What is Information Privacy (Data Privacy)?

Plenty of your personal information is widely available for consumption on the Internet. Simple details like your name, your employer, and your birthday live freely in the wild. This information is largely harmless for outsiders to know. However, there are plenty of details on your online accounts that you don’t want shared with the public. This personal information you don’t want shared publicly on your Facebook account should be kept safe and secure from the public eye, right?

However, despite these wishes, valuable information such as payment details, social security numbers, and more are placed in unwanted hands every year by nefarious attackers. These leaks show a lack of personal information privacy by many of the companies you should trust to keep your information secure. Today we’re going to talk about information privacy (data privacy), its importance in the modern age, and how you can maximize your information privacy on the Internet.

To learn more about PlexTrac, the Purple Teaming Platform, click here.

What is Information Privacy?

Information privacy (often referred to as data privacy) is defined by Techopedia as “the privacy of personal information” and “usually relates to personal data stored on computer systems” or social media accounts. It may go without saying but maintaining information privacy is very important for the credibility of companies. This credibility is widespread and includes the companies who create the devices you use, the companies who program software you download, and companies who require your personal information on live websites.

While most everyone can agree that they want as much personal information as possible to be stored privately, all data is not created equal. The most important data to protect often include medical records, financial and banking data, personal data like your social security number, criminal records, and even business-related records and website data.

Why is Information Privacy Important?

Privacy is key to keeping you safe. Sorry to get all “college lecture-y” on our readers, but we actually need privacy and safety in our lives in order to thrive as humans. According to Simple Psychology, “Maslow’s Hierarchy of Needs is a motivational theory in psychology comprising a five-tier model of human needs, often depicted as hierarchical levels within a pyramid.” Humans need to acquire needs from the bottom of the pyramid before they may build to the next tier of motivation. On the pyramid, safety (which privacy is a big part of) is our second most basic need as a human. Safety is behind only physiological human needs like air, food and sleep on Maslow’s scale. The reason we choose to lock our doors at night is the same reason we should choose to only disclose our personal information to websites who actively protect it; to keep ourselves safe.

(Graphic for Maslow’s Hierarchy)

To be frank, when data that is supposed to be private becomes public, bad things happen. For example, if even a single attacker is able to secure your bank information or social security number, bad things happen. At the least it will be a major inconvenience for you and at most is a tangible (and sometimes large) loss of resources. This works much the same on a larger scale at enterprises, as one data breach or leak of confidential data can spell doom for that company if not properly protected. These are all bad things. This is why you must ensure information privacy, regardless of If you’re an individual or an employee for an enormous company.

U.S. Legislation Relating to Online Information Privacy

Beyond your personal need for and responsibility to information privacy lies a large string of legislation that has been enacted to keep your data safe on the Internet and in the real-world. A few examples of legislation enacted to protect you are listed below:

• Electronic Communications Privacy Act (ECPA): This piece of legislation was created to protect certain wire, oral, and electronic communications from being intercepted, accessed, used, and disclosed by unauthorized individuals.
• The Federal Trade Commission Act (FTC): The FTC Act regulates unfair and deceptive commercial practices. The FTC still remains the primary federal regulator in the privacy sphere in the United States. The FTC brings actions against companies for failing to comply with privacy policies and protect personal information.
• Computer Fraud and Abuse Act (CFAA): The CFAA includes outlawing various computer-related activities. These activities include unauthorized access of a computer to obtain certain information, defraud or obtain anything of value, transmit harmful items, or traffic in computer passwords.
• Health Insurance Portability and Accountability Act (HIPAA): While not solely created for online privacy, HIPAA is very relevant to the Internet. HIPAA involves the protection of HIPAA-covered entities (people with health plans or who use health care providers) from the disclosure of confidential personal information. HIPAA directly extends to protect against the communication and disclosure of said information on the Internet.
• Financial Services Modernization Act (GBLA): The GBLA was created to… wait for it… modernize financial services. This includes the regulation of the collection, use, and disclosure of personal information collected by financial institutions. The primary takeaway from this law is the requirement of both customer notices and the addition of a written information security program.

How Do You Maximize Your Online Information Privacy?

While businesses should be protecting your data on their devices, software, and websites, this is not always the case. You can see real-world examples of customer privacy falling to the wayside with companies like Facebook, Yahoo, and now Twitter. The honest truth is that only you can ensure (or at least maximize) your information privacy online. With this in mind, here are a few tips and takeaways to maximize your information privacy out in the wild (as listed here):

• Check your social privacy settings. Each social media company has different privacy standards and settings. Comb through these and ensure your accounts are secure and maximized against attacks.
• Don’t use public storage for private information. While you may pay for online storage on places like Google and Dropbox, these aren’t great places to store sensitive information. Just one breach to these companies could leave this information ripe for the taking.
• Evade tracking. While some information will inevitably be tracked by companies, use 3^rd party applications, VPNs, and privacy modes on the Internet to help reduce your “Internet footprint” for nefarious attackers.
• Keep your main phone number and email private. While your work email will inevitably be thrown into many company newsletters, it’s important to minimize the disclosure of your main number and email. This information can be used for dangerous social engineering and phishing schemes.
• Use secure passwords. While simple passwords make for easy recall, they are not ideal for accounts that hold confidential information. For any account that you don’t want private information made public use complex passwords with a combination of lower and upper case letters, numbers, and special characters.