Carnegie Mellon University

image of user's computer screen and social media

June 29, 2020

How to Protect Personal Information Online

People have protected their personal information and sensitive documents for centuries. Historically that involved mostly physical protections, but in a digital world, physical protections are not enough.  Physical protection of sensitive documents can occur by locking them away in a drawer or renting a safety deposit box at the bank. However, protecting a person’s digital information can be more difficult. Personally Identifiable Information (PII) is any type of unique information that can be used to distinguish or trace an individual’s identity. In the wrong hands, stolen personal information can lead to financial loss and identity theft. 

PII comes in many forms. Some examples of PII include, but are not limited to:

  • Name: full name, maiden name, mother's maiden name
  • Personal Identification Numbers: social security number (SSN), driver's license number, taxpayer identification number, financial account number, credit card number
  • Biometric Data: Facial recognition, retina scans, thumbprint

Criminals use many nefarious methods of stealing PII in order to commit identity theft including public data breaches, capitalizing on a lost or stolen device, and collecting data from publicly available sources. While identity theft is concerning, the actual damage usually comes after an attacker uses the stolen information for malicious purposes. This can lead to devastating consequences for the victim, especially when the attacker starts targeting important aspects of the victim’s life such as insurance, bank, and credit card information. Many victims of identity theft are usually unaware that they have been compromised and are surprised when faced with the reality of the consequences, such as damaged credit and loss of personal funds, as well as financial and emotional stress.

Protect Your Digital Identity

Your identity exists in digital form all over the Internet. It is critical to guard your digital privacy — in order to protect your identity and finances!

Following are specific steps you can take to protect your online information, identity, and privacy.

  • Think Before You Act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information.
  • Use Unique Passwords: Hackers often use previously compromised information to access other sites. Choosing unique passwords for each site keeps that risk to a minimum. Using an encrypted password manager to create and store your passwords makes it easy to securely access your accounts.
  • Get Two Steps Ahead: Switch on two-step verification or multi-factor authentication wherever offered to prevent unauthorized access.
  • Be Aware of What's Being Shared and With Who: Be aware of the type of information you are revealing when you share post, picture, or video online. It is also important to know who you are sharing your information with. It is recommended to review your information on social networks regularly.
  • Own Your Online Presence:  Set the privacy and security settings on web services and deices to your comfort level for information sharing. Privacy and security settings often change, it is important to frequently review the settings to ensure you are comfortable with them.