Is my data being stolen?
How to protect your business and personal information online
Over the last year, there have been significant changes in the privacy space. There has been a general shift by online businesses and their customers towards achieving greater transparency about what data is being collected, why it is needed, how it is being stored and how it is being used.
Previously we have talked about the requirements for data privacy in the EU.
Why is your data being collected and stored?
Data Powers the World.
Individual data is aggregated into big data which becomes quite valuable to organisations for planning and marketing communication of various kinds.
The phrase "big data" has been doing the rounds for some years now, and it seems that businesses, and marketing teams in particular, have developed a never-ending thirst for more and more data.
At a large scale, nationwide data gathering processes like the national census provides numerous data sets that are used for planning the delivery of things like health services, education and infrastructure. Businesses can also pay to use some of the government's data sets to work out the size of a potential market for a new service for example.
What is less apparent though, is whether those businesses know what to do with the data they are collecting, or if they are in fact applying it in a beneficial way within their organisations - either to increase value for shareholders, or to provide higher levels of more customised service for their customers.
In an ideal world, data should be used to provide highly relevant, targeted communication with the customers of a business, delivered at a time and with a frequency that your customer or potential customer is comfortable with. More often though, the data is used as a blunt instrument, with a tiny percentage of its power actually being put to work.
Data of value to businesses includes:
Social media. Paid campaigns across all social media channels will target users based on a combination of demographics such as age and gender, interests, location, relationship status, family/parenting status etc.
Websites. 'Cookies' are added to your browser to gather anonymised website statistic information via Google Analytics, heatmapping to show what parts of a website are being viewed, anonymised video recordings that capture which pages of a site someone visits, how long they spend on that page, what they click on etc
Conversion tracking .Tools capture data (again anonymised) that makes it easier to work out which marketing channels (eg organic search results, social media posts, paid digital advertising or email campaigns) are delivering the most results in terms of people purchasing a product or making an enquiry
App downloads and purchases. Data around who is downloading apps and what things they are interacting with or purchasing inside the app provides valuable business development insights
Marketing Automation. Contact details are gathered and stored for email marketing (trading information for gated content or a small benefit such as a voucher or promo code)
What's in it for me?
Seeking more personalisation and automation. AI and machine learning works based on information collected on you, which will mean you need to exchange a small amount of personal information in exchange for a benefit. In many cases, that benefit is the website or app you are engaging with remembering your details and your history of purchases etc, rather than having to re-enter information every time you visit.
Getting something in return. A recent study found that people will readily hand over their private date in exchange for a small incentive.
Laziness or convenience. Many websites, apps and applications have lengthy terms and conditions which very few people take the time to read and understand before clicking the Accept button. The GDPR legislation does place a requirement on businesses who are gathering data to make their terms and conditions easier to find, read and understand than previously.
Less annoying (more accurately personalised) marketing. Ideally the data will help ensure that you see advertising that is relevant to your interests, not too frequent and not targeted incorrectly (for example continuing to show you ads for a product you have already purchased).
Some people do find it a little "creepy" though when they get content showing up on their computer or mobile device that is perfectly targeted to exactly what they are looking for right now. This can lead to wondering if their devices are eavesdropping on their conversations.
Although there have always been privacy options for users of social media channels, in recent times this has been taken a step further due mainly to the massive potential liabilities these companies may incur should there be a significant data breach.
Thanks to the introduction of GDPR, the big players (along with many others) have introduced the ability for users to seek out information that is being held about them if they want to know. This includes:
YouTube (and other channels) are forcing influencers to declare if they are being sponsored or paid to promote specific brands on their channels.
Facebook allows you to find out what brands are advertising to you, and lets you see the ads against each Facebook Business page.
Search engines such as Google are enforcing security principles to ensure data is safer from hackers across their tools including Google Analytics and Google Ads
MailChimp is attempting to enforce that only users who have explicitly given permission to be added to a list for future marketing can be stored within their platform
How to protect yourself
Always make sure you enter your data into a secure website – check out our blog post on website security to ensure the website is safe.
Look for the https in the url of any site that you are going to give your personal information (even your email address) and especially if you are going to purchase something online. If the site doesn't have https, then your information may not be encrypted for security.
Check with sites such as https://haveibeenpwned.com/ to see if your email address has been shared as a result of any large site hacks. If it has, make sure you update passwords in every instance. If necessary, you might also need to change your email address.
Be aware that there is always the risk your data could be leaked. Make a point of not using the same email and password combinations across multiple sites and accounts. If your main email address and the password you use regularly are both stolen, then hackers can potentially access a number of your accounts. Along the same lines, reguarly update your passwords on any sites that contain valuable data, especially financial records of any kind or payment details.
In terms of companies who are gathering your data - make an effort to read the terms and conditions before accepting them. Check that apps within social media or mobile apps are only gathering the information that is realistically relevant to the delivery of the app. If there are options for refusing them gathering unnecessary data, use them or simply opt out altogether from the app.
Check your security settings and data gathering from the apps already on your phone. For example, is Google Maps tracking all your movements? Is Facebook? You can turn these settings off, and also only allow specific apps to work when you are on wifi, not when you are mobile and they would need to use your data.
Clear the cookies in your web browser regularly so there is no unnecessary tracking and targeting going on.
How to protect your business
Data transparency. Let users know what you are collecting, when, and most importantly, why. Get their permission. Allow them to opt-in. If users see a benefit to keeping their data they will be more open to it (for instance, remembering their preferences to make future browsing experiences more customised).
Clean data. Make sure you perform regular audits of data to remove any old data you no longer require and have it easily accessible in case anyone requests it or wants it deleted.
Put a plan in place. To protect your organisation from reputational risk if you store client data and it gets breached.
How do you find out more?
You can see what personal information of yours is held by any organisation, business, or government agency in New Zealand.
As a business, you can use the Privacy Commissioner’s Privacy Statement Generator to cover you if you aren’t sure. This provides a privacy statement you can adapt to use on your website.