Do you understand data privacy?

January 28th is Data Privacy Day. So what is data privacy, and what steps can you take to protect your personal information online? We take a look.
Back to Blog
Written by Staff Writer • Posted on Jan 25, 2016

Over the past year, there have been a number of data breaches involving big companies. If you watch the news regularly, you've heard about federal government and law enforcement wanting access to big tech companies' customer data (like Google, Facebook, and Apple) for security reasons. Companies push back, saying they must protect their customers' privacy.

Some have the misconception that data privacy and data security are the same thing. This misconception is understandable, considering both work hand in hand. The truth is, you can have security without privacy—but you can't have privacy without security. Since this Thursday is Data Privacy Day, we want to dive into the concept of data privacy. So what exactly does it mean?

What is data privacy?

Data privacy is an individual's right to keep one's data to them self and to decide who gets to see that data.

Often, data privacy intersects with consumer rights. Whether it be a form filled out at a business, personal information on a social networking site, or third-party tracking on the Internet, data privacy protects the rights of the individual whose data has been collected. It requires the organization to disclose its privacy practices, telling individuals how their data will be used or shared and giving them access to their own data.

History of data privacy in the US

Unlike other countries, the US doesn't have a dedicated data protection law. Instead, the US has privacy laws that are different for each industry.

In fact, when it comes to Internet privacy laws, everyone from Congress to the FTC has been hesitant to make any changes since the 1990s, too afraid to hurt e-commerce. The FTC is the main regulator when it comes to privacy, and most concerns are addressed through the FTC Act, a general consumer protection law.

In 2000, the FTC issued its Fair Information Practice Principles, otherwise known as FIPP. FIPP is not a law but a set of best practices that have been widely adopted. These guidelines focus on 4 areas: notice, choice, access, and security.

  • Notice means that organizations should tell individuals which information is being collected, how it's being collected, how it's used, how it's stored, and whether the information is shared. Organizations typically do this with privacy policies.

  • Choice refers to the ability to accept or decline the way an organization will use the data described in their notice. Most commonly, this is done by accepting or declining "Terms and Conditions."

  • Access means that an individual should be able to access, review or change their data held by an organization.

  • Security refers to protecting stored data and preventing it from being misused. Keep in mind that an organization can simply say it is providing security and, unfortunately, does not have to meet a particular standard.

Types of personal data

Online, personal data typically falls into 3 categories:

  • Data that automatically collects whether you know it or not, like third parties tracking where you go online.
  • Data that you voluntarily provide, like name, age, date of birth or email address when signing up for a site.
  • Data that can be found freely, like names, numbers and addresses displayed in a phone book, public posts on social media accounts, or even property deed information.

What can you do to ensure your data stays private?

  1. Make sure your Internet browser's privacy features are enabled.
  2. Update your browser regularly to take advantage of security patches and new features like private browsing.
  3. Before you sign up for an online service or organization, make sure the site is secure. Look in the address bar for a padlock icon. This indicates that the website uses SSL, a security measure that encrypts its data.
  4. Don't provide more information than is necessary. Required information is usually marked with an asterisk (*).
  5. Consider reading the organization's privacy policy or "Terms and Conditions." Most people just check the box without reading. These policies will let you know how an organization plans on using your data.
  6. When you sign up for an online service, understand whether the account is public or private. Take Twitter for example. By default, your account is public. This can easily be changed to private, but if you didn't know the default setting, you would publish information that anyone can see.

Understanding data privacy will help you keep your personal information private. If you would like help with your online privacy settings, check in with a friendly Technology Advisor. We're happy to review best practices with you and make sure your information is secure.

Each week, Bask sends fun educational content to our thousands of members and email subscribers. Improve your technology know-how with tips, tricks, history, news and more by signing up for our newsletter today!