How to Tell If a Company Is Taking Your Private Data Seriously
By following these protective measures, you can reduce the risk that you’ll end up victimized by a company with sloppy security—and the criminals that prey upon them.
Data breaches and malicious hacks unfortunately are a common occurrence. Every year, more companies admit that they’ve fallen victim to a hack or security breach. Their customers end up dealing with the fallout, including identity theft and long-term financial consequences.
The average U.S. internet user had over 150 different online accounts in 2017; each of those accounts required a password and other login details.
The problem is that no one can remember 150 different passwords—and most people reuse their passwords or forget them, which leads to the consumer having to request login details sent to their email. Over the last few years, email providers like Yahoo have been breached as well, leaving login details for many different accounts wide open for exploiting.
With such a dismal outlook, how can you know that a company is going to protect your information? Thankfully there are several actions you can take to help protect yourself.
Operate on a Need-to-Know Basis
Companies use your data as currency.
We’ve all done it—filled out an online form without really thinking about what we’re giving away or why the form is requesting it. But each time you hand over your email address, date of birth, or any other detail about yourself, you’re giving the company on the other end information they may not even need—and may not manage appropriately.
In many cases, companies use your data as currency. They’ll offer something for “free,” such as a guide to something, premium access, or some tangible object you might be interested in. All you need to do is enter your email, or name, or address, or other personal information. You get what you signed up for, but now that the company has that information, they’re free to do as they wish with it—and chances are you didn’t read their privacy policy to see what that includes.
The single easiest thing you can do to ensure that a company protects your information is not to give it to them unless they actually, absolutely need it. Next time you put your personal details into a web form, or sign up for a new account online, think about each piece of information. Is it something they need? If you know that they don’t need it, consider leaving it out. If it’s mandatory, you may want to reconsider whether you really need what the company is offering.
Check for Past Data Breaches and Security Problems
Another way you can check up on companies is by putting your email address into the search bar at http://haveibeenpwned.com. This will tell you if your information has already been compromised, and by whom.
The site, run by web security expert Troy Hunt, also maintains a list of companies whose data breaches have been added to their list. This gives readers an idea of which companies have already been caught failing to protect their users’ accounts.
If you see a company on this list, you may want to think twice before opening an account with them.
Read and Ask Questions About the Privacy Policy
The privacy policy outlines how companies will use your data—and whether they will sell it to a third party for marketing purposes.
This can end up being more difficult than it sounds. The average privacy policy, according to researchers at Carnegie Mellon, is 2500 words—a ten-minute read. What’s more, they’re written entirely in legalese, so they’re not the easiest to understand.
While many people think that the existence of a privacy policy means that a company protects your private information, that’s not the case. It actually means that the company has outlined how it will use your data—and that could even include selling it to a third party for marketing purposes.
When you are looking at signing up for an account or purchasing something, take the time to go through the privacy policy. Ask questions if you need to, including whether the company will be building a profile and what that profile will be used for.
Rather than wade through the legal language, you can use the search tool in your browser to find words like “marketing,” “waive,” or “opt-out.” Those terms can point to the parts that could have the biggest effect on your decision to buy from or deal with that company.
You Can’t Put a Price on Peace of Mind
Taking these extra steps can add a bit of time to your online dealings; you might wind up having to postpone a purchase. But the potential risks of identity theft, spam, telemarketers, and more are well worth the extra effort.
Not every company goes the extra mile to protect its customers’ information. Sadly, some companies don’t even do the bare minimum. But with the protective measures outlined above, you can reduce the risk that you’ll end up victimized by a company with sloppy security—and the criminals that prey upon them.
Bill Hess founded PixelPrivacy.com, a blog that wants to make the world of online security accessible to everyone. Visit the site if you’re interested in keeping your private information private.