Many reveal personally identifiable information (PII) on sites to acquire a product or service. Provide PII absolutely minimally. Examples where we give Personally Identifiable Information
There is a large volume of PII that we divulge willingly in order to obtain a service or product:
Examples include the following:
We provide an online application for life-insurance our birth date and health history
We provide a potential lender our name, address, birth date, and social security number so that they can run a creditworthiness check
We provide a bank or an investment account application our social security number (or equivalent outside the US) so that it can report interest, dividends, and capital gains or losses to tax authorities.
There is a small risk of such private data leaking in a data breach but we take that risk as the cost of getting the desired service.
Examples of where alternatives can be considered
However, many users also reveal PII when prompted online when there is no justified requirement to provide the actual data. Circulating that data much more widely than when absolutely necessary increases the risk of a private data leak. Examples of where providing false data could be considered:
1. Authentication challenge questions
When you establish an online account and login credentials, many sites also ask you to answer various personal “challenge questions” that are used later either upon logging into a site as an extra authentication step or when changing a password. Such questions might be “What high school did you attend?” or “In which city were you born?” or “What is your mother’s maiden or (or middle) name?” If you do not care to divulge additional personal information, consider supplying fictitious data, as long as you can recall it when asked later. For example, a response to the question “Who was your wedding ‘best man’ or ‘maid of honor’?” can be answered by an unmarried person as “Charlie Chaplin.”
2. Birth date
3. Real full name
Many sites request your full name. So whether you provide your real name or an alias is a decision you will need to make, much like with “birth date” above. Certainly, for contracts or business dealings, your full real name is required, but there are many cases, such as posting comments in an online forum or writing a product review or a letter to the editor, where using a pseudonym is understandable.
4. Physical address
There are many examples where divulging your address is required, such as when you order something to be shipped to you, or when you use a credit card that requires a billing address. Consider, if you can afford it, a mail service box or post office box to avoid using your residential or business address for privacy reasons, or if there is no legitimate reason for a website to have your address and they require it, seek an alternative site.
5. Social security number (in the US, or equivalent ID number elsewhere)
Organizations or individuals that legitimately need to run a creditworthiness check or background check on you such as a lender or a landlord, or companies that must report payments they make to you, may appropriately request your social security number. However, some organizations, such as some educational institutions, may require it, planning to use it as an identification item. In such cases, we suggest considering a competitive organization or site or contacting the site to see whether an alternative can be accommodated.
6. Anonymous purchases online
When purchasing online, most users provide a credit card number and its associated data, including the cardholder’s name, address, postal code, expiration date, and security code. Those are all legitimate requests if you wish to pay via a standard credit card. If you must use a credit card, we recommend never check the box that allows the site to retain your credit card on file for “convenience.” In case of a poorly secured website, such data has been known to be hacked in a data breach. Moreover, credit cards on file can be used for automatic renewal and billing errors. It gives you greater privacy and control to enter the card information each time. For cases where anonymity is desired, do not use a standard credit or debit card. Consider using an anonymous online payment method discussed in the references below, such as a pre-paid credit card, a pre-paid debit card, a masked credit card, a pre-paid gift card, or a cryptocurrency:
7. Email address
Our final example is your email address. For anonymity, consider using a disposable email address, but not if an ongoing active email address is needed for notices. If the latter is the case, consider a second secure email service.
By all means, provide private data to trusted sites when there is a legal requirement for such data or a bona fide reason for providing that data. However, there are many instances where that is not the case, and for privacy’s sake, we advocate pushing back or seek less snoopy sites.
Disclaimer: Nothing in this post should be construed as legal advice, but rather as general educational information believed to be accurate. Consult your lawyer for guidance specific to your needs.