Protecting Your Personal Information

Advice about protecting privacy of personal information when using the Internet, to help avoid problems ranging from receiving unsolicited mail and phone calls, through to being a victim of identity theft and financial fraud.

Placing personal information on the Internet increases the likelihood that you may have your privacy invaded. Problems may range from receiving unsolicited mail and phone calls, through to being a victim of identity theft and financial fraud. From time-to-time there are unfortunate cases where organisations holding personal information loose or have data stolen. However, there is also potential for individuals using the Internet to simply give away too much personal information, which may directly or indirectly fall into the wrong hands. Taking precautions will substantially reduce this latter type of risk when enjoying services provided on the Internet.


Secure Web Connections

Bear in mind that in most cases you cannot be sure who may have access to the information you transmit or store on the Internet. The information you place on a Web page, send in an email, enter when chatting online or provide in order to obtain a service all has the potential to be misused. Unless you are using a secure and trusted interface to provide sensitive information it is safest to assume that you could be publishing that information.

If you are accessing a website to undertake a financial transaction or view a bank account, ensure that a secure HTTP connection is being used. Always check that the Web site address begins with "https://" rather than "http://". Some browsers also display a padlock icon to indicate that a secure HTTP connection is in use. When using a secure HTTP connection your network traffic will be encrypted and your browser should automatically check with a certificate authority that it has received a genuine digital certificate identifying the remote site. When security is important you should never accept an offer by the browser to continue if a certificate test fails, and under no circumstances should you agree to installation of a certificate.

Online Purchases

Before making online purchases using a credit card, take time to understand the liability policy relating to the card being used; i.e., who will be liable, and to what extent, if there are fraudulent charges against your card or if the goods are not delivered etc.

Shopping web sites that accept card-not-present (CNP) payments accept the risk that the credit card details being used may not be in the hands of the authorised user; naturally they may take measures to help reduce their risk, however, the stolen card detail may be yours. Bank and credit card statements should be promptly checked for suspicious transactions.

Providing Personal Information

There are various ways in which you may inadvertently place important items of personal information into the wrong hands when using the Internet. For example you may be tricked by official sounding email messages that request information (Phishing), or be directed to fake Web sites that appear genuine and invite you to provide information. It is also easy to volunteer too much information when sending email, chatting online, posting your CV, using Blogs, collaboration platforms etc.

Social Networking Sites

Social networking websites, such as MySpace and Facebook, are now very popular and tend to encourage people to post information for many others to see. It is very easy to forget how many other people, who may not all be trustworthy, could see the information you have provided. It is also possible that personal repercussions could result from infuential people seeing and disapproving of embarrassing content you have posted. For example prospective employers or professional organisations may search for and examine your web content. Another thing to remember is that once something has been posted on a site that is not under your control, it may be impossible to withdraw that information.

The information people provide when enjoying participating in social networking sites and other free Internet services are liable to be harvested and analysed by individuals or organisations for their own purposes. For example advertising marketers may analyse and data from people's social networking profiles etc.  

Social networking sites typically offer various privacy settings; making good use of the settings to help limit who can see your information is recommended. However, such mechanisms should not be heavily relied upon, your information may be leaked onto other parts of the Internet and will in any case be accessible by individuals with greater levels of access to the system.

It is safest to only publish information that you would be happy for everyone to see.

Personal Information Examples

Seemingly trivial items of information, such as your date of birth, favourite colour, pet's name and so on, are likely to be used as answers to security questions protecting your bank account. It may be possible for an industrious criminal to gather various pieces of information about you that are scattered across multiple Web sites. (As long as you have a good memory it may be more secure to use false "facts" for you bank account security secrets.)

This is a non-exhaustive list of examples of personal information that you should be careful about providing. (Note also that posting personal information belonging to others is at the very least highly inadvisable):

  • Your full name
  • Your full address
  • Photographs of yourself (check before posting a photo featuring someone else)
  • National insurance number
  • Date of birth
  • Telephone number
  • Postcode
  • Mother’s maiden name
  • Current place of study
  • Current employer
  • Birthplace
  • Recent addresses
  • Any schools attended
  • Details of your interests e.g. pet’s names, favourite film, favourite colour
  • Memorable or favourite name
  • Bank account details
  • Credit card details

When being asked for information either by an email message, a pop-up window, Web page or someone you are having an online dialogue with, it is advisable to ask yourself whether it is really necessary to provide each item of information. If you think you are being asked for unnecessary, or an unusual amount of information stop and consider whether to proceed.

Data Protection Act

UK based organisations, including companies offering services on the Internet, that collect, store and process personal information that are bound by the Data Protection Act 1998. Whist the Act serves to regulate how companies use personal data some will companies often indicate somewhere in their small-print that they may provide your personal data to other organisations unless you contact them to indicate that you do not wish it. Others may provide you with a tick box, for example on a Web form, which if not ticked may indicate you have given them permission to share you data. If you think that some of your personal data is being incorrectly processed by a company that is subject to the Data Protection Act you may request that the situation is corrected and if necessary will have recourse to the Information Commissioner's Office.

Share this page:

Request Information

To make a Data Subject Access Request, or a Freedom of Information Request, please contact IAS directly.

Data Protection Officer

The Data Protection Officer is:

Elisabeth Taoudi, Data Protection Officer and In-House Commercial Lawyer, University of Leicester, University Road, Leicester, LE1 7RH

0116 229 7640