The Hard Truths About Why Your Personal Information is Exposed Online & What Can Be Done About It

November 1, 2023 | by Rachel Kronenfeld

This is Part 4 of a 4-part mini-blog series.

In today’s digitally-driven world, personal information has become a valuable commodity. From your email address and phone number to your social media activity and shopping preferences, a wealth of data is scattered across the vast online landscape. Data, in its most benign form, is a lucrative commodity with social media sites selling your Likes to an array of information aggregators – a frustration for consumers who don’t appreciate the “Big Brother” aspect of online engagement providers. Data, at its most dangerous, allows terrorists and scammers—as near as your neighbor or from faraway lands—to farm from open sources the personal addresses of public figures and military personnel to threaten them and their families. They mercilessly robocall and prey on the elderly. Regrettably, exposing our data is often the price we pay for participating in various open public platforms. So, we organically generate these annoyances and threats ourselves.

Hard Truth: We Expose Our PII Ourselves

A good deal of the information found in online databases is gleaned from our inclination for simplicity, connectivity, and even retail discounts. For instance, does your keychain look like holiday garland with commercial value cards dangling from it? Gliding through the airport, do you advertise who you are with easily visible bag tags displaying your status and address? Are you or your family members regularly checking Facebook and Instagram feeds from a smartphone or a laptop? Is your wallet bulging with credit and/or debit cards and not dollar bills? Do you receive unsolicited offers or scam calls? Is your mailbox stuffed daily with unsolicited offerings? If any of these scenarios apply to you, you are oversharing your information.

The rise of social media has encouraged us to share our lives, experiences, and preferences with the world. What we often overlook is such voluntary disclosure can expose a wealth of personal information to both friends and strangers. The ease and convenience of online services and shopping requires you to share PII to make a purchase or create an account. Companies collect this information to tailor their services and target advertising more effectively.

Hard Truth: We Willingly Opt-In

Frequently, we opt-in online and freely offer our email address, phone number, residential location and even our birthdays. We quickly click accept on the popup that obstructs our view of the website we just Googled and automatically give consent to being tracked by digital “cookies.” We quickly scroll to the bottom of the fine print of terms and conditions, privacy policies, purchases, and subscriptions to click the accept button that enables us to move on to the next screen. We fill out forms and pay bills online and frequently use autofill in an effort to save time. If we were to keep a journal of all the times we share our name, address, phone number, and credit card information, we would be astounded by how much PII we willingly share just by utilizing the practical, modern conveniences we’ve come to rely on daily.  

What many people don’t realize is that most websites use tracking cookies and third-party apps to collect data regarding your online behavior. This data is then used for marketing and advertising purposes.

Hard Truth: PII Availability Is Nothing New

Oddly enough, such personal information has always been readily available — although it required investigative experience and/or a serious commitment to locate these types of details through county courthouses, administrative offices, and other public record venues. Since the advent of the easily accessible and always available World Wide Web, public records have become instantaneously accessible to everyone. These companies locate individuals and share personal details about where they live, who lives with them, their ages, education, approximate income and so on, for anyone who clicks into a database.

When you come across personal information such as a postal address, family member’s name, personal account information, or social media posts naming you and your family on the Internet—and you are bound to—it is time to start opting out of online public records databases.

There are hundreds of online vendors whose sole business is aggregating public records. In the event you find your personal data on other public records sites, start by searching the site for “opt out” or “data privacy,” often located at the bottom of the website’s landing page next to the legal statements. Due to the General Data Protection Regulation (GDPR) and other national and international laws, most websites offer an easy online removal request form. Companies that do not post a Privacy Policy should be given extra scrutiny.

Hard Truth: You May Fail

It must be noted, however, that not all sites are responsive, standing on ceremony that they are sharing “already public information” and don’t have to remove your data. The best approach for hard to reach sites is a calm approach: Explain that you wish to have your personal data redacted from their website, as you did not agree to participate in their profiting from your address and personally identifiable information. There are some sites that simply will not answer your requests, which can be incredibly frustrating. No blanket law or procedure works in these instances, and each request needs to be considered individually since you are attempting to convince the publisher to expunge your personal information. Our approach has been mostly successful, but even our team faces an occasional unwilling participant. If you are having difficulty getting your request to opt out from certain databases and websites, contact us for guidance.

Another factor in the ability to protect your PII is the Freedom of Information Act, which regulates the types of records the types of records a government agency may obtain, the conditions under which such information may be disclosed to another government agency, and the circumstances and methods under which an individual may obtain copies of agency records that pertain to them.  There are also state counterparts with similar public/open records laws.

What generally cannot be opted out? The following are not likely eligible for redaction without a court order: business filing, property record data, tax assessor data, campaign contributions, SEC filings, and media articles.

Hard Truth: Removing PII Can Be Difficult to DIY

Some things are best left to the professionals. Locating, removing, and monitoring your PII can be a daunting task that feels insurmountable given the vast landscape of the internet. Hg is armed with the tools, insight, and accessibility that have empowered us to become subject matter experts on digital vulnerability intelligence. We delve deep, beyond conventional measures, to uncover information that could potentially harm you or your loved ones. Whether you are looking for a one-time assessment for data removal, or a long-term monthly or annual subscription to maintain your online privacy, Hg has a solution for you. Contact us for a Digital Vulnerability Assessment and gain peace of mind from knowing that your information is being safeguarded by the experts.

Hard Truth: Your Privacy Methods Are Outdated

Just because what you’ve done up until now has seemingly worked to protect your data doesn’t mean it will continue to. Advancements in data technology are evolving rapidly that you need to frequently stay ahead of the curve to ensure the data you want kept private remains private. Here are five things you can do immediately to help protect your digital footprint:

  1. Check Privacy Settings: Review the privacy settings on your social media accounts, apps, and devices. Adjust them to limit the amount of personal information that is publicly accessible and inform your family members to do the same.
  2. Use Strong, Unique Passwords: Ensure that you use strong and unique passwords for different online accounts. Routinely change passwords in the event of a data breach that may not have been disclosed to you.
  3. Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA for your accounts. This adds an extra layer of security, making it harder for unauthorized individuals to access your accounts.
  4. Use a VPN: Consider using a Virtual Private Network (VPN) to encrypt your internet connection and protect your data from prying eyes, especially when using public Wi-Fi.
  5. Regularly Update Software: Keep your operating system, antivirus software, and applications up to date. Updates often include security patches to protect against vulnerabilities.

These seemingly small changes can have a big impact on your data security.

Hard Truth: Your Data, Your Responsibility

In a world where data is king, protecting your personal information is paramount. While complete privacy may be challenging to achieve, you have the power to minimize your digital footprint and reduce your exposure to online threats. Even when you’re cautious, you’re not entirely in control of your data. Data breaches, where hackers gain unauthorized access to databases, are a constant threat. These breaches can expose sensitive information like passwords and credit card details. Educating yourself and staying informed about common online threats and scams will enable you to proactively take control of your PII and navigate the digital world with confidence.