| |
back
to page 1 (DOs)
DON'T:
- Give away information about yourself unless you
have verified the identity of the party that is requesting it.
Never give out personal information and details (i.e. social insurance
number, driver’s lic., bank accounts, etc) over the phone.
- Succumb to phishing attacks. These social engineering
tricks impersonate your bank or trusted online company, introduce
some urgency (i.e. your account is about to close), ask you for
your password and even bank card code. Most will even ask you
not to attempt to log in again afterwards, thus giving them time
to actually use the stolen information.
- Legitimate companies to not require the verification
of your confidential account details. Do not respond to requests
for verification of your (or your company’s) details.
- Hesitate to ask for the written privacy policies
in effect at any place of business that uses your information,
along with the contact information of the Chief Privacy Officer.
This individual is individually responsible for satisfying your
requests for information about the organization’s data collection
practices and remediation activities in case of a breach.
- Do business with any organization that you don’t
feel comfortable with. Personal and confidential information is
very valuable and if you lose it, it can very rarely be recovered.
By law, companies cannot penalize you for not disclosing personal
details if they are not required for the specific purpose under
discussion. In fact, it is illegal to ask for it and collect it
if it is not material to the activity being carried out.
- Carry unnecessary pieces of identification with
you such as numerous credit cards, passports or birth certificates,
to limit the amount of information that could be stolen.
- Open emails from people you don’t recognize.
Keep your preview pane closed, use anti-spam software and do not
allow your emails to automatically make outbound connections through
your firewall.
- Click on links in emails. Type or paste them
into your browser window manually to avoid phishing scams and
Trojan infections.
- Stray. When it comes to the Web, stay on the
beaten path. Underground sites and sites with questionable content
generally have fewer scruples about exposing visitors to malicious
code and privacy breaches.
- Fall for letters from companies that send notices
about your expiring domain name. The letter itself may not be
from your registrar and by responding, you’re actually switching
from a trusted company that was managing your Internet domain
to an unethical company seeking to profit from your confusion.
This can disrupt your company’s operations in a serious
manner as all your web traffic and emails depend on a domain name.
- Leave your purse, wallet, laptop, cell phone
or PDA unattended or within reach of anyone. The information they
contain and their capabilities will often result in a privacy
or security breach that is difficult to recover from.
- Allow any institution to use your social insurance
number or credit card number as an identifier on any account.
- Give out your Social Insurance Number (or Social
Security Number in the U.S.) liberally. Although it is tied to
your identity, it is not a piece of identification. If offered
the choice by an authorized organization, choose to use a different
form of ID. According to the Office of the Privacy Commissioner,
your SIN can be used to steal your identity. Along with other
personal information, someone may be able to use your SIN to apply
for a credit card or open a bank account, rent vehicles, equipment,
or accommodation in your name, leaving you responsible for the
bills, charges, bad checks, and taxes.
- Delay. If you’re sure of being the victim
of identity theft, fraud or a privacy breach and you have requested
the cancellation of old cards be sure to have a complete list
of contact numbers and addresses for all issuers and departments
that need to be aware of your new identity credentials. For example,
if you have obtained a new Social Insurance Number (make sure
you don’t request a new one unnecessarily) you’ll
need to contact all your financial institutions, creditors, pension
providers and employers and sk them to update their past and current
records on your file.
- Panic! Make sure that it was not a mistake and
that you are indeed the victim of fraud, identity theft, personal
information compromise or security breach. If so, report the incident
to the police and make note of the complaint number, ask each
major credit bureau to add a fraud warning to your credit file
to ensure that all credit requests are verified through you first.
If necessary, report all stolen cards to the issuers and verify
all activities in writing. Notify your bank of stolen cheques,
cards or compromised accounts. Notify your postal inspector if
you suspect mail theft.
 More:
|
|
 |
