Hours & Location Help, opens a new window
Main navigation Events
Open search form

Search

Advanced Search

VPL – Complete List: Action Items

Communicate About Privacy

Talk to friends and family about what information you prefer to keep private, and what you would or wouldn't be comfortable with them posting about you.

Make sure you know your friends' and family's preferences about online privacy. Before you refer to other people in your posts, post photos of them, or tag them in posts or photos, ask yourself how they would feel about the post. If you don’t know someone’s preferences, try to avoid mentioning them on social media. Use this handy decision guide as a reminder:

If you want to keep your information private, take action!

  1. Submit complaints to businesses that don’t respect your privacy preferences. Alert other users to the specific problem via review systems.
  2. Write to government representatives expressing your views:

Request privacy from companies and services that have data about your offline activities, such as healthcare, banking, insurance, and utility providers. Specifically, opt out of sharing your information with third parties. Use these guides to help you navigate opt-out procedures:

Everyone has the right to participate in social media. If you are a survivor of domestic abuse, sexual assault, and/or stalking, it is important to learn ways to stay connected while protecting your privacy and security.

Think About Consequences

Before you post information or images on social media, ask yourself:

  1. If this post became public, what would my extended family think? My employer or a potential employer? A neighbor?

Before you post information or images on social media, ask yourself:

  1. If this post became public, what would my extended family think? My employer or a potential employer? A neighbor?
  2. For that matter, what will my target audience think when they see this?
  3. Will everyone who could see this have my best interests at heart?

Before you post something on social media, ask yourself: Could my circumstances change such that this could be embarrassing in five years?

Before you provide personal information to get an app or online service, ask yourself: How might this app or service benefit from having this information? Could those benefits be detrimental to me?

When deciding whether to communicate sensitive information online, consider that people, companies, and governments might make mistakes, not behave ethically, or or might not follow the law—nor even their own policies—about how to treat your private information. In many cases, there may not even be any laws governing the use of your information.

Learn About Online Privacy

Educate yourself about how online privacy works, what protections you have and don't have, and what tools and techniques you can use to better maintain your privacy. Then share that information with family and friends.

As you look through the topics in this Virtual Privacy Lab, think about what privacy means to you. Start with the topics you find most important and interesting. At the end of each section, decide which actions you want to take and use the resources to help you bring your online information sharing in line with your preferences about privacy.

Periodically search for yourself using a search engine to see what information others can see about you. Try using multiple search engines, as well as including an image search. Make sure to perform the search using a private browsing window as search engines customize results if you’re signed in, and/or based on what results you’ve clicked in the past.

Educate yourself about current laws and regulations. Be aware that laws are continually changing in order to adapt to current technology.

Check out apps, sites, and services before you use them. Read the privacy policy; if you don't like what it says about what the provider will do with your data and who they may share it with, you can do business with a different provider (even if it means paying slightly more—a "privacy premium").

If you can't bring yourself to read through the official Privacy Policies, use a cheat sheet like one of these:

Adjust Your Privacy Settings

Review your privacy settings on your social media and other accounts and on your apps and communication devices, to make sure you're sharing what you want to share. Use these guides to help you identify and change the settings most important to you:

You may want to use different settings for different accounts, on different social networks, or for different apps, depending on how you plan to use them.

  1. Some settings we recommend reviewing include:
    • Location services and frequent places (on apps, sites, and devices);
    • Automatically limiting the audience for your old posts;
    • Sharing your information with third parties/other companies ("marketing affiliates", etc.).
  2. Keep reviewing your settings on a regular basis, and when you get a new account, app, or device, start by reviewing its privacy settings.
  3. Watch this short video to see how location services on your phone can impact you.

On social-media sites, use the privacy settings that limit what other people can post about you, such as:

  • Requiring your approval for people to post on your timeline or tag you in photos;
  • Blocking other people from "checking you into" a place, as that shares your location with others.

Keep up with changes to privacy settings and policies.

  1. Pay attention to updates from services, websites, and app providers about privacy settings and policies. As a backup, you can check out this update site:
  2. Update software/apps, as new privacy settings may become available.
  3. Regularly review and update your privacy settings in case the options have changed. Use these guides to help you check the settings most important to you:

When you open a new social media account or start using a new app or device, review the privacy settings to make sure they reflect what you want to share with whom. Some settings we recommend reviewing include:

  1. Location services and frequent places (on apps, sites, and devices);
  2. Settings that limit what other people can post about you, such as requiring your approval for people to post on your timeline or tag you in photos, or whether other people can "check you into" a place.

Use these guides to help you identify and change the settings most important to you:

Before you post, ask yourself who you particularly want to have see this information, and set the audience for the post to include only those people.

  1. Some social networking sites allow you to create "custom lists" or "circles" in your account settings (such as "close family" or "work friends") that you can post to. (But note that on some sites, like Facebook, each person in a custom list can see the names of the others who can see the post.)
  2. Some social networking sites let you specify that certain friends/contacts your public postings, for example with Facebook's "Restricted" status.

Use these instructions for major social media sites:

  • Help Page for Custom Lists and Restricted Status on Facebook and Instagram: Lists for Friends
  • Instructions for Circles on Google Plus: About Circles

Remove location data (GPS coordinates) from photos and videos before you post or send them.

  1. Use these guides and tools to examine and remove EXIF metadata, including GPS:
  2. There are some file formats that don’t contain location data in the first place, such as PNG for photos.
  3. On some mobile devices, you can prevent GPS metadata from being added by changing the settings for the camera app.

(Note that this is separate from adjusting your social media privacy settings so the site doesn't add location data about where you posted from; you may need to take multiple steps.)

Check your privacy settings for non-telecom devices and programs that record information about you, like DVRs, fitness and health tracker devices, smart-home systems, vehicle health/activity loggers, transit and parking cards, and store rewards cards.

  1. You can start by searching on "privacy settings" or "privacy choices" and the name of the device or program.

Manage Your Profiles

If an app or site asks for your personal information, weigh the benefits before giving it.

  1. Ask yourself: Do they really need this information to provide the service? What permissions are they asking for and do they really need access to that information?
  2. If you don't know how an organization or service will use your information—either because they don't say or because their privacy policy is too unclear for you to read—consider not giving it to them, or at least limiting what information you give them.
    1. Don't fill in non-required fields.
    2. You may be able to give false information in the required fields if it's not necessary to the service you're getting. However, you should check the provider's terms of service first to make sure they do not require that your personal information be correct. Don't give false information to banks, government agencies, and other highly regulated services, as it may be illegal.
  3. Watch these short videos to see how much information we give away without thinking.
    1. If your shop assistant was an app
    2. #PrivacyProject

Close or delete your old social media and other online accounts. (However, remember that your data may still be backed up somewhere, especially if others have reposted it. Closing old accounts doesn't guarantee the information won't be found, it just makes it less likely.)

If you want to post details about your crazy hijinks, air your political views, or be open about your religious affiliation or sexual orientation, but you don't want your employer or your grandmother see it, you can register for social-media accounts using a false name, or have multiple accounts under different names. (Note that this is against the terms of service for some social media sites, so you should check first. If you violate the terms of service, the site can close your account if they find out.) However, there are many ways someone could find out which accounts are yours, so this method doesn't guarantee privacy; it just makes you a little harder to find.

Protect Yourself from Account Theft

Control access to your devices and accounts with good passwords.

  1. Require a passcode and/or fingerprint verification to access your smartphone and other devices. Set a strong password if you can. (But even a short PIN or swipe pattern is better than nothing.)
  2. Create strong passwords for all of your accounts on apps, sites, and services.
  3. Don't share your passwords or PINs with anyone, even people you trust.
  4. Physically block the view of your keyboard or screen from onlookers when you're entering a password while in a public space.
  5. Use different passwords for different services and devices, especially the ones with the most sensitive information about you. If you’re worried about remembering all of your passwords, you can use password management software that allows you to create one "master password", then does the rest for you:

Control access to your devices and accounts with good passwords.

  1. Require a passcode and/or fingerprint verification to access your smartphone and other devices. Set a strong password if you can. (But even a short PIN or swipe pattern is better than nothing.)
  2. Create strong passwords for all of your accounts on apps, sites, and services.
  3. Don't share your passwords or PINs with anyone, even people you trust.
  4. Physically block the view of your keyboard or screen from onlookers when you're entering a password while in a public space.
  5. Use different passwords for different services and devices, especially the ones with the most sensitive information about you. If you’re worried about remembering all of your passwords, you can use password management software that allows you to create one "master password", then does the rest for you:
  6. Don't have your web browser or phone automatically "remember" your passwords.
  7. For your most important accounts, use two-step verification, where the service sends you a code—usually to your phone—when you want to log in. This prevents others from using your account even if they guess your password. You can enter "two-step verification" and the name of the service in a search engine to find instructions.

If a service offers you a choice about your "password recovery questions", don't use information about you that someone could easily get from your social-media profiles, that is otherwise public information, or that is easy to guess because it has a limited set of likely answers.

If a company or website tells you your account has been compromised, take care of it as soon as possible. But be careful; many scammers use fake security notifications (phishing) to breach your security.

  1. If you know one of your accounts has been hacked, change the password immediately, then contact the provider. Use this guide:
  2. Change the passwords for any other accounts that use the same password, or where your account recovery information may be stored in the hacked account.
  3. If you get email or a pop-up message on your screen saying you have a security problem, don't click on any links or buttons in the message! Instead, go directly to the company's or provider's website (type the URL in your browser or use a search engine). Use the provider's Contact page or call them to find out if there's really a problem.
  4. Use this site as a backup to check if any of your accounts have been hacked:
  5. Keep in mind that if a hacker has copied your contacts and profile, they'll always be able to use that information, even if you secure your account against future attacks.

Protect yourself from viruses, worms, and other malware by:

  1. Keeping your software up to date and installing (or at least running) antivirus software on all your devices.
  2. Only downloading files from sources you trust—and that you're sure haven't been hacked.
  3. Doing a quick search on the name of unfamiliar apps or services before downloading or using them. If they're malware or vulnerable to malware, a warning will usually turn up in the top few search results.

Use these resources to help you learn more about basic computer security topics:

Keep in mind that people who communicate with you online may not be who they say they are.

  1. Before sharing information online with someone you know, think about whether or not their online behavior matches their behavior in other parts of your life. If it doesn’t, their account may have been hacked.
  2. If you’re not sure of the identity of a person or organization, call them on the phone (using a number you already have) before sharing anything important or personal.
  3. Use this guide to help you recognize suspicious email messages:

Limit Data Collection and Tracking

Limit tracking by reviewing your web browser's or your phone's privacy settings for how long it saves cookies from the sites you visit. In browsers, privacy settings can generally be accessed via the "Preferences" or "Options" menus. (Note that these settings change back to the default when you install an update to the browser.

  1. To reduce the chances you can be tracked from session to session, set your web browsers on all your devices to clear any cookies when you close the browser.
    • Guide for Google Chrome, Mozilla Firefox, Internet Explorer, and Opera: How to Clear Your Cache on Any Browser
    • To find instructions for other browsers/devices (or newer versions), do a search on 'automatically clear cookies' and the name of the browser or device.

Limit tracking by reviewing your web browser's or your phone's privacy settings for how long it saves cookies from the sites you visit. In browsers, privacy settings can generally be accessed via the "Preferences" or "Options" menus. (Note that these settings change back to the default when you install an update to the browser.

  1. To reduce the chances you can be tracked from session to session, set your web browsers on all your devices to clear any cookies when you close the browser.
    • Guide for Google Chrome, Mozilla Firefox, Internet Explorer, and Opera: How to Clear Your Cache on Any Browser
    • To find instructions for other browsers/devices (or newer versions), do a search on 'automatically clear cookies' and the name of the browser or device.
  2. If you want extra protection from tracking, don’t allow websites to use cookies at all unless you explicitly give your permission. Set your browser preferences or phone settings so that cookies cannot be installed. While this will keep your browsing more private, it will also make some websites and applications difficult to load, and some may not function at all.
    • Guide for iPhones/iOS, Android devices, Safari, Google Chrome, Mozilla Firefox, Internet Explorer, and Netscape: How to Disable Cookies
    • To find instructions for other browsers/devices (or newer versions), do a search on 'disable cookies' and the name of the browser or device.

Note that these options do not cover all of the possible types of cookies. New types of cookies (currently, Flash cookies and "supercookies") may not (yet) be deletable using browser options.

Install a browser add-on to help limit the amount of information collected about you. However, note that, whatever they may promise, none of these tools can completely prevent sites and services from tracking you; there are too many different tracking methods and they change quickly. (This also means you should check for updates frequently.) Use this guide to choose an anti-tracking tool:

Make sure you choose a tool that actually limits tracking. Some common tools hide ads without preventing advertisers from tracking you.

For frequent online tasks, there are some sites and services that specifically don't track your activities.

  • A Search Engine That Doesn't Store Your Search History or Identifying Information: DuckDuckGo
  • A search engine that uses content search assistance from major search engines like Google, Bing and Yahoo but never tracks your online searches or activities or IP address: Disconnect Search

To make it more difficult to link up your online personas, or just to avoid spam, use a disposable email account or proxy email account when you register for new accounts online. (Don't use a truly disposable address for sites that actually need to be able to communicate with you, for example, if you want an online store to be able to send you a receipt later.)

Secure Your Communication Channels

Be selective about using public wifi networks. Wireless networks with “WPA2” encryption are the most secure.

  1. Set your phone or computer to ask you before joining a new wireless network (rather than connecting automatically). Don't join a network if you don't know who's providing it. Ask before you connect.
  2. Try to avoid any wireless network that is not password protected or where many people have access to the password, such as those in coffee shops, and airports.
  3. If you have to use a public wifi network, only login to "HTTPS" websites. Avoid banking and shopping activities. Use these tips to reduce the risk of eavesdropping:

Be selective about using public wifi networks. Wireless networks with “WPA2” encryption are the most secure.

  1. Set your phone or computer to ask you before joining a new wireless network (rather than connecting automatically). Don't join a network if you don't know who's providing it. Ask before you connect.
  2. Try to avoid any wireless network that is not password protected or where many people have access to the password, such as those in coffee shops, and airports.
  3. If you have to use a public wifi network, only login to "HTTPS" websites. Avoid banking and shopping activities. Use these tips to reduce the risk of eavesdropping:
  4. If you frequently use public wireless, consider setting up a Virtual Private Network. VPNs are also useful for accessing a business network remotely, or accessing your home network while travelling.

Whenever possible, use encrypted web browsing.

  1. Look in the address bar to see if the website you are using is encrypted. If it says "HTTP", the website is not encrypted. If it says "HTTPS", the website is encrypted.
  2. If you're not sure whether the mobile app for a particular service uses encryption, try the service using a web browser instead, so you can check for "HTTPS".
  3. Install this browser add-on to open major websites with encryption by default:
  4. If you like a website that isn't HTTPS, tell them about Let's Encrypt.

Note that using HTTPS only protects your communications from hackers spying on the network you're using. The site or app delivering the communication still sees it unscrambled.

There are a number of tools for encrypting specific types of communications, like email, chats, and text messages, so that even the app or site that delivers the communication can't read it. Most of these tools are useful only if the recipient is also using encryption technology and has the key to decode your messages. Use these directories and guides to help you choose encryption tools that work for you:

Use anonymizing software that routes encrypted online communication through a layered series of "proxies", or indirect connections, to (mostly) hide your identity. (Be aware that there are still ways people can identify you, but an anonymizer will make it much more difficult for them to do so.)

  • Software That Uses Proxy Servers to Route Communications: Tor Project

Cell phones, computers, and other devices are important to our lives, but they can also be used by others to track where we are. If you believe someone is harassing, stalking, or abusing you, it's important to make sure you take the steps needed to ensure your devices are not being monitored.

  1. Spyware can make it easy for perpetrators to stalk, track, monitor, and/or harass victims. Learn how to protect yourself from spyware:
  2. Develop your cell phone safety plan to protect against tracking:

Privacy Tips for Businesses

When you’re running a small business, it’s helpful to actively manage your reputation.

  1. Your profiles on social media and review sites are likely to be in the top search results for your business name. If you manage and update those profiles, your customers and business contacts are more likely to see the information that you want them to see.
    • Comprehensive Steps for Reputation Management: The Online Reputation Management Guide (Disclaimer: This advice comes from a marketing firm, so it contains a few plugs for their services, but it is generally sound.)
  2. Make sure only trusted employees can post on social media sites using the official business account; one inappropriate or misinterpreted post could cause significant damage to your business’s reputation. One way to minimize misinterpreted posts is to require multiple employees to review posts before they are made public. Also, be sure to remove access when an employee leaves.

If customers, clients, or donors contact you, don't pass the communication along or post it publicly without asking them. This applies to both positive and negative feedback, as well as other types of information.

  1. If someone gives you a great review, ask them before you post their name or photo or anything else identifiable about them.
  2. If you're quoting something someone posted on a public site, or you're responding to a review, don't add other information you know about the individual without asking them.

To effectively protect customers’, clients’, or donors’ privacy, it helps to start with a comprehensive plan.

  1. Use these resources for any size business to help you protect your customers:
  2. Large businesses or those that handle a lot of sensitive data may need a dedicated staff person to handle privacy:

Keep up with new laws and regulations about protecting your customers' privacy. Professional associations and local or state business associations often have best practices that can help you comply with the laws for your industry and area, but make sure their recommendations are current before enacting them.

Your employees also have privacy rights you should be aware of:

When customers, clients, or donors entrust you with their personal or contact information, consider the benefits of keeping it private. While passing customer lists to business contacts and third parties may be legal in most industries, it is impolite, and may cause your customers to take their business elsewhere. On the other hand, having a reputation for respecting customers' privacy may provide a competitive advantage.

  1. If you want to share your customer’s personal or contact information with other businesses, use an opt-in model that lets customers know you care about their privacy preferences.
  2. Have strong contracts in place with companies that process your customer’s personal data on your behalf.
  3. Above all, make sure you keep your customers informed about what you are doing with their data:

Be aware that when you buy online ads to drive traffic to your site, or when you sell ad space on your website for other companies' products, you are adding to the advertising company's profile of your customers or members. If your business or organization is of a sensitive nature, you might consider using an advertising service that does not track the behavior of individual users.

Be selective about the software and communication platforms you use in your business or organization. If it doesn't state clearly in the terms of service or user agreement that they will not share your data or your customers' or donors' data with any other entities, contact the company and ask. If you can't get a straight answer, choose a different platform.

Evaluate whether your business or organization is at risk for security breaches, especially if you handle sensitive customer data. Use these resources to help you understand where the possible vulnerabilities might be:

Check out the data-security risks for any software or communication platforms you use in your business or organization. Just because it's from a well-known company doesn't mean it will do a good job of keeping your and your customers' or donors' data secure. You can enter 'security vulnerabilities' and the name of the product in a search engine, or use the following resources and databases for up-to-date information:

For those with a technical background, these criteria can help you make a thorough evaluation:

Resources to Learn More About the Topic

Back to Top
Close