Privacy Education Resources

As our society shifts to become more data-driven, personal information is leveraged at higher rates. Therefore, it is vital to understand your rights around privacy and know how to protect your data. Learn more from these educational resources that span key privacy and data protection topics.

What is Privacy?

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
—Edward Snowden

Indeed, privacy is much more than the idea of “having something to hide”.It is an essential human need that enables us to develop as creative individuals. At Inflection, we think of privacy as “the right to control your personal information, choose who can access it, and determine how it can be used, as appropriate in a particular context.”

What Laws Exist to Protect Privacy?

The legal landscape of privacy in the United States includes a complicated array of laws, governing both the public and private sectors. The end-goal of privacy legislation is to regulate the collection and use of personal data so individuals have more control over their own information.

Public Sector

There is ongoing debate about whether the government should be granted more or less access to citizens’ private information. On one hand, law enforcement and national security must work to protect the basic foundations of society, however there are also concerns regarding too much access and use of personal information. Holding this balance in high regard is critical to protect our civil liberties.

The Fourth Amendment
The Fourth Amendment to the U.S. Constitution most directly speaks to the topic of privacy. The Fourth Amendment prohibits unreasonable searches and seizures, and generally requires proof of probable cause for a crime before a judge will issue a search warrant or wiretap order.

The Electronic Communications Privacy Act
The Electronic Communications Privacy Act (ECPA) was enacted in 1986 to ensure that electronic communications receive the same sorts of privacy protections that traditional communication methods receive by preventing unauthorized government access to citizens’ private messages.

Unfortunately, the pace of technological innovation has vastly exceeded the rate at which Congress has been able to mandate updated privacy protection. This act was created before the rise of cloud email providers like Gmail, and thus protections are not as strong as they could be. For example, under ECPA, emails that have remained on a third-party server for more than 180 days are considered abandoned, and can be accessed by the government without a warrant.

Private Sector

The Federal Trade Commission
The Federal Trade Commission (FTC) is responsible for enforcing legislation and rules around fair and honest business practices, and is the primary enforcing body of privacy for consumers. Section 5 of the FTC Act is considered the most important piece of U.S. privacy law, even though it does not specifically mention privacy. The Act sets forth that “unfair or deceptive acts or practices in or affecting commerce” are illegal, and intends to prevent anticompetitive behavior in the marketplace. The FTC is also tasked with enforcing a variety of consumer-protection laws, including many of the laws affecting privacy listed below.

CAN-SPAM Act
The CAN-SPAM (Controlling the Assault of Non-Solicited Pornograophy And Marketing) Act of 2003, establishes national standards for sending commercial emails. The Act establishes strict requirements for businesses that want to send emails to individual consumers in order to address spam email overload. CAN-SPAM requirements for businesses include accurately reflecting the content of the message in the subject line, and offering consumers the option to unsubscribe from receiving future emails.

Children’s Online Privacy Protection Act
The Children’s Online Privacy Protection Act (COPPA) is meant to protect the safety of children’s personal information on commercial websites. The law requires that if a website offers a service or product to children under 13 years old, it must provide notice to the parents and obtain consent before collecting personal information from the child. It also gives parents the right to review and correct any personal information that the site may hold about their child. Furthermore, it enables parents to exercise control over whether their child’s information is shared with third parties.

Fair Credit Reporting Act
The Fair Credit Reporting Act (FCRA) regulates the collection and use of consumer report information. It was created to protect consumers and their personal financial information, and serves as the foundation of consumer credit rights in the United States. This law is designed to ensure the accuracy, fairness, and privacy of information in consumer reports and helps prevent discrimination by adherence to proper guidelines and procedures.

Individuals’ rights are protected because they must grant written consent before a company covered by the FCRA can produce a consumer report on their behalf. Additionally, individuals have the right to know what is in their consumer report, to correct and/or dispute inaccurate information, and to receive a free, annual credit report from the three major credit reporting agencies (i.e., Equifax, Experian, and Transunion).

Family Educational Rights and Privacy Act
The Family Educational Rights and Privacy Act (FERPA) provides students with control over disclosure and access to their education records. FERPA prevents schools from releasing information about a student’s education record without written permission from the student or a parent, except for specific scenarios. This law covers any school that receives funds from the US Department of Education, and mandates privacy protections for student education records held by those schools.

Gramm-Leach-Bliley Act
The Gramm-Leach-Bliley Act (GLBA) was passed in 1999 to update regulation of the financial services industry, including new consumer privacy protections. Under the GLBA, any financial institution must provide a copy of its privacy policy to consumers with which it does regular business. Among other requirements, it must also notify the consumer of her right to opt-out of allowing the institution to share her information with third parties.

Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) sets forth regulations to protect the privacy and security of healthcare information. Under HIPAA, consumers are able to obtain a free copy of their medical records. Additionally, consumers can have any inaccurate information updated in their records, as well as request that certain information not be shared with other health providers. Furthermore, there are additional security provisions that require covered entities to ensure the confidentiality, integrity, and availability of personal health information, and protect against any reasonably anticipated threats to the information.

International Privacy Law

Privacy regulations on the global stage are all the more complex with distinct cultural perspectives on the sensitivity of personal information, as well as various trans-border data flow initiatives. Different data protection models around the world draw upon law, markets, technology, and self-regulation as sources to address privacy protection.

Privacy on the Internet

As we use the Internet, we may intentionally and unintentionally leave behind pieces of personal information that impact our digital reputations. As our digital lives and lives in the physical world start to blur together, these reputations have more of an impact on our offline lives. The seemingly broad notion of Internet privacy refers to our ability to control how aspects of our digital identity are recorded, stored, and displayed online, which in turn enables us to protect ourselves offline.

Browsing Privacy

Who can see my search and browsing histories?
Depending on the search engine you use, your search terms may be recorded. When you click on a search result, the website you visit may be able to see what search term brought you to their page. Usually access to your browsing history is limited to your local computer and Internet Service Provider. However, online marketers can track you as you browse the web and get a record of all the websites you visit by placing cookies on your computer or device.

What is the point of tracking?
Tracking is done for a number of reasons, but primarily for analytics and advertising. Collecting information about users for advertising purposes serves as the core of many business models of companies in the consumer Internet services industry. Behavioral advertising refers to a kind of marketing that is based on data collected about a particular user. For example, you may be logged in to a social network, and on a separate site you search for your favorite brand of shoes. Later you may discover an advertisement for the very product earlier searched for, as well as similar products, embedded in the social networking site.

Marketers use targeted advertisements because they are more likely to result in a purchase by a viewer than a comparable non-targeted advertisement. Consequently, many Internet users understand tracking as a necessary evil in order to use services for free, while simultaneously viewing more personalized advertisements. Since targeted advertising is crucial to the viability of so many websites, tracking will inevitably continue to get more sophisticated and pervasive.

How is this tracking done?
Web cookies are primarily responsible for web tracking. Cookies are small text files that web servers send to a user’s browser. They are employed by websites to store information about the sites we visit. While these are often used to enable some basic web functionalities, they can be also used for analytical and advertising purposes. Marketers can learn revealing facts about our browsing habits by using cookies to track which websites we visit.

Is there anything I can do to reclaim my privacy on the Internet?
In response to associated privacy concerns, there are ongoing debates about what constitutes appropriate notice and choice for companies to place cookies on users’ hard drives. In order for consumers to feel as though they haven’t completely lost control over their anonymity, it is - and will continue to be - key for companies to be transparent about how they track users.

A wealth of information is collected about us and our interests as we browse through the use of cookies. When aggregated, this information can tell a detailed story about our daily lives. Although there are benefits to cookies, there is no doubt that they present a risk to our anonymity on the web. In recognition of these privacy concerns, the majority of browsers provide the option to manage cookie settings and preferences.

Additionally, there are multiple add-ons you should consider installing for a more privacy-friendly browsing experience.

  • Disconnect protects your privacy by blocking third-party tracking of your search and browsing activity.
  • Adblock Plus enables you to block companies from serving you ads and tracking your activity on the web. This add-on lets you customize which features you want to block.
  • Ghostery gives you the control to stop your browser from sharing information with advertisers and analytics companies, and block these companies from collecting your data.

If you desire more privacy while searching, use DuckDuckGo as your search engine. It doesn’t track users or store search terms.

If you choose to use Google, consider taking advantage of their feature that offers all consumers the option to download and/or manually delete their own search history. For more information on this feature, see Google’s support page on searches & browsing activity.

Social Networking Privacy

Bearing in mind the essential definition of privacy, it is not the concept of having something to hide, but rather the ability to control how your information is used. This is exemplified through the vast amounts of personal information we actively share out about ourselves online through the content we post on our social profiles. This data is often seen by a wider audience than we might expect, so it’s important to know what is viewable, and by whom.

It is important to ensure any pictures or posts are appropriate for the corresponding audience. Some aspects of our lives are appropriate to share in certain circumstances, but not in others. Thus, it is good practice to consider possible implications, present or future, which could arise from any given post on social media.

Social networks typically empower their users to decide who can see the information they post through the use of privacy settings. It is crucial to understand the sharing settings of your information, and which aspects of your profile appear as public versus private. Consider limiting access to your profiles to only people you trust. Additionally by controlling which social profiles are public, we have the ability to exercise control over which pages are indexed by search engines and show up when someone searches for us by name.

Social network operators also often tell their users how their personal data is used, usually through a privacy policy. Users can understand the extent to which their information may be used regardless of privacy settings, including having their information shared with third parties.

Maintaining Control Over Your Privacy in Search Results

As the concept of trust continues to become paramount in our interconnected society, personal information gathered from the Internet is increasingly leveraged to make decisions about people. It is now a common practice to look someone up online before meeting him or her in person. Thus, it is essential to understand what information appears about you if someone searches for you by name.

It is not inherently negative to have information come up about you when your name is typed into a Google search. However, there are some techniques that you can use to exercise some control over the types of information shown when someone searches your name. For example, having your LinkedIn profile with personally curated content appear could prove to be very beneficial, while on the other hand you wouldn’t want any incriminating Facebook photos from college to be the post to show up.

Maintaining strict privacy settings or using a nickname on social networks, having a throwaway email account for commenting on blog posts, and locking down any online profiles to prevent them from being publicly viewable, are all steps that will keep negative posts off the front page of Google.

Additionally, publicly available information about you that is sourced from public records may also appear on the Internet. Public records are any county, state, or federal documents that can be accessed by anyone. These can include phone numbers, addresses, court proceedings, birth records, and marriage records. Understand what information is available about you, so you can stay on top of it and correct any inaccuracies, if they may arise.

At Inflection, we believe that organizations in the people search industry should embrace the concept of transparency, and be forthcoming about their public record sources in order to give consumers more control over their personal information. This includes offering cost-free mechanisms of opting their information out of search results.

Tips & Tricks to Better Protect Your Personal Information Online

Understanding these essential security best practices can help keep your data safe online and protect your information from misuse. This in turn enables you to maintain control over your personal information.

Public WiFi

While using public WiFi, avoid sensitive transactions that require you to enter your personal information, such as passwords or bank account information. Wireless connections in public areas like airports or coffee shops are often insecure networks, which leaves your information at risk of being monitored and potentially stolen.

Passwords

Use strong and varied passwords for all your online accounts. Avoiding reuse of passwords prevents someone from gaining access to all of your accounts, if they happen to have the credentials to one of them. In order to help keep your strong passwords separate, use a password manager that will do it for you, such as LastPass.

Two-Factor Authentication.

Enable two-factor authentication wherever possible. This provides an additional level of security that prevents someone from accessing your accounts even if they have your password.

Phishing

Be cautious when clicking on links received in emails and other messages in order to avoid falling victim to phishing scams. Phishing is online fraud designed to trick people into thinking they’re communicating with a trusted source in order to acquire sensitive information. Scammers will often mimic emails from institutions such as banks, PayPal, eBay, and other popular websites, asking you to click a link and provide your account credentials or financial details. The emails often convey some sense of urgency in order to get people to hastily enter their information without verifying the source.

Social Networking Privacy

Monitor your social networking presence carefully and consider limiting access to the information available in your profiles. Facebook enables users to see what others can see about them on their profile by using the “View as” feature in account settings. Take advantage of this feature by seeing what your profile looks like to the public as well as to specific people.

Browse Incognito

The top four most popular browsers - Google Chrome, Internet Explorer, Mozilla Firefox, and Safari all offer a private browsing mode, which can be found in the settings. With private browsing activated, your browser will not store cookies or Internet history on your computer. Bear in mind that private browsing does not make you completely invisible, however. Your Internet Service Provider, employer, and sites that you visit will still be able to track your activity.

Software Updates

Keep your computer software updated by installing upgrades as soon as they are available. Oftentimes, updates address vulnerabilities in the software, which helps protect your computer, as well as your personal information.

Mobile Privacy

Treat your smartphone like the mini-computer that it is and follow best practices to protect your privacy on your phone as well. Lock your phone with a PIN to avoid losing any personal data if your phone is misplaced.

Mobile Applications

When downloading new smartphone apps, check the access and privacy settings of the apps. A lot of applications request access to personal information that is not essential for them to function, so be sure you agree with the Terms of Use before downloading new apps.

For a list of privacy-enhancing tools, see Electronic Privacy Information Center’s Guide to Practical Privacy Tools.

Additional Privacy Resources

Center for Democracy & Technology

A non-profit public policy organization committed to openness, freedom of expression, privacy protection, and limited government surveillance on the internet. Provides information, news, and research on important issues and laws, including consumer privacy, digital copyright, and open government. Inflection is a supporting member of the CDT Digital Due Process Coalition.

Website: Center for Democracy & Technology
Twitter: @CenDemTech

Electronic Frontier Foundation

The Electronic Frontier Foundation (EFF) is a nonprofit 501(c)(3) membership organization that fights to protect civil liberties in the digital age. Since our founding in 1990 – when most people had no idea how pervasively digital communications would impact their everyday lives and their basic rights – EFF has achieved significant victories for the public interest in the areas of privacy, free speech, copyright, transparency, and innovation. EFF is a member-supported organization based in San Francisco, California.

Website: Electronic Frontier Foundation
Twitter: @EFF

EPIC.org – Electronic Privacy Information Center

A public interest research center in Washington D.C. that focuses on issues related to civil liberties, privacy protection, the First Amendment, and constitutional values. Publishes reports and books on privacy, open government, free speech, etc.

Website: EPIC.org – Electronic Privacy Information Center
Twitter: @EPICprivacy

International Association of Privacy Professionals

The International Association of Privacy Professionals is the largest and most comprehensive global information privacy community and resource, helping practitioners develop and advance their careers and organizations manage and protect their data. More than just a professional association, the IAPP provides a home for privacy professionals around the world to gather, share experiences and enrich their knowledge. Inflection is proud to be a corporate member of the IAPP.

Website: International Association of Privacy Professionals
Twitter: @PrivacyPros

TRUSTe

TRUSTe powers trust by ensuring businesses adhere to best practices regarding the collection and use of personal information on their websites and apps. If you see the TRUSTe Certified Privacy Seal on a website or app, the company operating that property has met the comprehensive privacy certification requirements established by TRUSTe.

Website: TRUSTe

Twitter: @TRUSTe

Privacy Influencers

The following individuals (in no particular order) have a diverse array of opinions about privacy, and regularly discuss privacy issues via Twitter.