Chapter 4: Internet Safety / Lesson 18

Protecting Personal Information

Understanding Personal Information

Personal information is any data that can identify you or be used to access your accounts and financial resources. In the digital age, this information is valuable to both legitimate organizations and cybercriminals, making protection essential.

Personal information includes obvious things like your name and address, but also less obvious data like your email address, phone number, date of birth, and even your browsing habits. Understanding what constitutes personal information and how it can be misused is the first step in protecting it effectively.

💡 What Counts as Personal Information

Personal information includes: Identifying information (name, address, phone number, email), financial information (bank accounts, credit cards, Social Security numbers), biometric data (fingerprints, face recognition), online identifiers (IP address, device IDs), location data (GPS coordinates, location history), and behavioral data (browsing habits, purchase history). Even information that seems harmless on its own can be combined with other data to create a detailed profile about you. Protecting all types of personal information is crucial!

Why Personal Information is Valuable

Understanding why your information is valuable helps you protect it better:

  • Identity Theft: Stolen personal information can be used to open accounts, make purchases, or commit fraud in your name
  • Financial Fraud: Financial information can be used to drain bank accounts or make unauthorized purchases
  • Account Takeover: Personal information helps hackers answer security questions and reset passwords
  • Targeted Scams: Scammers use personal information to create convincing phishing attempts and scams
  • Data Brokers: Companies collect and sell personal information to advertisers and other businesses
  • Social Engineering: Hackers use personal information to manipulate you into revealing more sensitive data

The Value of Your Data

Your personal information has value to multiple parties: Criminals use it for identity theft and fraud, advertisers use it to target you with personalized ads, companies use it for marketing and analytics, and governments may collect it for various purposes. Once information is shared online, it can be difficult to control who has access to it. This is why being selective about what you share and who you share it with is so important. Think of your personal information as currency—spend it wisely!

What Information to Protect Most

Not all personal information is equally sensitive. Prioritize protecting:

  • Financial Information: Credit card numbers, bank account numbers, Social Security numbers, and tax information
  • Account Credentials: Passwords, PINs, and security question answers
  • Biometric Data: Fingerprints, face recognition data, and other unique biological identifiers
  • Government IDs: Driver's license numbers, passport numbers, and government identification
  • Medical Information: Health records, insurance information, and medical history
  • Location Data: Your home address, work address, and real-time location information

💡 Prioritizing Protection

Most Critical: Financial account numbers, Social Security numbers, passwords, and government IDs. Very Important: Home address, date of birth, phone numbers, and email addresses. Important: Name, general location, and preferences. Less Critical: Public information already available. Focus your protection efforts on the most sensitive information first. However, remember that even less sensitive information can be combined to create a complete profile, so be cautious about sharing anything unnecessary!

How Information Gets Collected Online

Understanding how your information is collected helps you protect it:

  • Direct Sharing: Information you voluntarily provide when signing up for accounts or filling out forms
  • Cookies and Tracking: Websites track your browsing habits, preferences, and online behavior
  • Social Media: Information you post on social media platforms that's visible to others
  • Public Records: Information from government databases that's legally available to the public
  • Data Breaches: Information stolen when companies you've shared data with are hacked
  • Third-Party Sharing: Companies sharing your information with partners, advertisers, or data brokers

Collection Methods

Your information is collected through: Forms you fill out, websites you visit (tracking), apps you use, social media posts, purchases you make, surveys and quizzes, location services, and data breaches. Much of this collection happens automatically without you realizing it. While you can't prevent all collection, you can limit it by being selective about what you share, adjusting privacy settings, and using privacy-focused tools. Awareness is the first step to protection!

Limiting Information Sharing

Being selective about what you share is the most effective protection strategy:

  • Question Necessity: Before sharing information, ask: "Do they really need this?" Often, requested information isn't actually required
  • Minimal Sharing: Share only what's absolutely necessary—don't provide optional information
  • Use Alternate Information: When possible, use alternate email addresses or phone numbers for non-essential accounts
  • Read Privacy Policies: Understand how companies use your information before sharing it
  • Check Permissions: Review what permissions apps and services request before granting access
  • Think Long-Term: Consider that information shared online often stays online indefinitely

💡 The Sharing Rule

Apply the "need to know" principle: Only share information if the other party genuinely needs it for a legitimate purpose. If you're unsure whether information is required, ask or try leaving optional fields blank. Many forms request information that isn't actually necessary. Remember: Once you share information online, you lose control over how it's used or who accesses it. When in doubt, share less rather than more. It's much easier to share additional information later than to remove information that's already been shared!

Privacy Settings and Controls

Most online services offer privacy settings to control information sharing:

  • Account Settings: Review and adjust privacy settings in all your online accounts
  • Social Media Privacy: Control who can see your posts, profile information, and contact details
  • App Permissions: Review and limit what information apps can access (location, contacts, photos, etc.)
  • Browser Settings: Adjust cookie settings, tracking preferences, and location sharing
  • Advertising Preferences: Opt out of personalized advertising where possible
  • Data Download: Regularly review what information companies have about you

Managing Privacy Settings

Take time to: Review privacy settings on all major accounts (social media, email, shopping), adjust who can see your information (make profiles private when possible), limit data collection (disable location tracking, turn off cookies), opt out of data sharing (when options are available), and regularly check settings (they change when services update). Privacy settings can be complex, but spending time understanding and configuring them is worth the effort. Start with your most-used accounts and work through others over time. Many services default to sharing more information than necessary, so don't assume defaults protect your privacy!

Protecting Information on Forms and Surveys

Be cautious when filling out online forms and surveys:

  • Verify Legitimacy: Make sure forms are from legitimate, trusted organizations before entering sensitive information
  • Check for HTTPS: Only enter personal information on websites with "https://" and a padlock icon
  • Skip Optional Fields: Don't fill in optional fields unless you have a specific reason to do so
  • Avoid Suspicious Surveys: Be wary of online quizzes and surveys that ask for personal information
  • Use Separate Email: Consider using a separate email address for forms and non-essential signups
  • Question Requests: If a form asks for unusual information, question whether it's necessary

💡 Form Safety

Before filling out any form: Verify the website is legitimate (check the URL, look for contact information), ensure it uses HTTPS (secure connection), read the privacy policy if sensitive information is requested, skip optional fields, use alternate email addresses when possible, and trust your instincts—if something feels wrong, don't fill it out. Many scammers create fake forms to collect personal information. When in doubt, contact the organization directly through their official website rather than filling out an unsolicited form!

Safeguarding Financial Information

Financial information requires extra protection:

  • Secure Storage: Never store credit card numbers or bank account information in unsecured locations
  • Encrypted Websites: Only enter financial information on secure, encrypted websites (HTTPS)
  • Monitor Accounts: Regularly review bank and credit card statements for unauthorized transactions
  • Secure Networks: Never enter financial information while on public Wi-Fi networks
  • Limit Sharing: Only provide financial information to trusted, verified businesses
  • Use Secure Payment Methods: Consider using secure payment services like PayPal for online purchases
  • Shred Documents: Shred physical documents containing financial information before disposal

Financial Information Protection

Protect financial information by: Only sharing it with verified, legitimate businesses, using secure payment methods when possible, monitoring accounts regularly for suspicious activity, never storing it insecurely (like in text files or emails), using strong passwords and 2FA on financial accounts, being cautious about where you enter it online, and keeping physical documents secure. Financial information is particularly valuable to criminals, so it deserves extra protection. If you suspect financial information has been compromised, contact your bank immediately and monitor accounts closely!

Protecting Information on Social Media

Social media platforms collect and share significant amounts of personal information:

  • Privacy Settings: Set profiles to private and limit who can see your information
  • Think Before Posting: Consider that posts can be permanent and visible to more people than you intend
  • Avoid Oversharing: Don't share your full address, phone number, or other sensitive details publicly
  • Location Settings: Be cautious about sharing your location, especially your home address
  • Photo Privacy: Be mindful of what's visible in photos (addresses, license plates, etc.)
  • Review Tagging: Control who can tag you in photos and posts

💡 Social Media Privacy

Remember: Information shared on social media is often public or semi-public, even with privacy settings. Don't share: Your full home address, phone numbers, financial information, Social Security numbers, passwords, travel plans (until after you return), or other sensitive details. Consider that employers, colleges, and others may view your social media. Think of social media as a public space—would you share this information with strangers on the street? If not, don't share it online. Privacy settings help, but they're not perfect. When in doubt, don't post!

Using Alternate Identifiers

Using alternate information can help protect your primary personal information:

  • Secondary Email: Create a separate email address for shopping, newsletters, and non-essential accounts
  • Alternate Phone Number: Consider using a secondary phone number for forms and signups
  • Aliases: Use variations of your name or aliases for non-essential accounts when possible
  • PO Boxes: Use PO boxes instead of home addresses when ordering items online
  • Virtual Credit Cards: Some services offer virtual credit card numbers for online purchases
  • Username Variations: Use different usernames across different platforms

Benefits of Alternate Information

Using alternate identifiers helps: Protect your primary email and phone from spam, limit tracking across different services, reduce the amount of information data brokers can connect to you, make it harder for scammers to create complete profiles, and allow you to easily abandon compromised alternate accounts. Think of alternate information as a buffer between your real identity and online services. It's particularly useful for non-essential accounts where you don't need to use your real information!

Recognizing Information Requests

Learning to recognize when information requests are legitimate or suspicious:

  • Legitimate Requests: Government agencies, banks, and verified businesses may need certain information for legitimate purposes
  • Suspicious Requests: Unexpected requests for personal information via email, phone, or text are often scams
  • Verification: If you receive an unexpected request, contact the organization directly to verify it's legitimate
  • Context Matters: Legitimate requests usually come at expected times (like when you initiate contact)
  • Pressure Tactics: Requests that create urgency or pressure are often scams
  • Too Much Information: Requests for excessive or unrelated information are suspicious

💡 Evaluating Requests

Ask yourself: Is this request expected? Does the organization need this information? Is this a secure method of communication? Can I verify this is legitimate? Is there pressure or urgency? If anything seems off, don't provide the information. Instead, contact the organization directly through their official website or phone number to verify the request. Legitimate organizations understand your caution and will help you verify requests. Scammers, however, will pressure you to act quickly!

Data Breaches and Your Information

Even when you protect your information, data breaches at companies can expose it:

  • What Are Data Breaches: Security incidents where hackers steal information from companies' databases
  • You Can't Prevent Them: You can't control how well companies protect your information
  • Check for Exposure: Use services like "Have I Been Pwned" to check if your email has been exposed in breaches
  • Limit Damage: Use unique passwords for each account so one breach doesn't compromise others
  • Monitor Accounts: Watch for suspicious activity after learning of a breach affecting you
  • Freeze Credit: Consider freezing your credit reports to prevent identity theft after major breaches

Responding to Data Breaches

If a company you use experiences a breach: Change your password immediately (and any reused passwords), enable two-factor authentication, monitor accounts for suspicious activity, consider freezing credit reports, check what information was exposed, and follow any guidance the company provides. Remember: The best defense against breaches is limiting what information you share in the first place. The less information companies have about you, the less can be exposed in a breach. This is another reason why minimal information sharing is so important!

Building Information Protection Habits

Develop habits that protect your personal information automatically:

  • Question Before Sharing: Always ask "Do they need this?" before providing information
  • Review Privacy Settings: Periodically review and update privacy settings on all accounts
  • Minimize Sharing: Make minimal information sharing a default habit
  • Stay Informed: Keep up with privacy and security best practices
  • Monitor Accounts: Regularly check accounts and credit reports for suspicious activity
  • Think Long-Term: Consider long-term implications before sharing information online

💡 Making Protection Automatic

Good information protection becomes automatic when you build it into habits. Always question information requests. Default to sharing less rather than more. Regularly review privacy settings. Monitor accounts for suspicious activity. Stay informed about privacy threats. Think of information protection as an ongoing process, not a one-time task. With practice, protecting your personal information becomes second nature. The habits you build today protect you long into the future!

← Previous