These days we do everything online, from shopping to internet banking — even conducting medical appointments and job interviews. Every second, millions of people are handing masses of personal information over to businesses via the internet, often without a second thought for their own privacy and safety.
The vast majority of the time we have little to worry about. Most reputable companies invest heavily in internet security and value the trust of their client’s place in them. After all, there’s little worse press than a large-scale data breach.
Unfortunately, these kinds of situations can happen, through either carelessness or the cunning practices of cybercriminals. A data breach occurs when personal information is accessed, disclosed without authorization, or is lost. Data breaches can hurt businesses immensely through the loss of reputation and legal ramifications, but they can result in even worse outcomes for individuals — personal and financial distress and damage that can take years to repair.
Digital data breaches often result in your personal information ending up on the dark web, where it can be sold by cybercriminals and result in identity theft and fraud. No one wants this to happen, which is why it is so important for businesses and individuals to educate themselves on the best internet security practices.
What is personal data?
The term ‘personal data’ is broad and covers a wide variety of information. You can think of it as any details that could be used to identify you. This includes:
- Name, date of birth, signature.
- Sensitive information: racial or ethnic origin, political opinion, religious beliefs, sexual orientation, or criminal record.
- Health information, such as medical records.
- Financial information: credit or bank account details, tax file number.
- Contact information: home address, email address, telephone number.
- Employment details: salary, work address, job title.
Some information may not be considered personal data when looked at in isolation but when combined with other details it may be used to identify a person and therefore comes under the classification of personal data.
What are the responsibilities of businesses when it comes to my data?
Every country has privacy acts in place that are required to be upheld by businesses when collecting and storing personal information from consumers. In Australia, the Privacy Act is designed to protect individuals and give them power and control over the way that their personal information is handled.
Businesses that have responsibilities under the Privacy Act are required to protect their customers’ information from theft, misuse, loss or unauthorised access. They must comply with the Australian Privacy Principles and implement practises and procedures to ensure that they are handling personal information in the correct manner. Doing so will hopefully prevent an unwanted security breach.
Businesses also have a responsibility to educate their employees on safe data handling practices. Being able to recognize potential threats is an important skill and will allow companies to stay one step ahead of cybercriminals.
What does the dark web have to do with all of this?
The dark web has quite a reputation for being an objectionable corner on the internet. This is both justifiable and a little off the mark. It’s true that the dark web is home to illegal activity, due to the fact that users cannot be easily tracked or identified. However this also lends the server to being an environment through which people living under oppressive governments can communicate and speak out to journalists from other countries. Both good and bad things happen on the dark web.
Cybercriminals however use the dark web to sell personal information that has been obtained through data breaches. This can range from credit card information to passport details and can be used to commit identity theft and drain bank accounts. This is one of the reasons why businesses should do everything in their power to ensure that they are complying with appropriate privacy legislation and practices.
What can I do if I have been the victim of a data breach?
Unfortunately once your information is on the dark web it’s very hard to have it removed. There is no governing body of this section of the internet.
If a business has informed you that your information has been breached, it is highly recommended that you take action quickly to reduce any potential harm. Change your passwords to all online accounts and check banking statements for any unusual activity. Contact relevant government bodies if your driver’s license, passport, or Medicare information has been shared and alert the ATO to keep a lookout for any suspicious activity relating to your tax file number.
Data breaches can be distressing, which is why it is also a good idea to reach out to support services, family and friends.
If you are a business and have been a victim of a data breach, you have a legal responsibility to inform all affected customers and also report the situation to the Australian Government. It is recommended that business adopt a proactive approach to data safety, understanding their vulnerabilities and seeking expert advice to protect themselves and their customers.
Many internet security companies offer dark web monitoring services, which can scan the dark web and alert you if your personal information is found. Consider investing in a program such as this — even if you cannot get the information removed, it is better to know that it is there so that appropriate reactionary steps can be taken.