Email this Article Email   

CHIPS Articles: The risks of not reading online privacy policies

The risks of not reading online privacy policies
By CHIPS Magazine - July 20, 2018
You know from the cybersecurity warnings you have read that you are responsible for safeguarding your online privacy. An important part of protecting your security is to understand the privacy policies of the apps you download and the websites you visit. Your vigilance should extend to your family’s access to online sites as well.

You may well ask, “Does anyone really read those policies with all the fine print and complicated legal jargon? Who has time — and anyway who can understand them?”

But it is important that you do, according to the Federal Trade Commission, because your personal information is a valuable commodity in the 21st century.

Online retailers, social media sites — as well as hackers — make money by collecting, analyzing and selling your personal data. Knowing how to protect your online identity is crucial to your identity security, the FTC says.

Consider that a company or organization may retain your personal information, long after you have ceased doing business with it. How is your data being protected?

An essential component of your identity is your Social Security number; it is your key to obtaining government benefits and paying taxes. You should know if a company or organization has a valid reason to request your SSN.

Knowing how companies and organizations use your personal data is an essential component to online security.

Interestingly, due to the passage of the General Data Protection Regulation (GDPR), privacy policies should be getting easier to understand.

The GDPR is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the European Union, according to the EU website.

Further, the extended jurisdiction of the GDPR means that all companies processing the data of EU citizens and businesses must be in compliance. Fines for violations can be severe. As a result, many large U.S. companies are transforming the way they collect, store and use individual data to ensure GDPR compliance requirements.

But the bottom line is no matter how clearly (or not) a privacy policy is written; the security basics you should be looking for remain the same. You should read the privacy policy for any apps and websites your children interact with as well. Don’t assume that just because it is a children’s app or website that it is kid-friendly.

Users should be clear on the following points:

-- What information is collected: name, date of birth, email address, location, credit card number, internet habits, or pictures? Why and how is the data relevant to the app or website service? Is the information aggregated, as part of a data group, or is it stored with individuals’ details? Is data collected once or on an ongoing basis?

-- Are there specific protections for handling children’s data? Are there age limits? Is parental consent required? Can avatars be used rather than personal photos? Is it possible for children to unknowingly share personal information while using the app or website?

-- Does the app or website track usage and user habits automatically? Does it use cookies?

-- How will the information be used? Does the information stay within the app or website; or is it sent to other companies? Is it shared with marketing firms or government and law enforcement agencies? Can I opt out of any of the provisions? Will my information be used to try to sell me something?

-- How and for how long will the information be stored? Is my information expunged at some point? Do I have a right to request that my data be deleted at any time?

-- How is information protected? Are there cybersecurity measures in place to make sure data isn't vulnerable to hacking or insider threats?

-- Is there a way to contact the company if I have questions or concerns about privacy issues? Is there a way to request that the company correct or update personal information? Is there a cost involved?

From online shopping, to social media, apps and the myriad websites we visit, we leave a digital footprint for others to track. Don’t sacrifice your privacy for convenience. Make sure you securely manage yours and your family’s online presence. Don’t give that power to others without knowing the possible consequences, the FTC says.

Carefully reading privacy policies is another significant way to take control of yours and your family’s cybersecurity.

The Federal Trade Commission website hosts a module with explanations and tips for online security, for more information, go to: https://www.consumer.ftc.gov/topics/privacy-identity-online-security.

July is Military Consumer Month, for more information, visit www.militaryconsumer.gov.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer