Data Privacy Day reminds us to think before we act
Jan. 28 is National Data Privacy Day, an educational initiative focused on raising awareness about the importance of protecting the privacy of personal information. With more and more information being collected by companies, websites and social media, this is something everyone should consider. The university strongly supports data privacy and intends to promote it year-round.
To understand the importance of Data Privacy, it is vital to understand Personally Identifiable Information (PII) and exactly what privacy is. PII is any combination of data points that can lead to the identification of a specific individual (you). This can mean things such as your name or email address, but most times PII refers to “sensitive PII” such as Social Security, driver’s license, state identification or financial account numbers. Sensitive PII can also exist if PII is combined with another piece of information about you such as a birthdate, medical information or even passwords. The more pieces of data combined about an individual, the more valuable and sensitive the body of information becomes.
Privacy is often considered to be the concept of confidentiality, which is keeping information secret from those that should not see it. While that is an aspect of privacy, often called “need to know,” privacy is much more. Privacy is a larger concept centering on you as the individual to whom the information refers. It is about your rights to access, correct and control the information that another entity has about you.
Organizations that honor your privacy will not only protect confidentiality, but should also follow a set of principles related to how they manage your information, including:
- *Not collecting more information than they need to conduct their business with you;
- *Informing you of what they will do with the information that they collect and not doing more with it than they have promised;
- *Retaining the information for only as long as it is needed and then properly destroying the information;
- *Not sharing your information with others without your permission, except as required by law;
- *Allowing you to review and correct information if necessary.
To understand your privacy rights, it is essential that you read the privacy policies of any organization to whom you provide information, especially PII. This includes websites, health care providers, insurance companies, and financial institutions. If you do not agree with how they intend to protect your privacy, consider not using their service.
Privacy is a Shared Responsibility:
Identity Theft Protection:
Despite many organizations’ best efforts in handling and using your private information properly, the countless breaches of PII by cybercriminals in the past few years have resulted in the exposure of information about millions of people. One reaction to such breaches can be to provide credit monitoring for one year. This is a very short amount of time to have such a protection. Those that have stolen the information, or those to whom they have passed it on, may hold it for much longer than a year before using it to steal your identity or commit credit card fraud or worse in your name. If you have been a victim of a breach, check out some of the FTC’s resources on starting a credit freeze to protect yourself.
Blue Cross Blue Shield of Texas (BCBSTX) is providing identity protection services to employees, retirees and minor dependent children who are covered under the UT SELECT Medical Plan administered by BCBSTX. The services are free and are intended to protect health and personal information. For more details, go to https://www.utsystem.edu/offices/employee-benefits/identity-protection-services.
If you are considering Identity Theft protection services, research the firms that you are considering engaging and ensure you understand the services they will and will not provide. Also, read their privacy policies, because for them to deliver these services you must provide them with varying amounts of PII.
Protecting privacy is both your responsibility and that of those individuals and organizations that have information about you. Do everything in your power to be aware of how you personally can compromise your privacy and hold those organizations that you engage with accountable for their management, or mismanagement, of your personal information.
For additional tips on keeping your personal information secure, visit:
- *Protection Against Credit Card Fraud by Federal Trade Commission
- *Data Privacy Events by US-CERT
- *Stay Safe Online website by National Cyber Security Alliance
- *Data Privacy Resources by UT Health San Antonio’s Information Security Team (requires logging into the My UT Health Intranet)