Volume 8, Issue 5
Do You Know Where Your Personal Information Is? - pdf
From the Desk of Thomas D. Smith, Chief Information Security Officer
As consumers of online services, we create personal information through our use of social media, online shopping, and many other activities. Public records are also an online source of information about individuals. It is important to be aware that once personal data is posted online, it can be difficult to remove.
Your online habits and tolerance for risk can change over time. The information that you felt comfortable sharing publicly a few years ago may not seem like information you would want to share now. You may have found information about yourself online that is incorrect, misleading, or you simply want removed.
Below are some considerations on how to take ownership and control of your personal information online:
See what information about you is available online
- Search engines will help you to do a quick query of your public information. You can also take a proactive approach to set up alerts for search terms of your name.
- Data service sites have massive amounts of data compiled from a variety of sources, including public records and social networking sites. This data can be used by credit issuers, criminal profilers, employers, and others for any number of purposes, not necessarily intended by the data service providers.
Clean up the data you can control
- Information that is under your control includes your social networking profiles. In addition, there could be information about you on old blog postings, postings on a friend's web site, an old dating profile, picture sharing account, or any other services that you used but no longer find necessary.
- Review the accounts for which you have access. You basically have three options-remove the data, modify the privacy settings, and/or request that the account be deleted. If you are going to request that the account be deleted, be sure to remove all of the data first. Also, request that the account be deleted rather than deactivated.
Request cleanup of data you don't control
- Request cleanup of data you don't control by contacting site owners. If the site does not have contact information easily visible, you can look it up using the "WHOIS" service to find an administrative and technical contact for the site. A "WHOIS" query can be done by visiting the website http://whois.net/.
Opt out of data service providers
- The data service provider is a company or group that will provide lists of contact information to individuals or companies that request it. They often charge a fee for this information. In many cases, data service providers provide individuals with the ability to opt out of having their data published. It is important to bear in mind that these services are aggregators, so the original source provider of the information will also likely have to be contacted to remove your information. The Privacy Rights Clearinghouse publishes the opt-out URL for over 240 of these types of services.
The maintenance of your online data requires discipline and regular review. What if there is misinformation being posted about you that you cannot get removed through the steps discussed above? Then it is time to consider using a professional service. These services will constantly search for, analyze, and remove data that you don't want public. Review the service terms carefully from these companies to ensure the service you desire is what is being provided.
The best course of action is to be aggressive about maintaining a cycle of checking your public data and removing items which don't match your current risk tolerance.
- Privacy Rights Clearinghouse Opt-Out Urls: www.privacyrights.org/online-information-brokers-list
- Google support page for removal of data: support.google.com/webmasters/bin/answer.py?hl=en&answer=164133&topic=1724262&ctx=topic
- IT World Article, "Rescue your Online Reputation": www.itworld.com/it-managementstrategy/212115/seven-ways-rescue-your-online-reputation?page=0,2
- Times Article "How to Fix (or Kill) Web Data About You": www.nytimes.com/2011/04/14/technology/personaltech/14basics.html?_r=0
For more monthly cyber security newsletter tips, visit:
The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Acting Chief Information Security Officer
- Cyber Security Home
- Incident Reporting
- Breach Notification
- Cyber Advisories
- NYS Digital Forensics
- Cyber Tips Newsletter
- Keeping Kids Safe Online
- Local Government
- Policies and Resources
- NY-ISAC Secure Portal