Reboot your privacy and protect your personal information online

Protecting your personal information online is increasingly important as even more of our day-to-day activity takes place in the digital environment: from work, study and socialising to shopping online or using connected devices like home assistants.

Read on for advice on how to reboot your privacy and keep your personal information safe.

1. Protect your accounts

Multi-factor authentication, strong and unique passphrases and automatic device updates are some of the best tactics you can use to keep your accounts secure and protect your personal information online.

Reduce the risk of someone gaining unauthorised access to your accounts and stealing your digital identity by:

  • enabling two-factor authentication/multi-factor authentication for accounts and devices whenever possible, for an extra layer of security and to prevent your logins being compromised.
  • setting strong and unique passphrases for your important online accounts. Like a password, a passphrase can be used to verify access to a computer system, program or service, and is most effective when it is:
    • unique — not a famous phrase or lyric, and not re-used
    • longer — phrases are generally longer than words
    • complex — naturally occurring in a sentence with uppercase, symbols and punctuation
    • easy to remember — saves you being locked out.
  • storing your login credentials in a reputable password manager which can also generate new passphrases for you to use across different platforms
  • turning on automatic software updates for your devices to keep your security up to date. The Australian Cyber Security Centre has step by step guides for turning on automatic updates for Windows 10 as well as iOS devices.
  • checking whether your passwords/passphrases have been compromised on Have I Been Pwned, a searchable database of email addresses that have been caught up in data breaches. If your password is listed you should up update it immediately.

Get more tips on how to protect your information at cyber.gov.au and the Stay Smart Online program.

2. Detox your digital profile

Social media is a great way to stay in touch, but are you aware of how much personal information you share? Posts and status updates, polls and quizzes, photos and videos can all reveal a lot about you. The information you share may be given to other organisations without your explicit consent. It can also be used to steal your identity or cause you harm in other ways.

Adjust your privacy settings to help protect your personal information — use the ‘privacy check-up tools’ on Facebook and Google or edit your privacy settings on other networks. Depending on the site, you may be able to:

  • set your page or online profile to ‘private’
  • limit who can see your contact details or find your profile via your phone or email
  • limit the audience for your posts or stories, including old posts
  • control who can send you friend requests or connect with you
  • review and reduce the number of apps that can access your social media profile

You should also be aware of what you share: think before you tag yourself at a location, and consider their privacy before you tag a friend. For more tips check the Data Detox Kit.

3. Be smart about connected devices

Smart connected devices are everywhere in our lives: from home assistants to connected toys, fitness trackers and sensors in our cars. While they can be helpful, they can also collect and share your personal information.

Before you buy, take some time to research a product’s security and privacy credentials. Look for trusted reviews or guides like Mozilla’s *privacy not included to help you decide which device is right for you.

Reading the privacy policy will help you understand how a device operates and whether you are comfortable with its data practices. Does it share your information with any third parties? How long is your personal information retained? If you’re unsure, ask questions of the manufacturer or the retailer.

Adjust the privacy settings to reduce the amount of personal information that is collected. You may also be able to limit or stop the sharing of your personal information with any third parties.

While you may be comfortable with a car accessing your address book to help you safely take calls when driving, a smart fridge probably does not need to sync with your calendar in order to work.

If the device has voice recognition, check whether it’s listening all the time and how you can control the settings or delete the information.

Does your device always need to be switched on or connected to the internet? Limiting internet access or switching the device off when it is not in use will help protect your privacy. Remember to use a strong password and turn on automatic updates to keep the device secure.

4. Tracking your location

Your devices and apps may track your location by default unless you adjust your settings. This may be a necessary part of the service if it is a navigation or ridesharing app, but you should think about whether the app you are installing needs location data or permissions to be turned on to work.

Your location data can be combined with other information about you to create a rich picture about who you are, where you go and what you like. For example, your location data might reveal how you travel to work, where you live, or how long you spend exercising each day.

An app’s privacy notice should explain why it collects location data and how it is used, including whether it is shared with any third parties. If it’s not clear who you’re dealing with and what information they are collecting about you, then reconsider whether you really need the app at all.

You can also adjust the settings on your phone and other devices to limit or stop location tracking altogether. This might stop some apps working properly. You can also control each app’s ability to access your location information.

Your location can also be tracked when you browse the internet, so to limit this you can:

  • use a browser with an alternative privacy approach like Firefox or DuckDuckGo
  • use ‘add-ons’ or extensions that make it more difficult to track you online
  • regularly clear your cookies and cache
  • switch to a virtual private network (VPN)

5. Where’s your data going?

When you visit a website or use an app, your device may be tracked using cookies and online identifiers. Cookies are small data files that are sent from a website to your device to record information such as settings or your browsing activity. An online identifier may be used to distinguish one person from another according to patterns of information generated by a device. They include internet protocol (IP) address, advertising ID, MAC address, pixel tag, account credentials and device fingerprints.

Cookies and online identifiers help websites and services to work more efficiently by remembering your preferences and settings. However, they can also be used to record your behaviour online and share information about you with third parties. For example, online tracking may enable ads to be shown to your device based on your browsing habits.

Your activity may also be tracked and recorded by social media sites and digital platforms like Facebook and Google. Depending on your privacy settings, and whether you log out of your profile, they can continue to track your activity when you leave the service or platform and visit other websites.

You can adjust your habits and change your settings to limit activity tracking and help control your privacy by:

  • not browsing other websites or shopping online while logged into social media or a digital platform
  • deleting cookies in your browser settings or not accepting cookies when you navigate to a website
  • choosing your advertising preferences to limit ad tracking and resetting your advertising ID (see Apple and Google for more information)

6. The side effects of screen scraping

Screen scraping is a process where information from your screen is collected (or ‘scraped’) and made available to another application or website. It is sometimes referred to as Digital Data Capture and can be useful for consumers, such as when data from an old application is made available to a new application. It is sometimes used in the financial sector when a consumer directs a third-party service provider to access and recover their data from a web application.

However, when you agree to let a third party access your information via screen scraping you are also required to provide your log in details, such as your username and password. This may not only breach security requirements or terms and conditions, it is also a significant privacy risk.

The new Consumer Data Right will provide a safe alternative to screen scraping. It allows you to access certain data about you held by businesses, and direct that your data is securely transferred to an accredited third party of your choice. The Consumer Data Right will be introduced in the banking sector in 2020 and will then be rolled out to other parts of the economy, including energy and telecommunications.

Personal information can also be ‘scraped’ from websites and digital platforms without permission, in a process known as web scraping. To help protect your personal data, check your privacy settings on social media and other online platforms, and consider limiting the amount of personal information like photos that you share online.

7. Shopping up a storm?

Almost three quarters of Australian households are now shopping online, so it’s more important than ever to take practical steps to keep personal information safe. Breaches of your personal data including financial information can have serious consequences, like identity theft.

If you are signing up for a loyalty program or creating an online shopping account, remember that your personal information is valuable and should be protected. Consider checking out your shopping as a guest or leaving data fields blank to limit the amount of personal information the site collects and stores.

Know who you’re buying from. Where possible, shop from reputable brands and cross-check information. This could include searching for reviews from other customers or reading information on warranty, refunds and complaints handling before making a purchase. If anything looks suspicious, don’t risk it.

Only shop from secure websites—look for a URL starting with ‘https’ and a closed padlock symbol. When you are ready to buy, make sure you pay using a secure method like PayPal, BPay or your credit card. These offer dispute resolution processes if things don’t go to plan.

If paying by PayPal, select the ‘payment for goods/services’ option. If a seller instructs you to make the payment ‘to friends and family’ rather than ‘payment for goods’ this violates PayPal’s policies and voids the buyer protections.

Fake ads are an increasing source of online scams, so watch out for offers that seem too good to be true. Fake retailer websites or online stores that offer luxury and other goods at a steep discount can appear legitimate. Payment methods like money order, pre-loaded money cards or wire transfer are another warning sign. Search for reviews from real users and don’t trust a site just because it’s been advertised on social media.

The ACSC’s Stay Smart Online program offers more advice on how to shop safely online. For information on the latest scams and how to report them, visit the ACCC’s Scamwatch.

8. Phishing for information

Malicious and criminal attacks are the leading cause of data breaches involving personal information, which can result in serious harm. Common cyber incidents include phishing and brute-force attacks, which use technology to generate millions of character combinations per second to try and crack passwords. These incidents can compromise your login details and potentially give people unauthorised access to your email and other online accounts.

Scammers can also use a range of sneaky tactics to extract your personal information and use it to steal your identity or commit fraud. For example, remote access scams try to convince you that you need to give an IT expert access to your computer, or buy and install new software to fix a problem.

Be alert for unexpected messages and requests for your personal details. Phishing messages can often feature branding and logos, or use similar language to well-known organisations, to appear ‘real’ and try to trick you into clicking on a link or attachment. Look out for requests to check or confirm login details, suspicious looking attachments, requests for money (especially with a sense of urgency), or where contact or bank details may have changed from previous, legitimate correspondence you received from the business.

If you’re still in doubt, contact the organisation that the message claims to be from, using the contact details on their website or other official sources, not the contact details in the message you received.

Find out more about how to avoid phishing attacks from Scamwatch, cyber.gov.au and the Stay Smart Online program.

9. Protect kids’ privacy online

Just like adults, many children are also spending more time online and are using a wide range of devices. Smart toys and fitness trackers, apps and social media accounts, phones and other devices can all capture your child’s personal information, track their activity and create a lasting digital footprint. By keeping up with the latest apps, platforms and other technology you will be better placed to guide your child through the online environment and help protect their privacy.

At any stage, it’s a good idea to talk about online safety and privacy issues and keep the lines of communication open. Encourage your child to safeguard their personal information, like their real name, address telephone number, school, and date of birth, and report any unexpected contact or notices.

Depending on your child’s age, other strategies may include supervising screen time, limiting access to devices or setting parental controls. Adjusting privacy settings together can help your family control the information collected through webcams, microphones and cookies, as well as websites, apps, games and software. This is particularly important for social media and other digital profiles, to limit who can see your child’s personal information.

Other steps to protect your child’s privacy include:

  • setting strong and unique passwords and not sharing them at school or online
  • securing mobile devices with a pin lock, or passcode
  • disabling geo-location services when they are not needed
  • only downloading apps from reputable sources
  • controlling cookies and the use of add-ons and ad-blockers

Visit the eSafety website for more advice about online technology and safety for parents, carers and children.

10. Clean up your email trail

In both our personal and professional lives, we frequently use email to send important information to others. This can include personal information about ourselves, such as financial and identity information. It can also include information about our family members or friends. Emails can remain in our accounts for extended periods of time if we don’t actively delete them.

Our Notifiable Data Breaches report for July-December 2019 found that many cyber data breaches involved malicious actors gaining access to personal information stored in email accounts. The report also found that people often email personal information to the wrong recipient by mistake.

To help you limit the risks with using emails:

  • Use strong and unique passphrases for your email accounts to reduce the risk of your login details being compromised or stolen
  • Regularly review and move your emails to a secure document management system or device
  • Delete any emails from your inbox and sent box once they have been moved or are no longer needed
  • If you are sending important information to another recipient, consider protecting your information using passwords or encryption.

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at websitefeedback@oaic.gov.au