Paul Bischoff of IT security experts Comparitech explains how to reduce the risk of your information falling into the hands of criminals.
You might have heard that once something is on the internet, it stays there forever.
In many circumstances, that adage holds true: because our data can be copied and stored ad infinitum – and it probably is – removing it can be an exercise in futility.
Even if the person or company to which you gave information agrees to remove it, there's no telling what third parties that information was shared with – and who those third parties shared it with, and so on.
But even if you can't completely erase your digital footprint, you can take steps to make finding your personal information much more difficult. In this article, we'll explain how to remove your personal information from the web.
Make a checklist
Before you get started on removing and deleting personal data, first you need to figure out who has it.
This is easier said than done because online companies often share personal data with third parties.
Your data might be used to help provide services, create marketing materials, customise advertisements, assist law enforcement, or any number of tasks not handled directly by the company to which you provided the info in the first place.
We also need to define what types of data we want removed.
Personal data is roughly divided into two categories: personally identifiable information (PII) and non-personally identifiable information (linked PII). We are primarily concerned with PII, which includes:
- Full name
- Email address
- Phone number
- National Insurance number
- Date and place of birth
- Biometric records
Then there's linked PII, which is information that can be connected to a specific individual within context but does not include the above identifiers:
- IP address
- Medical records
- Education records
- Financial information
- Employment records
Note that some companies might not delete your data right away upon request and can retain it for a week or a month, depending on their data policy. Such information is often kept in case the user deletes their account on impulse and changes their mind later.
Low hanging fruit
If you really want to wipe the slate clean, you'll need to delete all of your accounts. If you don’t want to do that, here are some ways to reduce the information about you online.
Start with the companies that you know have your information because you provided it to them.
Facebook, Google, Amazon, Steam, and Apple will all allow you to comb through your activity history and profile information and remove the majority of personal data.
If you don't want to delete your account entirely, then look for options to limit the visibility of what information needs to be retained.
Email addresses and phone numbers are often used to register for accounts, but companies usually offer the option to hide that info from the public or they hide it by default.
Next, do searches about yourself. Use search engines like Google as well as people finder sites like Pipl, ZabaSearch, WhitePages.com, Wink, and PeekYou.
Look for your name, phone number, and email address. When you find yourself on a website, look for a page where you can request your information be removed.
If there isn't one, contact the website owner directly via email and make a formal request. If no email address is listed, enter the website domain into WHOIS to dig up some information about who owns it.
When you send a request asking for information to be removed, be polite and specific. Include the URLs containing your information.
Don't attach screenshots or other files, because web administrators will treat such attachments as potential malware. Follow up if needed, but don't make threats.
Sift through emails
The next step is to comb through all those emails that you normally never look at.
All those social media notifications, promotions, and spam had to be sent from someone with your email address on file.
It can be tempting to just click the "unsubscribe" button when you receive too many emails from one source, but unsubscribing doesn't mean that company deletes your information.
Instead, go to the domain (website) from which the email originated and see if there's any mechanism that allows you to delete your information from their servers permanently. If not, see if you can contact the domain owner through some other means like the previous step.
Another option is to delete that old email account you've been using for ages and just make a new one. This won't remove your personal information, but it does give you a blank slate.
Many websites, apps, and services allow you to sign up using your Google, Facebook, Twitter, Apple, Microsoft, or LinkedIn account.
Doing so allows the companies you sign up with to see your profile information and other activity on those accounts.
You can review and unlink accounts from the settings menus of these companies, but you might need to email them directly in order to have your information completely removed from their servers.
Check for an app identification number before you unlink the account, which you can send to the company as a reference.
Check the archives
The Internet Archive is a searchable collection of websites and pages from the past two decades, including many that have shut down or moved.
Even if a company that collected your information no longer exists, its website and your info might still be visible in the Wayback Machine and Archive.org.
Search for yourself and see if anything comes up. Send an email to firstname.lastname@example.org to request your information be removed.
HaveIBeenPwned is a tool that lets you check whether your information was leaked in a data breach.
Simply enter your email address, and you'll get a page of results showing which data breaches included your email.
Unfortunately, there's nothing you can do if a company lost your data to hackers, but it's good to know what's out there.
Minimise your footprint
In the end, there might be some information you can't seem to remove.
Maybe it was part of a data breach, official court records, or maybe the website owner just isn't responsive. Short of legal action, you might just have to live with the fact that some of your personal info will never be deleted from the web.
Going forward, however, you can take steps to minimize your digital footprint:
Firstly, be very selective about signing up for new accounts, reward programs, event registrations, apps, and giveaways. Keep track of what you do sign up for and minimise information on social media.
Then employ anti-tracking and ad blocking plugins in your web browser, such as the ‘do not track’ function, Privacy Badger and Ad Block Plus, respectively.
You could even use a VPN service to hide your IP address or software like Tor that makes you anonymous, and ask your internet service provider not to record your data.
Also, consider using an alias and burner email to sign up with new accounts. Mailinator is great for this.
Finally, take the time to read privacy policies. They are easier to read than terms of service and will inform you of three key things:
- What information is collected
- What that info is used for
- Who that info is shared with
Paul Bischoff is a tech writer; Comparitech reviews the latest internet security and privacy software. You can read more of their guides and advice here. The views in this article do not necessarily reflect those of loveMONEY.
Be the first to comment
Do you want to comment on this article? You need to be signed in for this feature