Your personal data is an invaluable asset that can easily fall into the wrong hands, particularly when it is in electronic form. It is important to realise that even when you just click on a Google search result, a Facebook status, or order an item on Amazon you are generating data about yourself. There are two basic risks. The first is that hackers may attempt to steal your information from a database held by a business or public authority. The second is that it may be on a device that is inadvertently lost. Fortunately, we have new legal rights and protections under the Data Protection (Jersey) Law 2018 that specifically address the risks to our privacy lurking in our current highly digitised world. The new law gives us more control over our personal information that government and business hold.
If you are unsure of what information a business has about you, you have a right to ask to see it. If you do not like how a business is treating you or your information, you can take all of your information from them and give it to another business. You also have a right to have your personal information deleted. This has helped some people to get their information removed from the internet. For those of you who do not like computers making decisions about you, the law gives you the right to object to automated-processing of your personal information. You can also object to the use of your personal data for direct marketing or historic or scientific purposes. In addition, to keep your health information out of the hands of businesses, the law nullifies any contracts that require you to supply your health care record.
If you need help exercising these legal rights, contact us at the Jersey Office of the Information Commissioner. Our role is to ensure that government and businesses follow the law. We have the power to investigate and resolve complaints from individuals regarding the processing of their information.
In today’s Cyber Security JEP supplement
These legal remedies and protections are one method of protecting your information. As individuals, we can also take simple yet effective steps to keeping our personal information safe. We recommend that everyone take the following advice to avoid identity theft, financial loss and emotional trauma. My team and I at the Office of the Information Commissioner recommend that you:
- Always ask why an organisation needs your personal information and how they will use it. Check privacy policies on websites. For example, if a shop assistant asks for your email address ask them why they want it – then you can decide whether to share the information.
- Check the privacy settings on all your social media accounts. It is alarming how much your account, posts and ‘shares’ reveal about you. Think twice before completing quizzes that include pet names and maiden names. This gives someone key pieces of information that mirror the typical security questions for your bank.
- Reset the default password on your router (if in doubt about how to do this ask your provider). Routers often come installed with a common password. You must change this to stop others using your broadband or being even more devious.
- Be cautious when using Public Wi-Fi. While they can be a great way of saving your data allowance, they are often unsecure and let others track your activity, including bank account details, payment details etc.
- Encrypt any USB keys or removable drives you use. Encryption will prevent someone else from accessing the information on the device.
- Ensure that you mobile phone and tablet require a password, PIN or biometric to access it. We would all be lost without our phones but don’t let criminals get access to them.
- Have strong passwords on your accounts. Use upper case and lower case letters, as well as numbers and symbols. Nothing that anyone else could easily guess.
- Install all updates as soon as they become available, as they plug security holes that hackers could otherwise use to access your information.
- Carefully think about where and how you share and store images of children. You can help protect young people by keeping images away from the internet and not storing them in unsecure places.
It is also important to destroy securely any paper documents that contain your personal information. Even something as apparently innocuous as an airline-boarding pass contains a personal identifier that is linked to other personal information on an information system, including passengers’ names, the contact data of a person who booked the flight, date of birth, passport data and payment information (like a credit card number).
In conclusion, if you want to keep your personal information safe, you need to be your own information commissioner. That is to say that you should be aware of how government and businesses are processing your personal data. You should question them when you think they are collecting more data than you think they need, or when they using or disclosing your data for purposes to which you did not consent. The new law gives you rights to hold them to account. Make sure you understand those rights and exercise them when necessary.
By Dr. Jay Fedorak