May 2013 – Do You Know Where Your Personal Information Is?

Posted on May 28, 2013 in Cyber Security Newsletters

Click here to download the Newsletter in PDF format

The amount of data on the Internet is staggering.

As consumers of online services, we create information through our use of social media, online shopping, and many other activities.  Public records are also a source of information about individuals, which can get posted online.  It is important to be aware that once this data is online, that can be difficult to remove.

Your habits and tolerance for risk can change over time.  The information that you felt comfortable sharing publicly a few years ago may seem like information that you’d now rather take back.  You may have found information about you online that is incorrect, misleading, or you simply want to get it removed.  Below are some considerations on how to take ownership and control the data about you.

See what information about you is available online

It can sometimes be shocking how much information is collected about you and publicly available.  The search engines will help you to do a quick query of your public information.  You can also take a proactive approach to set up alerts for search terms of your name.

Data service sites such as Spokeo and Pipl have massive amounts of data compiled from a variety of sources, including public records and social networking sites about individuals.  This data can be used by credit issuers, criminal profilers, employers, and others for any number of purposes, not necessarily intended by the data service providers.

The first reaction to seeing your data might be “Oh my, that’s scary”, followed shortly by, “How do I remove this?”  If you’ve experienced a similar reaction then take the following measures outlined below.  Be aware that some information posted about you is within your control, some of it is not.

Clean up the data you can control

Information that is under your control includes information that you have posted, such as your social networking profiles and related information.  In addition, there could be information about you on old blog postings, postings on a friend’s web site, an old dating profile, picture sharing account, or any other services that were useful at a point in time for you, but no longer necessary.

Review the accounts that you have access to.  You basically have three options—remove the data, modify the privacy settings, and/or request that the account be deleted.  If you are going to request that the account be deleted, be sure to first remove all of the data.  Be sure to request that the account be deleted rather than deactivated.

Request cleanup of data you don’t control

Contact site owners.  If the site does not have contact information for the site owners easily visible, you can look it up using the “WHOIS” service to give you an administrative and technical contact for the site.  A “WHOIS” query can be done by visiting the website:  https://whois.net/.

Opt out of data service providers.  The data service provider is a company or group that will provide lists of contact information to individuals or companies that request it.  They often charge a fee for this information.  In many cases, data service providers provide individuals with the ability to opt out of having their data published.  It is important to bear in mind that these services are aggregators, so the original source provider of the information will also likely have to be contacted to remove your information.  The Privacy Rights Clearinghouse publishes the opt-out URL for over 240 of these types of services. 

Use a professional service.  The maintenance of your online data requires discipline and regular review.  What if there is misinformation being posted about you that you cannot get removed through the steps discussed above?  Then it is time to consider using a professional service.  These services will constantly search for, analyze, and remove data that you don’t want public.  Review the service terms carefully from these companies to ensure the service you desire is what is being provided. 

The best course of action that you can take is to be aggressive about maintaining a cycle of checking your public data and removing items which don’t match your current risk tolerance.

Resources for more information:

For additional information, please visit the following resources:

 

For more monthly cyber security newsletter tips visit:

https://www.msisac.org/awareness/news/