Protecting Personal Information: Tips for Consumers and Companies

One key aspect of privacy in the current age is controlling and protecting personal information that is gathered about you over the internet and across other digital mediums. Earlier this month we began our discussion of personal privacy in the digital age with an overview of the practice of data tracking. Data tracking occurs when organizations like online service providers or commerce sites capture everything from your internet search terms, to purchasing habits, to IP location. We reviewed how organizations are leveraging that data, and how to opt out of data tracking if desired.

In this post, our focus is on protecting personal information that people are prompted to provide to execute transactions, browse certain sites, or share online. We all regularly face the requests, so it’s important to think consciously about where you share such data. Further, as business executives, many of you will sit on the other side of the table, making decisions about what kind of personal information to collect from consumers or clients, and how to be effective at doing so. This also requires intentionality, lest you expose someone to undue risk.

Protecting Personal Information

Information like social security numbers, credit card numbers, addresses, and phone numbers are requested by a variety of companies and institutions. Additionally, most people have online accounts that contain health and financial information. As a consumer who is likely to share or digitally store such personal information, it’s your responsibility to manage your cybersecurity.

Here are a few key ways to protect yourself:

Use Strong Passwords: It’s critical to use strong – and different – passwords across your devices, apps, and frequently visited web sites, and do not share your passwords with others. For more sensitive accounts, consider using “two factor” authentication – a system whereby something you know (e.g. the password) is coupled with something you possess (e.g. a phone to which a code is sent) – to increase security. Alternately, leveraging a social login system is efficient and convenient when available. Social logins, or single sign-on systems, enable people to use the password given to one provider as the login credentials for another (e.g. using your Facebook or Google login to access a third party site). Although this practice provides sites like Facebook with information about your actions, it’s generally considered a secure option, since your password isn’t passed along to every site.

Monitor Geo-Location Data: Commonly referred to as “location services,” many apps use local cellular data, Wi-Fi, Bluetooth, GPS, and cell tower location data to track your whereabouts. (The combination of sources works better than GPS alone, and is kinder to battery life.) Sharing your location data enables you to get directions, find nearby restaurants, hail a taxi, map your run, and a myriad of other activities. While the benefit list is long, it’s important to realize you are sharing private information and caution is crucial. For example, a geo-tagged photo you post on social media can allow criminals to know you are in the Bahamas, not at home. When browsing on the internet on your computer, websites can see where you’re located. To prevent this, some people might like to use a proxy service from to make sure their location is hidden whilst they’re browsing. This should increase security.

Limit Stored Credit Card Data: Online purchasing obviously requires a form of payment, and many people use credit or debit cards to make purchases. Most commerce sites/apps offer the ability to save the card information, and while this offers convenience and speed for stores you regularly visit, it also increases the risk of fraud. Limit the places where you store data or consider using a service like PayPal or Google Wallet. While not necessarily more secure than a commerce site, it means just one provider has your account data.

It’s also important to take advantage of lock screens and other security features on your devices. Regularly update your operating systems, as these updates often include patches to address security issues that have been discovered. Further, don’t use potentially insecure public Wifi networks, like those found at airports or cafes, to execute more sensitive transactions like shopping or banking. MIT offers additional safe computing tips.

Collecting and Protecting Others’ Personal Information

Collecting data from consumers is necessary for many businesses to function, but it is a significant responsibility. With the massive data breaches that occur periodically, it’s not surprising that people worry if government agencies and major corporations can protect the data they collect.

Nonetheless, a Columbia Business School study showed that consumers are actually willing to share their personal data, provided they gain added value. According to this study, two main factors determine willingness to share: (1) the trust the person has in the company and (2) the potential added value s/he gets from sharing the data. In other words, “even protective consumers do not mind sharing their personal information as long as they benefit from relevant offers and value.”

According to the study, the type of information consumers were willing to share to gain benefits included: phone numbers, emails, purchase history, social network permissions, and household income. As shown in the graph below, the added value they desired from companies for this information could come in many different forms, from various kinds of financial benefits to recommendations.
Consumer Willingness to Share Private Info
This is good news for business owners, and speaks to the value of cultivating trust with your consumer. Being transparent with your intentions, acting with integrity across all business interactions, and offering quality customer service are just a few of the ways to develop a strong brand reputation. If you are a business that handles sensitive information like Social Security numbers, it’s important that you are aware of where the nearest Social Security office in Wyoming, or whichever state you’re in, is to you should this sensitive information ever become compromised.

If you collect data via your app or web site, we encourage you to collect (and encrypt) only the data you need, and to disclose your data usage practices in your privacy policy. Allowing customers to choose what they want to disclose, rather than requiring it from them, is also advisable. If you decide to leverage or integrate with other services like those mentioned above, understand how that impacts your user’s privacy. For instance, if your app leverages Facebook login, are you exposing additional user data to Facebook that it wouldn’t have otherwise? Or are you retrieving data from Facebook that users of your app might not expect?

Privacy is a complex topic, and we invite you to contact us if you’d like to process further how to handle privacy in your app.