Tips for protecting sensitive personal information

Keeping your sensitive personal information safe online can help prevent fraud and identity theft. Often, the choices you make can determine how secure your information really is. In this guide, we’ll share three tips to follow to ensure your information remains secure. Read on to learn how to keep your private data safe in the digital age.

Sensitive personal information (SPI) is a legal classification that protects data that can potentially put individuals at risk.¹ As a general rule, it describes any data that could identify an individual or household. If the data could be linked, directly or indirectly, to you or your family, it is SPI.

Essentially, SPI is information that, if disclosed, could lead to major problems. Issues can include identity theft or financial fraud. Leaked SPI could also cause potential social consequences, such as harassment, discrimination, or damage to your professional reputation. Ultimately, failing to protect this information could impact your financial future or safety.

In the United States, businesses and organizations must go above and beyond to comply with laws that keep your SPI safe. Furthermore, you must give your explicit consent before any organization can collect your sensitive personal information.

The following data and information is considered Sensitive Personal Information:

• Social Security numbers
• Driver’s license ID numbers
• State identification numbers
• Passport numbers
• Log-in information + associated log-in credentials (i.e., usernames, PIN numbers, and passwords for an online banking account)
• Precise geolocation data
• Union membership information
• Genetic data and information
• Unique biometric data, such as fingerprints or retina images
• Health data
• Information related to sexual orientation or activity
• The contents of private communication, including physical mail
• Religious affiliations or beliefs
• Racial or ethnic information

With that said, different states have unique privacy laws and may categorize Sensitive Personal Information differently. For example, some states have stronger protection for children or youth data and may cover additional categories. Review the Data Privacy Act in your state for the most accurate information about your rights.

Most organizations do their best to comply with data privacy laws to ensure their own reputation. Even so, consumers have an obligation to keep their own sensitive data safe. There are many steps you can take to add an additional layer of security. These are crucial when banking, accessing health records, or completing transactions online.

Our tips for protecting personal information in the digital age are below.

A strong password is your first line of defense when protecting sensitive personal information. Every account should have a strong and unique password. This is especially crucial for online banking and other financial accounts.

Characteristics of a strong password include:

• A length between 12-14+ characters
• A mix of uppercase letters, lowercase letters, numbers, and symbols
• Does not include words from the dictionary
• Does not include the names of people, places, or things
• Complexity that makes it difficult to guess

While these may seem obvious, the most recent data suggests that the most common password is 123456.² Most individuals reuse the same, easy-to-guess password across multiple websites and accounts. Good password hygiene requires individuals to change their passwords frequently and use a unique password for each sensitive account.

Don’t worry about forgetting passwords or creating a significantly complex password. Savvy individuals take advantage of password managers. Not only will these applications securely store your passwords, they can help you generate new ones. They will auto-populate your passwords on designated sites and prompt you to change your password on a logical schedule.

Ideally, you’ll also implement multi-factor authentication on sensitive accounts. In addition to a password, you’ll need an additional component to access your account. Typically, this is a phone call, text message, email link, or a prompt in a smartphone app.

Multi-factor authentication is a secure way to prove you are who you say you are. After all, a hacker likely does not have access to your phone or email account.

As mentioned, most institutions, such as banks and medical practices, follow strict data privacy policies.³ Their online portals are likely secure and compliant with local and national laws. However, users must do their due diligence to ensure they are on an official website.

You might come across a fraudulent “cloned” website designed to capture your sensitive personal information. These are often part of illegal online phishing schemes.

You might access a fake website via a link in a scam email. They may look nearly identical to the online log-in portal you’re used to. However, they are fronts designed by scammers to collect data.⁴

You can verify that you’re on a secure website in a few ways:

• Look for https:// at the beginning of a web address in your address bar, which means data is encrypted and secure.⁵
• See if there is a small padlock icon in your address bar to the left of the URL. This denotes a secure website on many browsers
• Inspect the URL to ensure it is free from typos and seems to make sense for the service you’re aiming to access
• Heed security warnings from your computer from a trusted, vetted malware scanner (pop-ups from software you don’t use can be further scams)

Staying alert while accessing websites can help keep your sensitive personal information safe.

Despite your best efforts, breaches can sometimes happen. It’s best if you can identify them before it’s too late to take action.

The Social Security Administration advises individuals to monitor their credit about once per year. This is to ensure any changes make sense.⁶ You are entitled to a free credit check once annually from TransUnion, Equifax, and Experian.

If you note an inaccuracy, contact the appropriate credit bureau immediately. They can help identify any security issues and put you on the path toward rectifying them.

Do you have more questions about online safety and banking? Head to our Online Safety Guide to learn more.

Sources:

1. https://home.treasury.gov/taxonomy/term/7651
2. https://www.weforum.org/agenda/2024/07/popular-passwords-cybercrime-digital-safety/
3. https://www.raisin.com/en-us/online-safety/is-online-banking-safe
4. https://www.raisin.com/en-us/online-safety/how-to-tell-if-a-website-is-legitimate
5. https://www.ftc.gov/business-guidance/resources/protecting-personal-information-guide-business
6. https://blog.ssa.gov/10-ways-to-protect-your-personal-information-2

The above article is intended to provide generalized financial information designed to educate a broad segment of the public; it does not give personalized tax, investment, legal, or other business and professional advice. Before taking any action, you should always seek the assistance of a professional who knows your particular situation for advice on taxes, your investments, the law, or any other business and professional matters that affect you and/or your business.