By Cynthia Hetherington

Data, at its most annoying, is a commodity with social media sites selling your Likes to data providers. Data, at its most dangerous, allows terrorists and scammers—as near as your neighbor or from faraway lands—to farm from open sources the personal addresses of our military personnel to threaten them and their families. They robocall mercilessly and prey on the elderly. Unfortunately, we share much of the data that generates these annoyances and threats

In this new blog series, we help you understand the dark side of information sharing. You will learn the pitfalls of oversharing and how to reduce your online risks. You will gain useful tips for protecting your personally identifiable information (PPI) and preventing identity theft, learn how to opt out of online vendors and how to remove your PPI from three major DNA collection retrieval services.

A variety of information is available to businesses and organizations. While most of the information is non-sensitive, some of it can be sensitive. This week, we review types of information, where it is stored, and federal laws regulating the sharing of such information.

4 Ways to Reduce Risk

Despite the overabundance of information shared and sold on the Web today, several measures for protecting your information are available to you. Commit to learning about these important protections and how to exercise the options offered to you. These four actions can go a long way in ensuring that you have enacted an ongoing course of action that will protect your privacy.

A. Read Privacy Policies

Reputable companies, such as financial institutions and credit card issuers, will often have a Privacy Policy informing you of what information the company collects and maintains, how it is used, and when it is shared with other parties. You can view the Privacy Policy of most companies on their Website or by contacting the company and asking for a copy. Companies which do not post or provide a Privacy Policy should be given extra scrutiny.

B. Choose Opt Out Options

Most companies will offer some choices regarding the use and dissemination of your personal information. Some of these choices are buried in the small print of Websites or mailers, so you will have to look for them. You should be given a chance to opt out of third-party shares by requesting that the company not provide your information about you to third parties for marketing purposes. Look for the annual statement from your credit card company that discusses the opt out options and act on them.

C. Annual Monitoring for Accuracy

Organizations should maintain appropriate procedures that ensure your information for important or substantive decisions is accurate. If you feel it may be inaccurate, you should be able to access such information and have erroneous information corrected, updated, or removed. Retrieving your credit report on a regular basis and verifying the details is a good method for monitoring your private information.

AnnualCreditReport.com is a government recommended credit reporting service, and the only credit report source authorized by federal law. It provides a free annual credit report from one or all of the three national consumer reporting companies: Equifax, Experian, and TransUnion.

There are three ways to obtain this free report:

  1. Order the report online: www.annualcreditreport.com;
  2. Call toll-free: 877-322-8228;
  3. Download an Annual Credit Report Request Form[1] and mail it to:

Annual Credit Report Request Service

P.O. Box 105281

Atlanta, GA 30348-5281

D. Removing Personal Information Found Online

When you come across personal information such as a postal address, family member’s name, personal account information, or social media posts naming you and your family on the Internet—and you are bound to—it is time to start opting out of online public records databases.

There are hundreds of online vendors whose sole business is aggregating public records. In Appendix B of this white paper, you will find the leading vendors in the public records business and the information needed to opt out of their service. In the event you find your personal data on other public records sites, start by searching the site for “opt out” or “data privacy,” often located at the bottom of the Website’s first page next to the legal statements. Because of the GDPR and other national and international laws, most Websites offer an easy online removal request form.

It must be noted, however, that not all sites are responsive, standing on ceremony that they are sharing “already public information” and don’t have to remove your data. The best approach for hard to reach sites is a calm approach: Explain that you wish to have your personal data redacted from their Website, as you did not agree to participate in their profiting from your address and personally identifiable information. There are some sites that simply will not answer your requests, which can be incredibly frustrating. No blanket law or procedure works in these instances, and each needs to be handled and considered moderately, as you are trying to get the publisher to remove your private information. Our approach has been mostly successful, but even our team faces an occasional unwilling participant. In those instances, you should contact us for guidance.

Our series, Info Exposed, is meant to help you to facilitate your personal privacy in a very open online world. There is no one solution, no one vendor, that has all the answers. The best security practices start at home. Using our tips as a guide, you can begin to remove, obstruct, or obscure the open source information that leaves you and your family vulnerable online. The entire report, Information Exposed, is also available to download for free.

[1] You can download the form at the following websites: www.consumer.ftc.gov/articles/0155-free-credit-reports, www.consumerfinance.gov/askcfpb/311/how-do-i-get-a-copy-of-my-credit-report.html, and www.consumer.ftc.gov/articles/pdf-0093-annual-report-request-form.pdf. Please note that the sites will ask you for personal identifiers which might seem intrusive but is necessary for you to apply for your credit report.

Are you an analyst or investigator looking for advanced OSINT training on risk assessment and risk monitoring? If so, check out Hg’s webinar series, where you can attend live sessions and receive CEUs or watch previously recorded sessions to beef up your investigative skills.

 

Are you concerned about your company’s or employees’ points of vulnerability through online and open sources? Our skilled analysts are experts at removing personal information that puts you, your business partners, and your family at risk. Learn how our team can assist you in assessing and monitoring your risks. 

 

Cynthia Hetherington, MLS, MSM, CFE, CII is the founder and president of Hetherington Group, a consulting, publishing, and training firm that leads in due diligence, corporate intelligence, and cyber investigations by keeping pace with the latest security threats and assessments. She has authored three books on how to conduct investigations, is the publisher of the newsletter, Data2know: Internet and Online Intelligence, and annually trains thousands of investigators, security professionals, attorneys, accountants, auditors, military intelligence professionals, and federal, state, and local agencies on best practices in the public and private sectors.