legitimate use for this information?
Here are some examples of legitimate requests for your personal information:
- To fill your order
- To contact you
- To make products or services work
- To improve customer service
Gathering information for the public good is also a legitimate request right now. In fact, a recent Harris Poll showed that 81% of people are fine with tech companies doing contact tracing by collecting anonymized information about who has the coronavirus.
“There are times that not using the information that we have is morally hard to defend, and I think this is one of them.” Michelle Mello, a health law professor at Stanford University
Some unacceptable reasons to ask for your information include:
- To target ads to you
- To sell or share your data to third-party companies
- To track your online or offline movements
Do you understand what you’re agreeing to?
Sometimes, a company will ask for your information for a logical, business reason, only to turn around and use your data in a way you never agreed to—or in a way you didn’t know you were agreeing to because you didn’t read the company’s privacy policy.
Privacy policies are notoriously difficult for the average person to understand. In fact, BBC research showed that the majority of social media privacy policies are written for university-level readers. Spotify’s privacy policy, for instance, is 13,000 words long and takes most people nearly one hour to read.
When you consider the fact that the average American reads at a third- or fourth-grade level, it’s not surprising that most people don’t comprehend exactly how much information they are agreeing to give up.
Knowing this, you should always take the time to carefully read through every privacy policy to verify:
- What kind of data the company gathers about you
- Whether the business shares your personal (or nonpersonal) information
- What entities receive your information—and what they do with it
- Whether you can opt out of information sharing—and how to do so
If a privacy policy is hard to find, overly long, or full of obscure language, then you know you need to be on your guard. But, there are some good signs to watch for too.
Some businesses are including condensed versions of their privacy policies up front, in simple language, to help you better understand what you’re agreeing to when you use their services. A good example of this is Twitter, which prefaces its privacy policy with five key takeaways to help you focus on the basics underpinning the longer document.
Are they asking for more information than they need?
Companies should limit what data they collect to what they need to make a product or service work and to communicate with you. When someone wants to know marketing information, like your age, gender, and education level, you should avoid answering.
“Every time you sign up for an app, in many cases, that app is going to ask for access to your photos, access to your location, access to your music files, whatever you’re listening to. You’re potentially giving up a whole lot of information.”—Brian Vecci, field chief technology officer for the cybersecurity firm Varonis
Starbucks, for example, collects much more information than it needs to serve you coffee. According to its privacy policy, it records which websites you visit, when and for how long you stay on a site, and what kind of ads you click on or scroll over. The company also shares your activity on its website and app with your social media networks.
Are they asking in a scammy way?
Whether you should give an organization your personal information also depends on the method it uses to ask for it.
The following methods indicate that the organization contacting you isn’t trustworthy:
- Via phone call—Never give out personal information over the phone. These calls are usually scams. If an unsolicited caller says he or she needs your account information, you should hang up and contact the company directly to verify that it’s the one who placed the call.
- Via email—The same logic applies to email requests for your account numbers, usernames, and passwords. These messages, called “phishing” emails, usually imply that there’s a problem with one of your online accounts and you need to provide your private information to fix the problem. These emails usually contain a link that takes you to a fake website designed to harvest your data. Don’t click on it. Instead, report the scammer to the company he or she is impersonating.
Is their website secure?
Before you enter any sensitive information on a web form, you should check that the site can protect your data as it travels across the web.
Here are two ways to tell a site is safe:
- The URL begins with “https”—This means the site is using an SSL (Secure Sockets Layer) connection and will encrypt all your data before sending it to a server.
- You see a “lock” icon on the website—The lock icon tells you that anything you send via the site is private. Different browsers may display this icon in different locations. If you use Chrome, for example, the icon appears in the address bar. Make sure to click on the icon to see how secure the browser thinks the site actually is.
These red flags that indicate a site isn’t safe:
- A circle with an “i” in the center—This symbol indicates that the browser needs more information or the connection isn’t private. Be cautious about entering your personal information on these types of sites.
- A red triangle with an exclamation mark inside—This tells you that the site is dangerous. There is something very wrong with the privacy of this connection. Do not enter any sensitive information on sites that display this symbol.
- A “Your connection is not private” error—If you see this message, then there is a security problem with your device, the website, or the network. To fix the problem, you’ll need to follow your browser’s troubleshooting procedures. After you’ve resolved the issue, you can safely enter your information.
*****
Your digital privacy has never been more important—or quite so vulnerable. If you need help protecting your personal data, please give us a call. We are more than happy to provide free guidance on the best ways to safeguard your sensitive information.