Is Anything Private? Securing Personal Information in the Digital Era

Technology is a part of our everyday lives. But how is our privacy affected when personal information is readily available on digital devices?

By Brenton McKinney, VP of Security, Medecision

Technology is a part of our everyday lives. A phone is no longer just a phone—it also contains maps, email, games, calendars, banking information, health data, social media, news and more. Essentially, our smartphones are sophisticated sensor platforms where temperature, acceleration, light, proximity, pressure, emotion, telemetry and other technologies allow all five human senses to be used in increasingly creative ways. Chances are, you’re reading this on your smartphone or tablet right now—or you’ve glanced at the device in the past five minutes. Even watches are multipurpose devices, now tracking your daily steps, heart rate, sleep patterns and activity levels.

Redefining Privacy and Personal Identity

Personal data is a hot commodity in today’s society, with companies constantly collecting and storing data and information.

“Personal data is often compared to oil—it powers today’s most profitable corporations, just like fossil fuels energized those of the past,” Louise Matsakis wrote in a 2019 article for Wired. “But the consumers it’s extracted from often know little about how much of their information is collected, who gets to look at it, and what it’s worth. Each day, hundreds of companies you may not even know exist gather facts about you, some more intimate than others. That information may then flow to academic researchers, hackers, law enforcement and foreign nations—as well as plenty of companies trying to sell you stuff.”

I think it’s important to define personal data—or re-define what personal identity means. There’s no one piece of paper that says, “This is your identity.” When a child is born, a doctor signs a piece of paper with the child’s name, date of birth and mother’s name—but even that piece of paper can be altered. Your identity is a collection of data points such as your date of birth, your Social Security Number and the other elements that establish your “personal identity.” Much of this same information comprises of personal health information. Personal data also include things like your location, social media posts and banking information.

Are the Days of Personal Privacy Over?

There are laws in place to protect us and our identity—but many of those were written prior to the technology we have in place today, such as smartphones and smartwatches. Unfortunately, there is no single law regulating a person’s digital privacy—and your digital footprint is everywhere. Every time you visit a website, enter your credit card information, post on Twitter or Facebook, store images in cloud storage or give out your email address, you are releasing personal information to the internet.

Plus, if you are using a smartphone like the Apple iPhone or Google Android device, even more of your data could be compromised. Although Apple says it takes privacy seriously, many third-party apps collect user data and routinely share that information—and that includes health information and behaviors. So, in essence, re-defining personal privacy has evolved to “personal behavior privacy.”

And, in a 2019 investigation published in The BMJ, researchers found that nearly four in five Android medical apps shared users’ data with outside entities.

“[Mobile health] apps claim to offer tailored and cost effective health promotion, but they pose unprecedented risk to consumers’ privacy given their ability to collect user data, including sensitive information,” the study’s authors wrote. “Health app developers routinely, and legally, share consumer data with third parties in exchange for services that enhance the user’s experience (e.g., connecting to social media) or to monetize the app (e.g., hosted advertisements). Little transparency exists around third-party data sharing, and health apps routinely fail to provide privacy assurances, despite collecting and transmitting multiple forms of personal and identifying information.”

Can I Protect My Data?

Unfortunately, there are not many ways that consumers can protect their own personal information, unless they’re completely “off the grid.” It’s even more difficult if you don’t know who has your personal data. However, there are a few strategies to protect your privacy, though nothing is 100% guaranteed.

> Encrypt your information. Use encryption software on your online browser to protect your information on the internet, especially when sending personal or financial information online.

> Don’t give out personal information. Hackers and criminals take advantage of people’s trust. Don’t give out personal information on the phone, through the mail or online unless you are the one who initiated the contact, or you know exactly whom you’re speaking to. If you receive an email from a company asking for personal information, don’t respond to the email or click on links. Instead, visit the company website, call the customer service number and ask if the request is legitimate.

> Secure your Social Security number. Be cautious about sharing your Social Security number, or your child’s Social Security number. Ask how a company will use it, clarify why or if it is needed and how it will be protected—and ask if you can use a different type of identification instead.

> Pay attention when granting app permissions. If you’re downloading and installing an app on your phone or tablet, pay attention to what you’re allowing that app to access. For example, Google Maps asks for permission to have access to your contacts, location, camera, microphone, physical activity and storage memory. To clarify, the issue isn’t that Google Maps asks and the user has a choice to deny. Rather, if a user chooses to “deny permission” then the application simply won’t work. But why, exactly, does Google Maps need access to other information on your phone? Accepting app permissions without paying attention to them can leave you extra vulnerable.