If you’re like me, you probably haven’t installed any new software in a while. It seems as if just about every new program is being written for access through the Internet. This brings up an interesting question:
“When I give you my personal data, how do I know it’s safe with you?”
That’s a good question, and I’ve put together a few tips to help ensure your privacy when handing over your information to an online service provider.
* Reveal as little as necessary. This is the first, easiest and most obvious step.
* Know the law. Depending on where the service provider stores your data, there are a number of information compliance rules which dictate what they can or can’t do with your personal information. (HIPAA, PIPEDA, Patriot Act, etc…)
* Know where your data is being stored. This is important, since it dictates the laws that the service provider must adhere to.
* Ask how the data will be used. Make sure that it won’t be combined with other data sources, or sold to third parties without your knowledge.
* Ask about their retention and deletion policies. In some cases, companies are obligated to destroy data at your request. In other cases, they are forced to keep the data on file for several years due to regulation. These are good things to know.
* Encrypt your information. This mostly applies to online backup or file storage. In some instances (such as online email) where the provider must manipulate your data using their own server-sided programs, encrypting remotely stored data is not practical.
* Ask about auditing. Many online service providers get frequently audited for security. These audits are usually performed by regulatory organizations or major clients who want to feel safe. It’s also good to ask about the security measures that they have in place, although you’ll find that many of these details will be kept confidential for safety reasons.
* Hold someone accountable. Ask if the company has a person whose job it is to monitor security and privacy of personally identifiable customer data. Most Software-as-a-Service companies will have a person with such an assigned role.
The last piece of advice I’d like to leave you with is to simply ask the company how they feel about privacy, or research privacy-related statements that executives have said in the past.
“If you have something that you don’t want anyone to know, then maybe you shouldn’t be doing that in the first place.” – Eric Schmidt, Google CEO
Of course, there is no absolutely perfect solution for ensuring perfect privacy protection online. But the suggestions listed above will go a long way to keeping your private life private.