Well, it happened. You discovered that your personal data was harvested in the latest high-profile data breach. The inevitability of something like this happening was almost palpable, but you’re a relatively safe Internet user. You change your passwords regularly, you use two-factor identification where possible. You monitor your accounts. By every measure you’ve done everything right, so how was your data stolen and how can any future theft of your data be prevented?
From late 2013 through the end of 2014, Yahoo!’s systems were infiltrated by hackers, who siphoned off the account data of each of its three billion users. In 2016, Adult Friend Finder had its systems hacked, exposing more than 412 million accounts. As late as March 29, 2018, Equifax had increased the estimated number of consumers affected by the now-infamous data breach of 2017 to more than 147.9 million. Now recent revelations that Facebook allowed one of its third-party partners to mine not only the account data of users who had voluntarily submitted a form, but also the account data of those users’ friends, has led to questions about the sanctity of personal data and how much consumers ought to know about how their data is shared. At last estimate, Facebook reported at least 87 million users had their data improperly shared.
Welcome to the data age
We’ve moved from the Internet age to the communications age, and now we find ourselves in the data age. Data is where the money is, and big data is where the big money is. More and more companies are collecting information on virtually every move a consumer makes and correlating it with any one of thousands of other data points in order to target and retarget that same consumer nearly instantaneously. The data housed about you forms a pretty darned complete picture of who you are and, for better or worse, becomes more complete everywhere you go—virtually and geographically—and with every purchase you make.
Meet the players
The three heavyweights in the Internet data game are undoubtedly Alphabet (parent to Google), Amazon, and Facebook, with market capitalizations at the time of writing of $714B, $694B, and $466B, respectively. These players truly get the value of your data.
As Internet citizens, we use Google to learn about stuff; Google uses Google to learn stuff about you. Everything you’ve ever used Google for has contributed to building your profile as a consumer, including every search term you’ve ever looked up with the Google search engine, every video of kittens you’ve ever watched on YouTube, and everywhere you’ve gone with your Android phone in your pocket. Your user agreement gives Google the right to mine your Gmail. Technically, as the parent to Nest, the company even knows the temperature in your home if you’ve installed one of their thermostats.
Amazon is now the world’s leading retailer with a market capitalization greater than Walmart, Home Depot, Costco, Lowe’s, Target, Kroger, and Best Buy combined and 310 million users, over 100 million of whom are U.S. based Prime members. If there is a company that knows the profile of its users, it’s Amazon, an organization now responsible for 44% of all Internet sales.
Facebook, while recently battered on the stock market due to the data-sharing incident with Cambridge Analytica, is still one of the most powerful companies in the world. The social networking site sees more than two billion active monthly users, even while deleting one to two million bogus accounts per month. The most extraordinary aspect of Facebook as a company is how it grew, while offering nothing more than a place where its members could share information willingly. And share willingly they did. Instagram, acquired by Facebook in 2012 for $1B, has an additional 700 million active accounts each month. WhatsApp, bought in 2014 for $19B, adds another 1.5 billion users. The company that didn’t offer a search engine and didn’t sell anything is now the most powerful advertising platform on the globe—with revenues that utterly dwarf those of the largest television networks, broadcast conglomerates, and cable/satellite television providers.
Who’s in control?
The plain truth is that trying to control your digital data would probably be more disruptive than having to deal with a data breach that exposed all your personal information. What’s out there is out there. It’s beyond your control, and is at this point only loosely guarded in the data cloud. Consumer protection legislation is slow to keep up in an emerging digital marketplace, hackers from inside and outside the U.S. continue to exploit security deficiencies to expose greater amounts of data, and companies that would presumably safeguard personal data have failed.
All is not lost
Accept that your movements, both physical and virtual, are being observed and logged unless you want to live like a hermit. Fretting over it isn’t going to make a difference. What will make a difference is implementing all those measures you’ve heard dozens of times already.
- Keep your passwords long and complicated, and make them unique for each website you use. Repeating password usage across sites is a bad idea in case one of those sites is hacked. Mark Zuckerberg learned that the hard way when his own Facebook account was hacked by someone who had found an old password he had used on a different website.
- Dedicate a debit card to online purchases and electronic payments, and keep the minimum balance in that account required to cover your monthly online expenses. The same applies for checking accounts that are being used for direct withdraws.
- Use two-factor identification with apps and websites that offer it. Being notified of someone attempting to log in to your account from a different device is the easiest way to protect your Google and Yahoo! accounts.
- Use fingerprint identification on your banking and investment mobile apps (PNC Bank, Capital One, Acorns, and Robinhood all have this feature).
- Be careful about using savings accounts as overdraft protection for debit accounts. If a hacker gets your debit details, your savings can be drained nearly instantly.
- Do not give credence to any email received. Always verify any questionable details with the sender directly through their website (do not click any links in suspicious emails) or by placing a telephone call to customer service. If people didn’t still fall for phishing emails, you wouldn’t still be getting them in your inbox.
- Do not share personal data over the phone unless you’ve placed the call. Telephone spoofing is a prominent tactic to draw data from an unsuspecting answerer.
- Read those online use agreements we all mindlessly accept without a second thought. Most of the details today’s consumers are so upset about with regards to privacy issues are actually addressed within those agreements.
- Implement watches on your credit reports, and lock credit inquiries until you know you want them.
- Enroll in a third-party product that monitors your activity to detect fraudulent use of your data.
Remember, your data is not your own. It is flying around the Internet as we speak. Until Congress enacts tougher consumer protection legislation and companies stop playing fast and loose with your information, diligence is your best protection, but it is no guarantee of immunity.