Data privacy has always been important. It’s why people put locks on filing cabinets and rent safety deposit boxes at banks. But the internet makes data privacy complicated, not least because it’s hard to keep track of everything we share online. Learn about the risks you may be exposed to if your data falls into the wrong hands, and get powerful identity theft protection to help keep your personal information safe.
A single company may possess the personal information of millions of customers — data that it needs to keep private so that customers’ identities stay safe and protected and the company’s reputation remains untarnished. But data privacy isn’t just a business concern about data breaches.
You, as an individual, have a lot at stake when it comes to data privacy. The more you know about it, the better able you’ll be to help protect yourself from a large number of risks.
What is data privacy?
Data privacy is the principle that individuals are in control of how their personal information is collected, managed, and shared by companies that have access to it. In the digital age, the concept of data privacy usually refers to the handling of critical personal information, also known as personally identifiable information (PII) and personal health information (PHI).
Data privacy relates to how a piece of information — or data — should be handled based on its relative importance. You likely wouldn’t mind sharing your name with a stranger when you introduce yourself, but there’s other information you wouldn’t share, at least not until you become more acquainted with that person.
For example, you likely wouldn’t share your Social Security number, medical records, bank account and credit card numbers, or even basic, but still sensitive, information, such as your full name, address, and birthdate. Open a new bank account, though, and you probably expect to have to share a tremendous amount of personal information, well beyond your first name.
For a business, data privacy goes beyond the PII of its employees and customers. It also includes the information that helps the company operate, whether it’s proprietary research and development data or financial information that shows how it’s spending and investing its money.
Data privacy vs data security
Data privacy is not the same as data security. Data privacy focuses on how personal information is collected, used, and shared. Data security refers to the protection of data from unauthorized access or breaches.
Why is data privacy important?
Data privacy matters because when data falls into the wrong hands, it can harm people, businesses, and organizations. A data breach at a government agency, for example, could put top-secret information in the hands of an enemy state while a breach at a corporation could put proprietary data in the hands of a competitor. At a school, a breach could put students’ PII in the hands of criminals who could commit identity theft. And at a hospital or doctor’s office, a breach could put PHI in the hands of those who might misuse it.
Beyond these practical implications, privacy is also often understood as a vital human right — one akin to free speech. Businesses owe it to their customers to look after their personal data properly. By establishing sound data protection practices and making them widely known, businesses will also reap the additional benefit of providing valuable peace of mind for their customers.
Data privacy laws
To protect the privacy of personal information, many countries have passed laws and regulations that govern how companies and organizations collect, store, use, and share it.
For example, in the United States, the Health Insurance Portability and Accountability Act (HIPAA) regulates the use and disclosure of protected health information (PHI) by healthcare providers. Similarly, the General Data Protection Regulation (GDPR) in the European Union provides a framework for handling and storing individuals’ personal data. GDPR went on to inspire the California Consumer Privacy Act (CCPA), which provides a comparable set of regulations for businesses collecting information from California residents.
The fair information practice principles
The fair information practice principles are a widely used set of principles guiding the collection, use, and dissemination of personal information. Established in 1980 by the Organization for Economic Cooperation and Development (OECD), they have since become an informal standard for how organizations handle personal data. They are widely echoed in many privacy frameworks, including GDPR and the CCPA. The eight principles are as follows:
- Collection limitation: Personal data collection should have limits.
- Data quality: Personal data must be accurate and relevant to its intended purpose.
- Purpose specification: The purpose of collecting personal data must be explicitly stated.
- Use limitation: Personal data should not be used for purposes other than the stated purpose.
- Security safeguards: Personal data must be kept secure.
- Openness: Individuals should be informed about the collection and use of their personal data.
- Individual participation: Individuals have the right to access their personal data, to have it corrected or erased, and to know who has access to it.
- Accountability: Those who collect personal data must be responsible for following these principles.
Common data privacy challenges
It’s natural to want to stop your data from falling into the wrong hands, but that isn’t always easy. One of the difficulties is the variety of ways your data can be accessed or tracked. Here are some of the most common challenges people face:
Confusing social media privacy settings
Social media platforms and other online services often have complex privacy settings that can be difficult for users to navigate. It isn’t always clear what’s private and what’s not, or the purpose for which you are sharing data. This can have dangerous consequences, including social media identity theft.
Phishing scams are a common way for hackers and scammers to trick users into sharing their personal information. Phishing emails and websites may look legitimate, but they're designed to steal sensitive information, such as login credentials or credit card numbers.
Lack of control over third-party data sharing
Even if users take steps to protect their data, they may have little control over how third-party companies handle their information. For example, if a user shares information with an online retailer, that retailer may share the information with other companies for marketing purposes.
Six tips to help protect your personal data
Data privacy matters. That’s why many government organizations and corporations spend millions of dollars each year to help protect their data — which could include your PII — from exposure.
The average consumer doesn’t have that kind of money to spend. But there are inexpensive steps you can take to help protect your data. Here's how to protect your data privacy:
- Use a mail slot or locking mailbox so that thieves can’t steal your mail.
- Shred documents before discarding them. That includes receipts, bank statements, and credit card statements — anything that includes personal information.
- Secure your home Wi-Fi network. That way, criminals can’t eavesdrop on your online activity.
- Don’t automatically provide your Social Security number just because someone asks for it. Determine if they really need it and, if so, ask how they’ll help protect it.
- Use strong, unique passwords and multi-factor authentication.
- Regularly reassess the privacy settings on your social media accounts. If you don’t, you may be sharing a lot more than just your name. A savvy criminal could use that information to steal your identity — and much more besides.
Help protect your identity with LifeLock
If you’re serious about protecting your personal data, get LifeLock by Norton. If your online credentials ever leak or your wallet is ever stolen, LifeLock provides powerful identity theft protection to help keep you safe. With layers of privacy and identity protection, LifeLock is the ironclad security you need for today’s complex digital world.