Taking place every year on January 28th, Data Privacy Day is “an international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust.”This day in the US corresponds to Data Protection Day in Europe – the date reflecting the signing of Convention 108 in 1981, the first legally binding international treaty on the topic. In 2022, the National Cybersecurity Alliance decided to expand a single day of awareness into the entire week!
Data privacy is something we take seriously at Q5id and, by extension, here at Q5id Guardian. Take some time this Data Privacy Day to learn more about what data privacy is, why it matters, and how you can guard your data.
What Does Data Privacy Mean?
It’s worth starting with what “privacy” means: generally, it’s the right to be left alone, or the freedom to exist without interference or intrusion. You should, in general, be able to exist in the real world and have a reasonable expectation that your personal life can remain private. This same concept can extend online to data privacy: you have the right to choose what information about yourself is shared with others directly or indirectly through your actions online. Similar to in-person interactions, problematic searches related to national security can and should be flagged – but you should be able to shop online with the same sense of personal privacy that you may have in a physical store.
In a physical store, the shopkeeper can track how many people come into the store, how many of a given item are sold in a day, or what time of day they have the most transactions.
Importantly, none of those data points can be tied to a specific person: it’s the aggregate of interactions with the business. Once people leave a physical shop, their actions afterward can’t be weaponized against them to encourage them to buy more items or cast their political vote a different way.
It’s that freedom to go about your life without surveillance that is integral to data privacy.
Why Should You Care About Your Data?
Platforms such as Facebook, Pinterest, Twitter, gaming websites, or shopping websites and apps are all in the business of getting into your business. If you haven’t heard by now, if the service you’re using is free, then it’s your information that’s being sold.
There’s big bucks in big data, and it’s all about how to sell more to more people.
It’s easy to see ways this can become problematic, even if your data is anonymized before being shared with big data processors. Anonymizing data is when any personally identifiable information is removed from the data set prior to the data being processed and used for things like advertising or research.
Personally Identifiable Information: Any information that enables you to determine who someone is, whether you figure it out directly (name, social security number) or indirectly (gender, zip code, birthdate).
The tricky thing is that it’s actually quite challenging, if not nearly impossible, to completely anonymize data.
We’d all probably care about this a little less if the data was all kept secure, and it was only ever used by the people who collected it for the purposes they collected it for. If Facebook really wants to utilize data on how many cute cat videos are watched every day to optimize their platform for cute cat video consumption, then by all means, optimize away.
The issue is that Facebook isn’t trying to utilize your viewing habit data to serve you the cutest possible cat videos (as lovely as that would be). Facebook, and platforms like it, are using that data to ensure you stay on their app or platform, to advertise to you, or to resell to other platforms to use as they see fit. It may be for academic research, a new marketing initiative, or to drum up support for a political objective. Ultimately, these are all businesses aiming to make money in some way, and your data is one. Data privacy protections in the form of laws and restrictions help protect the individual in the face of rapidly changing digital technologies collecting their information.
In addition to how this data about you could be used, it’s often vulnerable to theft. That anonymized data set is easy to un-anonymize if there are enough available data points, and hackers are becoming increasingly sophisticated in their ability to steal databases and cross-reference that data. It can take as little as 3 data points to identify exactly who you are in a given data set, with only 15 points needed to identify 99.98% of Americans. When a hacker or similar type of bad actor knows who you are, you’re much more at risk for identity theft and other forms of fraud.
What Can You Do to Protect Your Data?
Protecting your data doesn’t have to be a herculean task every time you go online. There are a few ways to protect your accounts and their data, as well as ways to protect your browsing data as you explore the internet.
1: Secure your accounts with MFA
It can seem simple on the surface, but many of us still have far more digital accounts that are insecure than those that are properly secure. Using Multi-Factor Authentication is a significant step to help secure your accounts!
For any account that has potentially identifiable or detailed information about you, such as social media accounts or financial accounts, enable the highest level of multi-factor authentication available. For many online banking accounts, you may be limited to text-based 2FA, which is more challenging to bypass but still relatively easy to circumvent. Accounts with the best security will utilize an authenticator app, such as Q5id Proven Identity or Google Authenticator, depending on the level of security that is appropriate.
Enabling MFA ensures that your data is protected by preventing bad actors from gaining access to your account. This is similar to preventing someone from stealing your checkbook or bank statement. as a gold standard security measure for account access. This protects not just the account holder, but the information of their loved ones stored within the app.
2: Use a password manager
When enabling MFA isn’t possible, using a password manager to help you create and store secure passwords (so you don’t have to remember them yourself) is the next best thing.
A password manager makes it easy for you to create unique passwords for each website or account you’d like to create, and to securely store them. Simply not using the same password across multiple websites drastically reduces your risk of having an account taken over or stolen if there’s a data breach – which also protects your information!
3: Browse the web securely
When clicking a link, check to be sure that the URL is an HTTPS URL.
HTTPS literally means “HyperText Transfer Protocol Secure” – it’s the secure communication of a website with your home computer. By using HTTPS, the connection to a given website is encrypted, which prevents tampering by third parties and protects the data being transferred between the two points.
This is even more important to monitor if you’re accessing websites over a public WiFi connection, such as at a coffee shop or the airport. In public places, it’s more likely that someone may ‘spy’ on your browsing habits or otherwise monitor your activity without your knowledge.
4: Create an alternate email address for social media accounts
One of the ways websites such as Facebook or e-commerce stores monitor your activity and market to you is through the use of a single email address across multiple websites.
A way to protect your information is to use a different email address for social media accounts than the one you use to log in to your sensitive financial or identity accounts. Your login email for Facebook, for example, could be a Gmail or Yahoo Mail account – but you should set up your bank account and tax filing information with a Hotmail or other personal email address.
Using different email providers allows you to use alternate email accounts as a restoration option (if someone takes over your Gmail account, you can send a restore code to your Outlook email, for example), and makes it more challenging for your browsing activity to be tracked across multiple platforms.
If you have a Gmail account already, you can create a unique email for every site you log into if you’re feeling ambitious. If you’re using a password manager, this isn’t too hard to do, but it can get unwieldy with large numbers of alternate emails going to the same inbox.
5: Use an ad blocker
There’s numerous tools out there that limit the ability of a website to track you or serve you ads. Using a simple web browser plugin can help limit how much data is collected about you when you visit different websites. There’s a wide range of options, but be aware you may need to disable your ad blocker from time to time to access certain websites or use certain functionalities.
Take Time this Data Privacy Day to Review Your Online Accounts
Take some time today to review your online accounts for security and safety. Go to HaveIBeenPwnded.com and see if your preferred email address has been leaked in a data breach. Check your social media accounts and enable 2FA (or MFA, if it’s available). Set up a password manager and configure it so you can use it easily on both your desktop machine and your mobile phone.
By taking a few steps today, you can protect your information from being collected and potentially exploited without your consent.
Learn more about Data Privacy Day and Data Protection from the International Association of Privacy Professionals or the National Cybersecurity Alliance and their Data Privacy Week initiative.