How to Protect Yourself and Your Data (and Your Family’s Data)
Others have recommended this first data protection tactic before, Credit Report Freezing. You may have heard elsewhere that you can control your credit reports at the credit agency level. If you ever need a car loan, house or credit card, you can temporarily unfreeze with specific agencies to grant access to the creditor. We’ve included the contact information for the top Credit Bureaus:
- Equifax 1-800-349-9960 https://www.equifax.com
- Experian 1-888-397-3742 https://www.experian.com
- TransUnion 1-888-909-8872 https://www.transunion.com/
- Innovis 1-800-540-2505 https://www.innovis.com/
If freezing your Credit Reports is too extreme, another way to monitor your accounts is to sign-up for Credit Karma. It’s free and useful. Additionally, most credit and bank accounts will provide monitoring and reporting to you free of charge.
Speaking of Credit Reports, you should pull, review and adjust any mistakes annually by getting a free report from: https://www.annualcreditreport.com. This is a government sponsored website.
Get your phone numbers, emails and addresses off of those marketing lists by clicking those unsubscribe and opt-out links. For further protection at the direct mail level, you can have yourself removed from mailing and phone lists by visiting:
Please stop signing up for promotions, free stuff, gear or other contests. It’s disappointing, but these ones are big offenders of sharing and selling your data.
Lastly, read the fine print. Even your cable company can now sell and share your data!
Secure your Work Data:
We are referring to getting your employment data to those that need it during a time of review (buying a house, car, etc). By visiting https://www.theworknumber.com/Employees/DataReport/, you can find that Equifax has a secure tool to share your data with those that need it. Nice, give them more data!
Additionally, don’t consider your own workplace safe with data. Guard your company’s data and your work product vigorously with the intent to keep your data secure at all times. Lock your monitor when you’re away from your desk, watch out for phishing/hacking/virus attempts from your work email and only give data to those that have access to it.
Make Shredding Your Documents a Personal Habit
Your personal information is what identity thieves are after and I recommend that you shred all of your personal documents and then some. This tip may sound like an obvious and easy personal data protection, but it is often overlooked the amount of personal data available to a nefarious actor in simply the junk letters and mail that you receive at home; let alone your personal financial documents.
You should also be shredding with a good, cross-cut shredder that leaves crinkled, small cuts of paper. Period. The strip shredders can still be reconstructed by the right person with the right motivation. (Oh, and feel free to recycle too)
Finally, you absolutely need to be shredding these five types of documents:
- Any documents with Personally Identifiable Information or Data (Social Security, Pins, Addresses, Travel, Home, etc);
- Junk Mail, Marketing Offers, Credit Card or Loan Offers (Junk mail usually has a bar code on it that may contain personally identifying information!);
- Any documents with Account, Bank or Credit Line Information;
- Legal Documents;
- Documents related to your Children; even school related or schedules.
You are really harming yourself if any of these documents land in the hands of a malicious actor, hacker or thief. You’re basically making their jobs way easier, friend.
Lobby Your Government for Change:
There’s a legislative concept that I enjoy, which is:
We need to start fining companies when personal user data is lost or compromised. News would report on companies getting fined for terrible information security practices, which also makes it clear what data security problems are hackers and which are data negligence. Companies need an incentive to spend money on securing their data and our data.
If a corporation holds data records about a person and they do not protect that data or those records are leaked, a fine of $100-1000 (depending on severity) per record must immediately be paid to a supervising government agency. The impacted people can then receive their share of the fine upon request.
The solution I presented seems extreme, however under that system, companies would focus on spending more resources toward information security or risk being fined out of existence if they chose to not protect your data. However, immediately you will have to determine concepts such as: what is a data record? what is a data leak? Who was responsible? Etc. Not really an issue considering our Judicial system is extremely well-practiced at creating robust definitions for abstract things. within our current paradigm, but it (or something like it) must come to pass if we are to have any hope of avoiding information dystopia.
As someone who worked extensively on HIPAA covered data, systems, policies, and operations I’ve come to the conclusion that we need a “HIPAA for Personal Data” and there are only three options to consider:
- Mandate no data protection;
- Mandate how companies must behave to be compliant;
- Generally, mandate what compliance results in and how to go about implementation.
Of these options, Option 3 is the most convenient and comprehensive personal data security practice.
If a company isn’t willing to make a best effort to comply (which is specifically worded into HIPAA and substantially reduces penalties), then I’d rather they not be able to touch my personal data anyway.
There is a start of a “HIPAA for data and information security”, as we welcome to the European Union’s General Data Protection Regulation (GDPR) to our conversation about personal data security. What’s the GDPR all about?
The European Union (EU) is cracking down on US tech firm’s data collection activities and the GDPR is the set of laws which is seeking to restrict data breaches and information security. Most of the GDPR is about informed consent, having a valid reason for processing personal data and individual rights, and to enable regulators to impose crippling fines. You can read more over at Wikipedia about it.
The EU and GDPR seem to be doing exactly what many people are asking for but there are many accusations that this is a restriction on US trade, or some kind of EU tech envy. Weird, you can’t have it both ways folks and personal data security is very important to your individual freedoms.
Maybe we will see a similar law in the US soon. However, this is something you can do to increase your personal data security today: write your Congress(man|woman) or Senators (both at the federal and state level) to start the discussion of your privacy and data security. Please do in your spare time (and remember, physical letters are more effective than emails, faxes or phone calls).
Thanks for reading, “Protecting Yourself, Your Online Data and Your Digital Finger Print. “
Photo by Got Credit