Skip to main content

Will your privacy be compromised online?

  • Story Highlights
  • Cybercriminals have data on many people but can use it only against a finite number
  • Most businesses don't really need your Social Security number
  • Privacy policies reveal whether a company will share your information with others
By Debra Alban
CNN
Decrease font Decrease font
Enlarge font Enlarge font

(CNN) -- The 2010 Census is nearly under way, but don't expect an e-mail from the U.S. Census Bureau asking you personal questions in its head count of America.

Cyber criminals have information about millions of people, but they don't use it against everyone.

Cyber criminals have information about millions of people, but they don't use it against everyone.

If you do get one, it's a scam.

"Like most large organizations, we have seen e-mail scams and phishing attacks that cite the U.S. Census Bureau," agency spokesman Neil Tillman wrote in an e-mail.

The Census Bureau stresses that it will not request personal information from you via e-mail, such as PIN codes, passwords, Social Security numbers, credit-card numbers or other financial account information.

A news-based phishing scheme like this one is one of several risks you face online. Cybercriminals have gotten craftier, often looking toward popular trends and events -- such as tax season, the mortgage meltdown and the growth of social media -- to scam people into giving them sensitive information.

To protect their privacy online, computer users need to stay informed about the criminals' methods and to learn basic principles of caution.

Online attackers have information on millions of consumers, said Ravi Sandhu, a professor of cyber security at the University of Texas at San Antonio. However, he added, the rate at which they can use that information is considerably lower.

"It's a bit like a lottery. To have identity theft actually occur against you, you need to have a little bad luck. There is some comfort in numbers," Sandhu said.

In addition to criminal scams, corporate data breaches can leave your privacy compromised.

As of September 22, there have been 379 data breaches reported by the Identity Theft Resource Center in 2009, affecting more than 13 million records. Companies with data breaches included financial institutions, travel companies, health care operations and schools.

"It's not one or two companies that are acting irresponsibly with consumer data," said Andrea Matwyshyn, a law professor who teaches technology regulation at the Wharton School at the University of Pennsylvania. "It's a large-scale problem where industry norms of care are arguably not adequate to address the challenges of data security optimally."

Safeguard your Social Security number

Exercising caution before you submit sensitive information can save you a lot of aggravation down the line.

For instance, most businesses really won't need your Social Security number, the key number for identity theft, so think twice before you provide it online.

Social Security numbers are used "to establish new lines of credit or for tax purposes. How many things are you doing online that have to do with taxes?" said Linda Foley, co-founder of the Identity Theft Resource Center.

So before you share the information, be certain that you are on that Web site of a real company -- as opposed to an imposter conducting a phishing scheme. Also, ask yourself why a Web site would need your Social Security number, said Michael Kaiser, executive director of the National Cyber Security Alliance.

Defending yourself

  • Make sure your Web browser, operating system, virus protection and spyware protection are up to date.
  • Use a firewall.
  • Visit businesses' Web sites by typing the addresses into your browser, and check for typos.
  • Don't click on links or attachments in e-mails addressed to a large number of recipients.
  • Don't click on links from companies soliciting your business.
  • Consider why a person or business needs information about you before you provide it.
  • Include a site adviser on your Web browser to tell you whether a Web site is questionable.

Sources: Michael Kaiser, Ravi Sandhu, Linda Foley

"I always encourage consumers to supply the minimum amount of information possible. A lot of times, you get these long forms and you get the little star that's required, but people are collecting other [data about you]," Kaiser said. "Don't fill it out if you don't want to."

Still, even visiting a legitimate Web site has its share of risks, because online attackers may inject malicious content onto them by hacking them or placing advertisements that deliver malware, Sandhu said.

If a criminal does obtain your Social Security number and creates a fraudulent identity, it can be a much bigger hassle than if he or she uses your credit card number.

Credit card companies often pick up the tab for fraudulent charges, and they send you a new card with a different number. It's more difficult to get a new Social Security number, and a stolen identity could affect your credit rating.

Where is your information going?

If you conduct an online transaction that requires you to reveal personal data, the online privacy policy will explain whether your information could be shared with third parties.

A company may tell you in that policy it will share your data with its "trusted partners" and however it deems appropriate in the course of business, said Matwyshyn, editor of the upcoming book "Harboring Data: Information Security, Law, and the Corporation." "That's a signal that your data is going to be licensed many times over, and it's going to be touched by a greater number of hands."

That becomes a problem, Matwyshyn said, because "you're only as good as the weakest link in the chain." That is, the "trusted partners" who can access the data may not have optimal security.

Storing sensitive data such as a credit card number on a business' Web site, though convenient, may also pose a risk, Matwyshyn said.

"The longer they store that credit card number in their systems, the longer the period of time that someone else can gain unauthorized access to that credit card number," she said.

Privacy at the mercy of others

Even if you practice a high level of caution with how much you reveal about yourself online, other people may inadvertently expose information about you.

For instance, a friend or relative may post a photo of you on a blog or social networking Web site that reveals your name, shows a street sign indicating your address and displays your car's license plate number, Kaiser said.

Kaiser recommends periodically looking up your name on one or two search engines to see the personal information about you on the Internet but adds that search probably won't tell you whether someone stole sensitive information, such as your credit card, address or Social Security number.

For that, monitor your credit report for suspicious activity, suggests the Privacy Rights Clearinghouse. The Fair and Accurate Credit Transactions Act allows you to access a free credit report each year from each of the three credit bureaus: Equifax, Experian and TransUnion.

"Just like in health care, you should be the first one to notice when something goes wrong with you," Sandhu said.

"If you don't perceive a symptom and convey it to a physician, nobody's going to be able to help you," he said. "So here, also, consumers need to be vigilant and watch over their accounts and look out to see if anything strange is happening."

All About Computer SecurityIdentity Theft

  • E-mail
  • Save
  • Print
Today's Featured Product:
2011 BMW Z4 sDrive35is
 8.0 out of 10
Recent Product Reviews:
RIM BlackBerry Torch 9800 (AT&T)
 8.0 out of 10
Motorola Rambler - black (Boost Mobile)
 7.0 out of 10
Samsung UN46C6500
 6.9 out of 10