Remember how freaked out we all were nine months ago, after the Equifax data breach? Human nature is a tough enemy, when it comes to your personal data security and privacy. When a news event flares up, we pay attention and then as the issue recedes, we can get a bit complacent. That’s why June, aka National Internet Safety Month, and the recently enacted European Union General Data Protection Regulation (“GDPR”) make now a perfect time for a refresher on cyber security and privacy.
You likely received a slew of emails at the end of May – those had to do with GDPR, a new regulation that was meant to give EU citizens more control over the data that's collected by online services. But given that most big US companies do business in the EU and do not want to maintain separate policies globally, the new rules will likely impact US consumers as well.
GDPR requires companies to be more explicit about how your personal data is used and imposes penalties on companies that are not in compliance with it. One interesting aspect of the rule is that it provides European consumers with the “right to be forgotten,” which means that an EU resident can tell a company to stop sharing data with third parties and also provides a “right to erasure,” which means that the consumer can essentially say, “I am dead to you…quit using my data and erase me from your files.”
Just to be clear: this is what a European consumer can do, but according to Linda Sherry, director of national priorities at Consumer Action, “As global firms adapt to the EU’s data protection law, we’re hopeful that all consumers will benefit from stricter data security and gain a reasonable measure of control over their personal information so that many others prosper from the EU’s strong regulation.”
But it’s still on you to take privacy seriously and to guard your information. In the past, I have offered some of these tips, but I have added a few new ones from the National Cyber Security Alliance:
- Update and conduct regular backups on your systems.
- Don’t click on links willy-nilly. Even if you think you know the sender, be cautious about clicking on email links. When in doubt, delete it.
- Protect your Password: Change logins and passwords monthly, use password generators and sign up for two-factor authentication.
- Beware of over-sharing on social media and do not assume that messaging services are secure, as very few are.
- Refrain from providing businesses with your SSN just because they ask for it. (Medicare recipients should be careful, because SSNs are still on many cards. According to the FTC, new cards without your most precious identifier have started to be mailed as of April, but the process won’t be completed until April 2019.)
- Don’t provide personal information over the phone, through snail mail or via Internet unless you have initiated the contact or you know with whom you are dealing.
- Shop carefully: Don’t send financial information on unsecured wireless networks and when making purchases, use a credit card, which has more fraud protections under federal law than debit cards or online payment services.
- Review credit card statements: Before you pay, make sure that there are no fraudulent charges. While you’re at it, enroll in a credit card notification program, where the bank alerts you to charges over a preset amount.
- Review your (and your kid’s) credit report every 12 months at annualcreditreport.com. If you find an error, report it immediately and stay on top of the process.