Baylor Privacy Officer Shares Seven ‘Pre-Spring Cleaning’ Tips to Protect Personal Information

  • A few simple steps taken today to protect personal and private information can save people from a nightmare of future challenges. (iStock)
  • Doug Welch, Baylor University's chief privacy officer (Robert Rogers/Baylor Marketing & Communications)
Jan. 28, 2019

Media Contact: Eric M. Eckert, 254-710-1964
Follow Eric on Twitter at @EricBaylorU
Follow Baylor Media Communications on Twitter: @BaylorUMedia

WACO, Texas (Jan. 28, 2019) – A few simple steps taken today to protect personal and private information can save people from a nightmare of future challenges, said Doug Welch, Baylor University’s chief privacy officer.

Monday, Jan. 28, is Data Privacy Day, an international effort launched by the National Cyber Security Alliance to educate people about the importance of respecting privacy, safeguarding data and enabling trust. In conjunction with Data Privacy Day, Baylor University is kicking off a weeklong campaign to bring awareness to privacy and cybersecurity issues.

“Data Privacy Day is a good day for members of the Baylor community to consider some ‘pre-spring cleaning’ to tidy up your online presence and practices, as well as taking the time to evaluate the documents and records you keep and those you should discard,” Welch said.

Welch offered the following tips and steps:

Know the difference between security and privacy.

While privacy and security go hand in hand, they are not the same concepts. Privacy, Welch explained, includes the right to choose what information you will share about yourself with others and the right to know how that information is being used by those who collected it.  Security is about protecting both the information you choose to share and that you choose not to share from getting into the hands of others.

“I’ve heard the relationship between security and privacy described this way: ‘Security without privacy is like having a house made of bullet-proof glass. No one is getting inside, but your personal life is still on display,’” Welch said.

Stop sharing your location.

“Many of us are willingly allowing our movements to be tracked through the smartphones we’re carrying in our pockets,” Welch said.

Many popular free apps people install on their smartphones contain mechanisms that collect data on your movements and habits. That data can then be sold by app providers to digital marketers, Welch said.

“The bottom line is this: if the app is free, you aren’t the customer—you are the product,” Welch said. “Those services are selling your data to marketing firms—a $21 billion dollar-a-year industry.  While there is relatively little harm in being served an ad based on your daily habits, it’s not difficult to imagine how this information could be abused in the hands of unscrupulous people.”

Welch advised taking steps to change location-sharing settings on electronic devices. On IOS and Android devices, this is done in the “Privacy” or “Advanced” settings, respectively. He suggested adjusting those settings to “never” or “while using” for each app.

Read and understand the terms of service for your most-used apps.

“It’s likely that the only people who read the terms of service for any downloaded app are the lawyers who wrote them,” Welch said. “We’ve all just clicked ‘I agree’ in order to get to the ‘free’ stuff.”

Sometimes that simple click allows the app providers to do things, such as: read all text messages, access calendars, copyright uploaded photos, sell personal information to advertisers or use customer identities in ads shown to other consumers.

Welch said the website TOSDR.org (Terms of Service: Didn’t Read) is a crowdsourced resource project to catalog some of the more egregious terms people have likely agreed to in exchange for the app.

Use private browsing and do not track.

Private browsing and “do not track” (DNT) options allow consumers to surf the web without logging the sites they visit, Welch said, adding that the most-used browsers — Chrome, Firefox, Internet Explorer and Safari — have private browsing modes or DNT features that can be enabled.  However, he said, some websites do not honor the DNT request and track anyway. An alternative is to use a private search engine like DuckDuckGo, which guarantees that it does not log or track your searches.

“There are things that we say, see and think about that we’d rather not have others know we do. It’s not necessarily that we are doing anything wrong; it’s that we’d prefer others not make judgments about us on those things. Yet we do this every day when searching the web; and furthermore, we let the search engine sell that information to others,” Welch said. “Keep in mind that the web is not a public utility or a neutral forum; it is a commercial enterprise.”

Clean out paper and electronic files.

Often, large amounts of sensitive and confidential information are collected in Baylor University’s normal course of business. Depending on the department or office, this could include government ID numbers, financial information, health data and even biometric identifiers like fingerprints and hand geometry, Welch said. Hanging on to obsolete data not only creates a risk of inadvertent release or unauthorized access to confidential materials, it also causes unnecessary storage expense and space usage.

“If a document or electronic file (this includes email) is not necessary to evidence the business or history of your organization, it should be destroyed or deleted,” he said. “Clean out your desk and computer of duplicates, personal notes, working drafts, etc. However, keep in mind any legal, audit or research hold before final disposal.”

Note: The Baylor Records Retention and Archival Policy (BUPP 038) details periods of time that certain categories of records should be kept. 

Two-Factor authentication is a best practice.

Security plays a big role in privacy. Baylor has deployed Duo two-factor authentication to protect unauthorized access to personal data.  As with Baylor access, many commercial providers such as brokerage firms also use two-factor authentication as a top security measure.

“Use two-factor authentication wherever possible. However, never approve access when you receive a push notification if you aren’t sitting at your computer logging in to an account,” Welch said. “If you didn’t request it, don’t approve it.”

Use appropriate resources.

Baylor provides you good information about privacy and security, Welch said. Follow @BearAware on Twitter or regularly visit www.baylor.edu/bearaware for information security and privacy notices. 

For more information on privacy, visit www.staysafeonline.org. It is a website run by the National Cybersecurity Alliance and contains many tips and information on staying safe and private on line.

ABOUT BAYLOR UNIVERSITY

Baylor University is a private Christian University and a nationally ranked research institution. The University provides a vibrant campus community for more than 17,000 students by blending interdisciplinary research with an international reputation for educational excellence and a faculty commitment to teaching and scholarship. Chartered in 1845 by the Republic of Texas through the efforts of Baptist pioneers, Baylor is the oldest continually operating University in Texas. Located in Waco, Baylor welcomes students from all 50 states and more than 80 countries to study a broad range of degrees among its 12 nationally recognized academic divisions.

Looking for more news from Baylor University?