Better Safe than Sorry: Protecting Online Identity

I recently wrote an article for CMSWire discussing how a consumer can make small changes to protect his or her online identity and what organizations can do to support these efforts.

Those who have made a purchase – whether in-store or online – within the last few years understand that providing an email address has become a standard part of doing business in the United States. In light of the recent observance of Data Privacy Day, I presented questions for consumers to consider asking the next time they are asked for this information:

  • Why?
  • What will you do with it?
  • With whom will you share it?
  • How will your company protect it?

Chances are that most retail clerks will not have the answers to your questions on-hand. However, if you are doing business with a regulated entity, such as a bank or financial institution, the organization is required to provide information about its privacy practices in an annual notice along with information about how it shares information with its affiliates.

This brings us to the question at-hand – even if you trust the company with which you are doing business, do you trust the companies they work with to do their business? When you provide your email address to your favorite downtown shop, online music store, or even your bank, you are entrusting them with your personal information. Do you know if they share that information with business affiliates and partners, or if they sell their mailing lists to others?

In the same way that you protect your physical identification and credit cards by securing them in your wallet or purse, remember to take the same care with your identification and financial information online. Don’t choose to have websites “remember” you unless you are confident in their privacy and security practices. Select to use the most protective settings in your web browser of choice. While you may have to fill out online forms more than once and your items may not be saved in your cart for the next time you visit the site, you can rest easy knowing you are taking the right steps to protecting your identity in any way you can. At the end of the day, if consumers make protection of their private information a priority, then the companies competing for their money and loyalties must do so as well.

To read more about how consumers and organizations can work together to protect personal information, please visit CMSWire.

Learn how we can help your organization establish trust with consumers and secure sensitive data by visiting our website.

Previous articleUpcoming Chicago Workshop: Learn to Inspire, Motivate, and Drive Sustainable Adoption
Next articleLes nouveautés du Service Pack 5 de DocAve 6
Dana S.
Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: www.linkedin.com/in/danalouisesimberkoff/en Twitter: http://www.twitter.com/danalouise

26 COMMENTS

  1. Identity and Access Management have become a service that is no longer reserved for large organizations, but one that all levels of business must now tackle.

    • Very true! I’ve assisted in breaches at the last 3 major retailers I’ve worked with. It’s becoming the norm!

  2. I so agree with your blog Dana. It’s so crazy how many data breaches there has been from Target to Anthem and Premera. It’s has got to a point where I will dedicate a separate laptop only to be used for financial data. Maybe that can only help me on my end because as you mentioned, we do not know how the company we deal with protect are data themselves. Also I do that 100% of time where I don’t save any information in my cart and make sure websites/browsers don’t remember anything.

  3. It’s crazy how many times you get “that look” when you refuse to give out too much information to the clerk at a store.

    Concerning the financial information, we utilize isolated machines for accessing client bank accounts in effort to keep data safe and private.

    • I agree. It’s amazing how blithely people will give out their phone numbers, addresses, etc.–but then, I tend not to believe the “Oh, we won’t sell you to any mailing list” assurances either.

  4. Great advice. The only hard part is having to keep up with all the different passwords per site!

    • My company recently installed and practically forced a password keeper on us. I just don’t trust the one source to have all my information either!

  5. Security is our top concern. The trust relationships are difficult and can be risky for any large institutions.

  6. Thanks for all of your comments! I agree that security and privacy should be everyone’s concern. Of course the challenge is that businesses are in business to make money! So Security Officers and Privacy Officers have to balance the protection of information and regulatory compliance with collaboration and the free flow of data. Just because something can be done, of course does not mean it SHOULD be done. As I’ve said in several other posts, I think consumers and citizens have a big responsibility of rewarding (and punishing) companies that do (or do not) to the right thing! From the business side, I try to work with our customers (in the compliance role) to connect the dots with their IT and business counterparts-so that they can see the value in a good and proactive data privacy and security program-and understand it makes good business sense!

  7. Great advice! When I read it I get that…well duh…..thought. But many people will just blindly hand out their other information without thinking. Many times clerks will ask for email or zip code….I usually say no, just on theory.

    • yes, and even when they do it, they do it LOUDLY so everyone can hear it, even their phone numbers!

  8. Great info! We are such in a hurry at times, we don’t know what or why we are giving out our information. Better to just say no.

    • That is so true, it’s easier to just go with it than stop and bog up the line and say no. But so worth it when you do.

  9. THought provoking but no matter how hard we try there is the next thing to trick us. Truly protecting our data on a network is like chasing windmills

  10. Agreed, good points. Security is no longer a niche. We must all consider from any IT role (admin, dev, mgr) and apply within our daily work routine. Modern leading edge attack vectors are clever and constantly evolving. Pays to current keep open dialog with coworkers.

    * How does this change affect our security vulnerability?
    * Will this new feature require patching/maintenance?
    * How can we security test added 3rd party plugins?
    etc.

LEAVE A REPLY

Please enter your comment!
Please enter your name here