Wales

Privacy

Maintaining privacy whilst online is essential in avoiding identity theft and fraud. Apart from these risks, however, there is personal information about you which you undoubtedly do not want to reveal to certain other people.

It is surprisingly easy to inadvertently give away your personal information online, especially when prompted to do so by an email, on social networking sites or on company websites requesting information which they do not necessarily need to do business with you.

In addition, certain organisations hold information about you which enables you to carry out transactions with them. These include government departments such as HMRC, financial institutions such as banks, building societies and insurance companies, retailers, search engines … the list is virtually endless. They are all subject to the General Data Protection Regulation (GDPR), but you still need to be vigilant about their use of your data.

The risks

  • Identity theft
  • Blackmail/extortion
  • Defamation of character
  • Unsolicited selling and marketing
  • People using awareness of your activities and movements to act against you
  • Employers using the information to exploit you

How your privacy can be compromised

  • Unencrypted email and most website interactions can be monitored, including by your employer and your ISP.
  • Via phishing – where an illicit email prompts you to click on a link to a bogus website which will collect your private or financial information.
  • Via vishing (short for ‘voice phishing’), where fraudsters call you either on the phone or in person, to collect your private or financial information.
  • Using unsecured WiFi networks – both in the home/office and when out and about.
  • Using unencrypted links for sensitive communications (for example not using a VPN to connect to the office).
  • Not using secure websites when banking or making online payments, including those for purchases.
  • Not using strong passwords, not regularly changing passwords, not using passwords at all or revealing passwords to other people.
  • Not using a secure email or webmail account.
  • Using a work email account for personal email.
  • Staying logged in to a website or email account when the computer/smartphone/tablet is going to be used by somebody else.
  • Via spyware and viruses, including those that log your keystrokes to determine your online activity.
  • Via physical keystroke loggers attached to the keyboard cable.
  • Not storing personal or financial documents securely.
  • Not shredding unwanted personal or financial documents.
  • Being taken into people’s confidence too easily.

Maintaining your privacy

  • Ensure you always have effective and updated antivirus/antispyware software running.
  • In a public or work environment, check your computer physically for any unusual devices that may be plugged in, especially on the keyboard cable.
  • Use secure websites when shopping or banking online.
  • Log out of secure websites when you have finished your transaction, as closing the window may not automatically log you out of the site.
  • Use strong passwords, change your passwords regularly and never reveal them to other people.
  • Avoid using a work email address for personal use. Instead, have a separate, private email address for private business.
  • Make sure your home/office WiFi network is secured.
  • Store personal and financial documents securely.
  • Shred unwanted personal or financial documents.
  • Be careful to whom you disclose personal information.
  • Where possible, avoid using your real name online.
  • Be cautious about who is trying to befriend you online including via email and social networks/dating sites.
  • Be wary of disclosing personal information on a work or personal web site.
  • Use a disposable, anonymous webmail account for websites that demand an email address to register.
  • Set clear guidelines for children about when and how they can reveal information.

Additional information

Under the General Data Protection Regulation, you are legally entitled to request a copy of all the personal data that an organisation holds on you, known as a subject access request.

Click here to access the Information Commissioners Office

 

 

See Also...

In partnership with

Jargon Buster

A Glossary of terms used in this article:

WiFi

A local area network which uses radio signals instead of a wire to transmit data.

Virtual Private Network

Virtual Private Network: a method of creating a secure connection between two points over the internet. Normally used only for business-to-business communications.

ISP

Internet Service Provider: a company that provides access to the internet.

Identity theft

The crime of impersonating someone – by using their private information – for financial gain.