Data Privacy Day is a reminder for just how unsecure our digital lives really are. Normally, I comment on data protection and privacy for businesses and enterprises, but on a day like today, I feel it is appropriate to comment on some things we can do from a personal point of view.
Here are some simple actions you can take, starting today, which can help reduce the possibility of digital security incidents affecting your life:
Use a Password Manager Application and Vault
SecurityMagazine.com published an article back in Nov 2017 that said the average business user has to keep track of 191 passwords. Thankfully, there are tools like password managers and many companies make use of them. There are also options available for private persons. Let 2020 be the decade you finally stop using yellow sticky notes to store your personal passwords and user IDs.
Always use a VPN
You probably use one for work, so why not use one for your personal stuff too? Using a VPN is especially important when you connect to the free Wi-Fi at cafés, airports, etc., and even more so if the network doesn’t even require a password to connect. VPNs allow you to browse safely, even if someone is monitoring traffic on the network. Monitoring traffic on unsecured networks is incredibly easy; YouTube tutorials abound.
Use Encryption for Mail, Calendars, and Messaging
The range of protection for email messages and calendars can vary. Consider whether your email client uses encryption or where your data will be stored. Additionally, check whether any messaging apps you use deploy end-to-end encryption for personal messaging. Whichever app and email clients you choose in the end, they should be ones that provide you with the security peace of mind you need.
Access only websites with https:// URLs
HTTPS stands for Hypertext Transfer Protocol Secure. What that means is all the data sent between your web browser and that website is encrypted. This is especially critical if, for example, you're on a website where you log into an account, check your account balance, enter your payment information to make a purchase, etc.
Typically, your browser will display either a lock icon or the words "Not Secure" next to the website's address to indicate whether or not the current page you're on uses https.
Use a SPAM filter for email messages
Limit the type and amount of personal info you share
As a general rule, try to avoid giving our your personal information whenever possible. So the next time you go to a café and they ask for your name, tell them “Patrick Mahomes” (unless you really are Patrick Mahomes, in which case, hi Pat!)
On a more serious note, data privacy regulations typically require organizations to limit the amount of personal information they keep; on the flip side, we as "data subjects" can do our part to limit the amount of personal information we share.
This also applies to the things you post on social media. For example, posting pictures of yourself on vacation, while you're still on vacation, informs everyone who can see your profile that your house is currently empty.
Understand the threats facing your data privacy
- Data breaches are nearly inevitable nowadays. The amount of headlines about breaches are evidence of that.
- You will not always be aware when your data has been compromised and sometimes you won’t be informed at all.
- Your personal data can be exploited by malicious actors, causing all kinds of headaches for you. For example, someone might steal your identity in order to change your party affiliation, take out a mortgage in your name, and open 15 new credit cards.
Once consumers become aware of these risks and understand why data protection is important - only then will we have a chance to do something about it.
Know your rights and how to exercise them
While regulations like GDPR and CCPA made a lot of noise in the industry, many people are still unsure what exactly their rights are, how to exercise those rights, and how to find out if companies are actually compliant (beyond having an icon on their home page claiming as much).
Every data privacy regulation has its own set of rights and interpretation of those rights, but there are certain commonalities among most of them, such as:
- The right to know what data is being collected about you
- The right to know whether your data is sold or shared and who is receiving it
- The right to deletion (aka the right to be forgotten)
Companies are required to include the information in the first two bullet points in their privacy policies. Depending on the regulation, the way deletion requests can be submitted may vary. For GDPR, for example, there is no specific method indicated on how to request your data be deleted, but as with any legal request, it is best to submit them in writing, either on paper, fax, or email so that there's a paper trail and also cite the legislation.