35: Provide personally identifiable information (PII) minimally

Many reveal personally identifiable information (PII) on sites to acquire a product or service. Provide PII absolutely minimally. Examples where we give Personally Identifiable Information

There is a large volume of PII that we divulge willingly in order to obtain a service or product:

Examples include the following:

  1. We provide an online application for life-insurance our birth date and health history

  2. We provide a potential lender our name, address, birth date, and social security number so that they can run a creditworthiness check

  3. We provide a bank or an investment account application our social security number (or equivalent outside the US) so that it can report interest, dividends, and capital gains or losses to tax authorities.

There is a small risk of such private data leaking in a data breach but we take that risk as the cost of getting the desired service.


Examples of where alternatives can be considered


Personally identifiable information

However, many users also reveal PII when prompted online when there is no justified requirement to provide the actual data. Circulating that data much more widely than when absolutely necessary increases the risk of a private data leak. Examples of where providing false data could be considered:


1. Authentication challenge questions

When you establish an online account and login credentials, many sites also ask you to answer various personal “challenge questions” that are used later either upon logging into a site as an extra authentication step or when changing a password. Such questions might be “What high school did you attend?” or “In which city were you born?” or “What is your mother’s maiden or (or middle) name?” If you do not care to divulge additional personal information, consider supplying fictitious data, as long as you can recall it when asked later. For example, a response to the question “Who was your wedding ‘best man’ or ‘maid of honor’?” can be answered by an unmarried person as “Charlie Chaplin.”

2. Birth date

Birth date requests are a little trickier. Some sites ask to comply with child protection requirements, but they could have easily complied in a different way (by having you confirm “I certify that I am at least x years old”). Other sites have legitimate and legal reasons for needing a birth date, such as an insurance application or a government benefits site. However, many sites request a birth date that have no legitimate reason for asking for it other than to collect more personal data for targeted, demographic-based ads. In such cases, if they do not require that a real birth date be supplied in their Terms of Use to which you agree, you can consider using a fake birth date and keep your real birth date private. If they do stipulate in their Terms of Use that the birth date must be accurate in order to use their service, you need to decide for yourself whether to a) enter the real birth date, b) use a fictitious one (such an approximate birth date), or c) try their competitors' site. If you do submit a fictitious birth date, we suggest you take into account the consequence of such wrong data. Perhaps the worst-case consequence is merely account closure.

3. Real full name

Many sites request your full name. So whether you provide your real name or an alias is a decision you will need to make, much like with “birth date” above. Certainly, for contracts or business dealings, your full real name is required, but there are many cases, such as posting comments in an online forum or writing a product review or a letter to the editor, where using a pseudonym is understandable.

4. Physical address

There are many examples where divulging your address is required, such as when you order something to be shipped to you, or when you use a credit card that requires a billing address. Consider, if you can afford it, a mail service box or post office box to avoid using your residential or business address for privacy reasons, or if there is no legitimate reason for a website to have your address and they require it, seek an alternative site.

5. Social security number (in the US, or equivalent ID number elsewhere)


Organizations or individuals that legitimately need to run a creditworthiness check or background check on you such as a lender or a landlord, or companies that must report payments they make to you, may appropriately request your social security number. However, some organizations, such as some educational institutions, may require it, planning to use it as an identification item. In such cases, we suggest considering a competitive organization or site or contacting the site to see whether an alternative can be accommodated.

6. Anonymous purchases online

When purchasing online, most users provide a credit card number and its associated data, including the cardholder’s name, address, postal code, expiration date, and security code. Those are all legitimate requests if you wish to pay via a standard credit card. If you must use a credit card, we recommend never check the box that allows the site to retain your credit card on file for “convenience.” In case of a poorly secured website, such data has been known to be hacked in a data breach. Moreover, credit cards on file can be used for automatic renewal and billing errors. It gives you greater privacy and control to enter the card information each time. For cases where anonymity is desired, do not use a standard credit or debit card. Consider using an anonymous online payment method discussed in the references below, such as a pre-paid credit card, a pre-paid debit card, a masked credit card, a pre-paid gift card, or a cryptocurrency:

7. Email address

Our final example is your email address. For anonymity, consider using a disposable email address, but not if an ongoing active email address is needed for notices. If the latter is the case, consider a second secure email service.

Take-Away

By all means, provide private data to trusted sites when there is a legal requirement for such data or a bona fide reason for providing that data. However, there are many instances where that is not the case, and for privacy’s sake, we advocate pushing back or seek less snoopy sites.

------

Disclaimer: Nothing in this post should be construed as legal advice, but rather as general educational information believed to be accurate. Consult your lawyer for guidance specific to your needs.

Get email alerts for new posts

*We do not share your email with any third party.  See Privacy Policy.

Use of this blog site constitutes acceptance of its Terms of Use. Note that the terms are written in plain English for clarity and transparency.  Similarly, see also our Privacy Policy.

Brand names mentioned are trademarked or are the trade names of their respective owners.

Other than the logo, most photos or illustrations are stock photos licensed from iStockPhoto.com

Donate


If you like the free content of this blog, help defray the costs of operating the site by making a small donation:

This site is owned and operated by Adept Advice LLC.

Copyright (c) 2020 by Adept Advice LLC. All rights reserved.