Protect Your Privacy in Everyday Life
Have you ever found it annoying that at times it’s nearly impossible to buy something or get a service without compromising your privacy? Too often, the customers are asked to tell their name, address, email, phone number, fill a form, create an account, subscribe, register, enrol, join or become a member when it is completely irrelevant to the service in question, or if the customers don’t want to, even if they pay cash, even if no delivery or postage is involved. To me, it’s one of the main reasons for walking away, seeking the same goods and services elsewhere or rethinking my need for the purchase. If a business does not give me an option to simply pay and enjoy what I paid for without hassle, I will not become their customer, because that would mean supporting a privacy-invading practice. And vice versa, if a business truly respects people’s privacy and confidentiality of their personal data, gives the customer the choice and considers their wishes, I’d be willing to try that place before all else, come back again and recommend it to others.
One may not realise, but we are making decisions about our privacy nearly every day. Whether we are doing some online shopping, using bank cards, filling forms, applying for a job, using a social network account, participating in a survey or being annoyed by direct marketing — anything that requires or uses personal information, invades the territory of our privacy. In today’s world of digital technologies, information became a valuable asset: it worth big money money, it brings more money, and it is the reason why we are asked to give out our personal information more often than ever. The rapid development of information technologies also made identity theft and fraud easier than ever, and that is why we can never be too vigilant and cautious.
By following these rules in your everyday life, you can greatly increase your personal safety:
• Remember that privacy is an essential part of personal security and safety.
Identity theft, fraud, blackmail, most successful scam, and many other crimes are only possible because someone obtained personal, private or sensitive information about another person. Most of the time, the victim did not disclose the information personally or directly. The data was stolen; misplaced, misguarded, misused or wasn’t properly disposed of by someone else who was trusted to hold that information. In our age of information technologies, there is no such thing as absolutely secure system anymore. Nobody can guarantee that their network or database will never be broken into by hackers, or that all of their employees will always be trusty and diligent. There is only one true way to guarantee people’s privacy and security: to not have the personal information stored anywhere. Which, in turn, means that:
1. Governments agencies, departments and contractors, and also private companies and corporations should not ask people to disclose their personal information unless it is absolutely necessary, and there is no possible way to do whatever there needs to be done without every single piece of the information they ask for.
2. As the former is not likely to happen (actually, the contrary is happening and is getting worse), every individual should safeguard their own privacy as much as possible and not hesitate to ask why each bit of their personal information is required in each case.
• Never give out more information than necessary.
If an organisation or a person wants to collect your personal information, ask what the information is required for, what they will do with it, how securely it is going to be kept and who it will be disclosed to. This applies to any business, organisation, health care provider or a government agency.
Unfortunately, government laws and institutions often force people to disclose large — and often unnecessary — amounts of personal and sensitive information, while knowing that it is impossible to guarantee absolute safety of the data; and later, when the person becomes and unfortunate victim of a data leak, information misuse, hacker attack or identity theft, the very same authorities do very little to help and ease the recovery process for the suffering person.
For example, no matter what you buy, if the goods are not going to be posted or delivered by the seller to your doorstep, they don’t need to know your full name, address or phone number. It became too usual to ask the customer for their contact details, whatever they buy: a pair of sunglasses, a photo camera, a piece of software, a laptop or a vacuum cleaner. Very few people question this practice, and those who do, often get the standard answers like “It’s for the warranty”, “Just in case you lose your receipt”, “It’s simply the way we do it”, “Don’t worry, we won’t send you junk mail”, “Just in case there is a recall”... We all heard that. Nevertheless, we must have and option to skip this step, pay for the purchase and walk away with it. No delivery involved — no need to disclose your address; it’s that simple. Needless to say the no shop ever needs to know your date of birth, marital status, amount of kids or any other private info like that. Same goes for “register your purchase” cards and “help us to improve the quality of our products” surveys. If some company truly wants to increase the quality of its products, they should do exactly that, and they don’t need to know our occupation or how many people live in our households to do it.
• Tick all the “opt out” boxes.
• Be very careful in your decision to opt-in for Personally Controlled Electronic Health Record (PCEHR), eHealth, MyHR, or whatever it is renamed into again.
Australian eHealth records system is still developing, and nobody knows whether “personal control” is going to be eventually restricted or removed. There is also no guarantee that the sensitive and/or identifiable health information won’t be disclosed to third parties, stolen by hackers, shared for a research, or used for any purpose other than direct benefit for the health of the person — all without the explicit patient consent. In fact, Australian Bureau of Statistics announced on 18 December 2015 that it will keep people’s names and addresses collected during 2016 Census and link Census data to health records — all without your consent or control.
There have already been multiple hacker attacks on Australian medical practices and pharmacies, and that means that the patient’s names, dates of birth, addresses, Medicare card numbers and lots of other sensitive information are now out there ready to be used for any criminal purpose.
• Exercise caution when participating in surveys, competitions or entering prize draws.
Essentially, they are bribes for getting your data for their market research.
Many companies use the win-whatever appeals as a bait for obtaining people’s personal information. But, as we know, no business does anything really for free; so if they are offering a prize, it only means that the information they are expecting to collect from the participants will bring them more money than the cost of the prize.
• Same goes for loyalty programs and rewards cards.
They are not about rewarding the customers, they are about spying on the customers. They are schemes offering very little value while collecting huge amounts of customers’ personal data for data mining.
Again, if it is a business, its main purpose — to make more money. Period. A business will never do or offer anything unless it brings back more than it costs. In the ideal world, customers would ask for what they need, a supplier would provide that of a good quality with good service, and the satisfied customers would pay the supplier’s profit included it the price. No tricks required. But in the real world, the suppliers are constantly implementing strategies to sell us much more than we need. Targeted marketing is the most effective tool for that. And, as a result, we are not getting the best goods, but rather the best marketed goods. And the sad thing is that we, knowingly or not, supplied the marketing tricksters with all the necessary information for the successful scheme.
By signing up for a rewards or loyalty card, we share our name, address, gender, age, interests, income range, and other information about our family and household. Then, every time we shop and use that card, we tell the retailer what, when and how much we buy. All that data is collected, analysed, added to our profile, used to predict our next move, shared with other businesses, and sometimes even sold to third parties for even more profit.
Next time when you are wondering how an ad, packaging design or a “special discount” managed to convince you to buy some rubbish you never needed, don’t be surprised: marketers know about you and your behaviour way more than yourself. They know how to target you when you are vulnerable or most susceptible to suggestion. Was that 4c fuel discount or a chance to participate in a some Christmas prize draw worth the money you have just wasted? It is up to you to stop it.
• And... same goes for the usage of mobile phone location services, paying with debit or credit cards, accounts with giants like FaceBook, Google or Microsoft, and other social media usage.
If you are sick of being tracked, there are some solutions: switch off the location services, pay cash, use software for blocking the Internet usage tracking, and keep in touch with your friends and family in person whenever possible. Is it going to be easy and convenient? Well, it is, again, up to you to decide.
• Remember that your personal information and contact details are a valuable business and marketing asset. Don’t give it away.
Customer databases are one of the most valuable assets any business or institution has. They are used to generate extra profits and sometimes are shared with other companies for money or other benefits. The most unfair aspect in this arrangement is that this information is not only obtained by the companies from the customers for free, but the customers are given no choice, and are often charged admin / joining / new customer / new patient fees for that! Shops, clubs, gyms, entertainment venues, ticket sellers, doctors, dentists, optometrists, etc — all demand excessive personal information without ever explaining why it is “necessary”. As most of us know, it is impossible to visit a dentist or get a new pair of glasses from an optometrist without being later bombarded with marketing messages, reminders and special offers.
Optometrists seem to be the worst offenders in this aspect. They obtain customer details under the pretext of being “healthcare providers” and pointing to the Health Practitioner Regulation National Law (which, by the way, says nothing about personal data collection and usage), and then use that data for marketing and spam. The customers are never given the choice of not being put into the mailing lists or their data not to be shared with numerous third partied. The offered only option is to opt out once the spam starts coming. Unfortunately, opting out at that stage doesn't delete your personal data from the marketing databases, nor stops its further disclosure and misuse, it only stops the unwanted communications.
Medical establishments have become the targets of hacker attacks and honeypots for identity fraudsters: doctors and other medical professionals collect and keep huge volumes of highly personal and private data, yet have no skills or expertise in keeping it secure. How many people dare to question why a medical centre is asking for certain personal information and what they are going to do with it? People simply comply and sypply. They often engage other companies too look after their technology needs, which means those companies have access to your health information without being bound by healthcare privacy laws, or use third-party software for managing bookings, medical records and communications. That software often made overseas and uses cloud facilities located in other courtiers, meaning nobody knows what happens to your data and who has access to it.
Be careful and vigilant every time you are filling a form, and keep in mind that the company is most likely going to use all this data for marketing purposes, and in case of a medical or semi-medical establishments, also for pushing information about you to the government medical surveillance systems, which can share it with other government branches or link it to census or other population data. If some information is “mandatory”, ask why. Often, there is no satisfactory answer. Then ask yourself whether you still want the “services” on these terms? Is whatever this place is doing worth the loss of control over your personal information, privacy and safety?
• Think twice before posting any personal information online.
Once something has been uploaded to the Internet, cannot be 100% deleted. Don’t put important private information or large amounts of personal information on social networking sites.
Uploading your data into cloud storage services like iCloud means you almost certainly lose its privacy and confidentiality.
• If possible, avoid taking up credit cards, loans, credits or mortgages.
Once you borrowed any funds, your personal information goes into the credit history and is shared with all sorts of third-party companies and Credit Reporting Agencies, which may use and misuse the data as they please. By borrowing money you not only enter the financial slavery and enable the lending institutions to make money on the interest you play, you are also forced to supply a load of your personal information which will be used by other companies to make money on selling or sharing access to it — all without your control or explicit consent. Given the fact that Credit Reporting Agencies like Veda can easily navigate their ways around the law, can they be trusted to do a decent job of safeguarding your privacy?
• Don’t keep any personal information in your mobile device if you don’t want that data to end up in someone else’s hands.
Many people use their smart phones to store their own, their friends’ and their family members’ names, phone numbers, home addresses, email addresses, birthdays and online profile links in the contact list. It may be handy, but don’t forget that mobile phones are not only easy to lose the or steal, but also that phone’s OS or apps can have software back-doors to gather and transmit all that personal information to an interested company or agency. Given that they can also collect information about websites you visited, photos you uploaded, your geolocation coordinates, buddy lists, sms texts, email contents and phone calls history, someone may know about your private life more than yourself.
Entering your own information may be your choice, but adding information about other people in your “contacts” jeopardising their privacy without their knowledge or consent.
And, again, think twice before synchronising your mobile phone data with any sort of “cloud”. Are you sure that all the people in your contact list happy for their personal date to be handed over to the company that runs the “cloud”?
• If you are unexpectedly contacted by someone claiming to be an insurance company, a bank, a government agency, a bill collector, no matter what the reason, never give them any of your personal details.
You can’t be sure who the caller really is. If they are really your insurance company, bank or real government agency, they already have all the necessary information. If they want to “confirm”, “verify” or “make sure everything is correct because they are updating their system”, they are either too dodgy to do the update properly without such verifications, or are a fake trying to steal your identity. The easiest way to check is to find an official legitimate contact, call that company, bank, organisation back and ask whether such verification has really been required. Never call back using the phone number the stranger gave you without making sure that number really belongs to the company they claim to work for.
• Shred all documents before throwing them out.
Don’t just crumple the paper up or tear it in half! Cut the paper to small pieces across the lines or text, paying special attention to the areas where your personal details are printed.
• If you are tired of telemarketing, add your number to the Do Not Call Register.
For Australia, visit www.donotcall.gov.au. For other countries, do a search and see if there is an official way to opt out if it.
• Remember, once the information is entered to a database, it hardly ever gets deleted, even if you were told it has been.
In modern databases, the information gets marked as no longer in use, but it may be kept in the database forever. The disk space is very cheap these days, and database management programs are very nifty and fast: anything can be kept indefinitely and restored at any point. Companies no longer run out of space on their archive shelves for paper documents, so no information is destroyed, no matter how old and outdated.
• Set up a separate junk email account for subscribing to “newsletters” and “special offer” notices. Preferably, don’t use your real name for those purposes.
• Always read the fine print.
• Always read privacy policies.
Make note of whom your private information maybe disclosed to. The fact that the company you are dealing with promises to protect your information doesn’t necessarily mean that the third parties it shares your information with are going to do the same.
• If you don’t understand why a particular piece of information is being collected or if you want to be sure that your personal information is going to be stored securely and destroyed when no longer needed — ask! It’s your information and your privacy, so you have every right to demand its safety and protection.
• Be aware of nowadays’ low quality control for online systems and software.
Unfortunately, programmers and IT specialists are not chosen from geniuses and brain elite anymore. Companies are cutting corners and are happy to outsource programming jobs, which means they are getting lower quality for lower cost. The idea is that everyone is pretty much forced to use online services these days, and people will have to put up with bugs and errors because they often have no alternative.
Rapidly growing IT industry also means time pressure — to be quick, to be the first; new websites, online shops, e-government services and internet banking systems are rolled out as quickly as possible, which often means ditching the thorough testing stage in the software development process. Illogically, companies don’t mind spending some extra time and money on unnecessary, fancy-looking design features and would rather cut costs for proper security and testing. After all, a pretty interface is what gets the majority of new customers in. Once they signed up — the target is achieved, it will be too late when the customers discover the poor quality of the system.
• Be careful when using banks’ money management and budgeting tools.
Personal online budgeting services and software like NAB’s Money Tracker, St George & Westpac’s Budget Planner Calculator or ANZ bank’s MoneyManager are actively advertised as invaluable services to help the customers take control of their money and develop a better understanding of where they are spending and how much they are saving. Sounds great, but keep in mind that first of all, banks always help themselves.
The online personal finance analysers have sophisticated transaction analysis engines for organising and categorising user data. Along with promising their customers to “take all of the headache and guess work out of budgeting, tracking money and saving for goals”, the banks are able to “run rich customer analytics, for example by customer segment for more targeted marketing” and to get “valuable insights to our customers, for example, to see a comparison of spending patterns to others like them”. Customers who use money management tools are providing the bank with a live picture of their financial situation at any point in time.
While the analysis engines are flexible and can adapt and learn user behaviour, often they are unable to categorize a transaction correctly and lump it into the “Miscellaneous/Other” category. The users have an option to categorise the transaction manually and tell the bank what exactly it was from or for. Do it only if you do want your bank to know, as it “will learn and remember any changes you make for similar transactions in the future”.
When you use the budget planner or the “what if” scenario analysis option, you are giving your bank the important insights on your future plans. If you would rather keep your plans for your future to yourself, you may want to avoid using the tools provided by your bank or any other third party. After all, you never know how this information may affect the bank’s decisions and behaviour.
If you don’t mind to become a target of more sophisticated marketing tricks, and if you don’t feel that your privacy is infringed when the banks constantly watch where you are going, staying, working, holidaying and shopping, what you are choosing and buying, who your insurers, doctors, friends and family are, you may find such tools somewhat helpful. But if you are concerned about your everyday life being monitored, analysed, and that information being used by the banks and their third parties, you may want to opt off these money management services.
However, switching the service off or not signing up for one doesn’t mean your bank will stop monitoring you and collecting the information about your transactions. It only means you won’t be supplying extra data, letting the bank into your dreams, plans and your future or volunteer more private information. At the moment, the only sure way to avoid being watched, analysed, categorised and targeted is to pay in cash.
• If you are thinking of becoming a small business owner or sole trader, know how Australian Business Register and Australian Securities and Investments Commission work.
First, Australian Business Register (ABR) charges people for the registration of a business or a company. Then it charges annual fees, which are basically payments for database record maintenance, which must include a secure and safe storage of private and personal information. Nevertheless, ABR is making money on people’s personal details twice: once, by charging them for taking the information, and then — by selling that information to other companies and interested parties, while stripping people of their privacy.
The free publicly available lookup in Australia Business Register and Australian Securities and Investments Commission (ASIC) disclose only limited information about a company or a business name holder. However, for a small fee, anyone can obtain a much more detailed set of data. ASIC sells the access to the information for an array of private companies, so-called Information Brokers (SAI Global, Veda, InfoTrack, Tri-Search and others; many of them are international commercial entities). These companies, in turn, are making money on reselling your personal details further. In short, Australian business owners are charged by ABR and ASIC for enabling them to make more money out of personal information.
One may argue that business registration is not a private affair in Australia, yet all this unlimited information trading may be very disturbing for the owners of small business who have no choice other than providing their home address for business registration, because ABR does not accept PO Boxes and demands a physical address, which may jeopardise the people’s safety if made publicly available. The whole arrangement is discouraging small business while benefiting large corporations, which is discriminating and bad for Australian economy.
• Be aware of countries demanding biometric data from visitors.
What was once a procedure reserved for convicted criminals, now is being gradually pushed to become a “normal” part of holiday travels. One by one, countries demand tourists and visitors to submit their fingerprints, iris scan or a photograph for a facial recognition system under the same overused pretext: counter-terrorism and security. It remains unclear how, by looking at fingerprints, the paranoid border security is going to tell who is a potential terrorist and who isn’t. This process harms civil liberties, invades privacy, and the creates a more serious risk of identity theft, because any leaks from biometric databases could be used by criminals or hostile individuals.
The list of countries collecting biometric information from visitors and even transit passengers is constantly growing, so, if you do not wish to be treated like a criminal and be forced to supply your fingerprints or digital photos to a panoptical regime for them to keep and use this data in any way they see fit, you may want to do research the entry or transit requirements of the countries before making your travel plans. You may not want to spend your money in the countries who think they are free to damage people’s civil liberties and jeopardise their personal safety. Sadly, the choice is narrowing.
Australian border security now use the SmartGate technology, and airport staff often behaves quite rude and pushy in their attempts to force the travelers from “eligible” countries to use SmartGate electronic kiosks rather than being processed by a fellow human. At the moment, unless forcibly herded by the airport employees to the SmartGates, people still have a choice to be processed by a real human officer. However it may no longer be an option in the future. Presumably, the plan is to make people get used to machines, get rid of the highly-trained and famously polite Australian border security officers; then say that no system is perfect, SmartGates make errors and a facial recognition is not enough, so more biometrics are needed, and start collecting fingerprints / iris scans / body parameters / DNA samples / anything else the authorities want. If people don’t insist on being processed by human staff now, biometrics collection won’t stop at facial recognition. There is nothing more intelligent and sophisticated than a trained person who can do more than any machine, such as analysing behaviour and other clues. Using machines has nothing to do with increasing the country’s security, it is just another way to harvest more personal data.
• Be aware of Australian Bureau of Statistics’ census, longitudinal datasets and compulsory household surveys.
If the ABS was truly collecting information for “statistical purposes only”, as they claim, they wouldn’t need people’s names, dates of birth and other personally identifiable information. Their excuse is “studies have shown that an anonymous census leads to much poorer statistics”. The reality also has shown that the only way to guarantee the safety of private data is not to collect or accumulate it, otherwise if will be leaked, hacked or misused.
Read the details in the article Australian Bureau of Statistics and privacy issues: be aware of how ABS collects and keeps the census, longitudinal datasets and compulsory household surveys information.
• Be careful with myGov portal = my.gov.au website.
It is badly made and insecure, a honey pot for hackers and information thieves, and may become another mass surveillance tool or the government’s attempt to force another Australia Card upon people.
• Exercise caution before plunging into using a new gadget, website, portal or online service, creating an account, subscribing to something, or leaving your personal details.
In the past, we lived with anticipation and curiosity about the technology evolution, we were wondering what a new, interesting and useful discovery will be implemented next. And those new implementations were indeed interesting and useful.
Today, the world has changed. For the majority of people, the technology evolves too rapidly to follow it with a deep understanding. Nearly every day we discover that now we have to do things differently; sometimes we have a choice, sometimes we don’t. Too often we are told that now we have to sign up, create a profile and login somewhere in order to be able do the same things we were dong before (for example, the infamous my.gov.au portal). The changes always touted as “improvements”, as something faster, more efficient and convenient. But every new service is created so that it is more profitable or convenient for its stakeholder first, and only then has some benefits (or properties that can be portrayed as benefits) for its ordinary users.
Everything advertised as “one click away”, is in fact a profile full of personal information away. People suddenly need to create so many profiles and logins, fill so many online forms, and accept so many “Terms and Conditions” that it is virtually impossible to carefully read, remember and keep track of each one. Usually, the users just tick the ‘Accept’ box and submit a load of private information to the service, which will store, analyse, merge, verify, disclose, sell and use the personal information to its advantage in every way it sees profitable. Every bit of personal information we give away means we are tracked, targeted, profiled, spied on and subjected to more surveillance for “safety and security reasons”, and we are one bit closer to the danger of identity theft. The database with our data may be mis-guarded, misused, hacked or leaked, our identity may be forged and stolen, and once the information is passed into someone else’s hands, there is no way back, unless you completely change your identity.
It may sound like an old person’s rant about the good old days, but sometimes freedom, privacy and safety are worth spending some extra time researching the true benefits and drawbacks of a new trinket or service before rushing into using it. Very often, the old trusty cash, cheque or paper form is more secure than all the “new and improved” apps and online features. It also very beneficial for one’s health to pick up a pen every now and then to exercise the fine motor skills with the old-fashioned writing rather than tapping the screen or pushing the buttons.
• Remember: The most effective way of controlling and protecting information about oneself is not to share it in the first place.
“We value your privacy”
Look at CITEC example: an organisation given a power to manage shared services for the whole of government, including a major consolidation of Queensland government data centres, an organisation given access to more than 40 government and commercial information sources, including the data in investigative reports, property registers, motor vehicle registers, traffic incident reports, crime incident reports, is not just already making money out of the private information people had to provide for free by the government’s requirements, but it is also considered that it could be sold off as part of a revenue drive to bring the economy back into the black.
ID protection at crisis point – the Sydney Morning Herald article 2011, still very relevant.
The Australian Privacy Foundation – an association dedicated to protecting the privacy rights of Australians, it aims to focus public attention on emerging issues which pose a threat to the freedom and privacy and defend the right of individuals to control their personal information and to be free of excessive intrusions.
Australian Privacy Commissioner – Australian government website dedicated to privacy issues with a special focus on information technology and the Internet.
Quotes about Privacy
“Those who surrender freedom for security will not have either one.” — Benjamin Franklin
“The real danger is the gradual erosion of individual liberties through automation, integration, and interconnection of many small, separate record-keeping systems, each of which alone may seem innocuous, even benevolent, and wholly justifiable.” — U. S. Privacy Study Commission
“The way things are supposed to work is that we’re supposed to know virtually everything about what the government do: that’s why they’re called public servants. They’re supposed to know virtually nothing about what we do: that’s why we’re called private individuals.” — Glenn Greenwald
“No one likes to see a government folder with his name on it.” — Stephen King
“Experience should teach us to be most on our guard to protect liberty when the government’s purposes are beneficent. Men born to freedom are naturally alert to repel invasion of their liberty by evil-minded rulers. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding.” — Louis D. Brandeis, Lawyer and Associate Justice of the Supreme Court of the United States
“The right to be let alone is indeed the beginning of all freedom.” — William O. Douglas, Associate Justice of the Supreme Court of the United States
“Big Brother in the form of an increasingly powerful government and in an increasingly powerful private sector will pile the records high with reasons why privacy should give way to national security, to law and order ... and the like.” — William O. Douglas
“A desire for privacy does not imply shameful secrets; without anonymity in discourse, free speech is impossible, and hence also democracy. The right to speak the truth to power does not shield the speaker from the consequences of doing so; only comparable power or anonymity can do that.” — Nick Harkaway, novelist and commentator
“I don’t like to share my personal life... it wouldn’t be personal if I shared it.” — George Clooney
“To be left alone is the most precious thing one can ask of the modern world.” — Anthony Burgess
“We live, in fact, in a world starved for solitude, silence, and private: and therefore starved for meditation and true friendship.” — C.S. Lewis
“The most sacred thing is to be able to shut your own door.” — G.K. Chesterton
“Privacy is not something that I’m merely entitled to, it’s an absolute prerequisite.” — Marlon Brando
Published 6 September 2012, latest update 17 January 2016