Protecting your Privacy Online

Tips for protecting privacy while surfing the web, using email or social networking

The online world offers tremendous convenience, but also carries risks for privacy. Your clicks and website visits leave data trails that may be of great interest to businesses for marketing and other purposes. And every time you post a thought or photo, it can live on in cyberspace forever—even if you think you’ve deleted it. Criminals also have sophisticated ways to access your financial and other sensitive personal information.

While organizations that collect and use your information have a responsibility to protect it, there are measures you can take to protect yourself from identity fraud or the misuse of your information, or to ensure that your privacy is respected in the way you would want.

How can I protect my personal information online?

When doing any online transaction, always ask yourself:

  • Who is collecting the information?
  • Is it necessary for the transaction??
  • What will be done with it?
  • What are the consequences for me?

You should find answers to these questions in the website or email provider’s privacy policy, terms of use agreement or other privacy communications which are required to explain the company’s collection, use, disclosure and safeguard policies. If you are still unsure, contact the organization’s privacy officer directly. Don’t provide your personal information, especially sensitive information such as health or financial data, if you don’t feel comfortable with the site’s policies.

Companies may want to use your personal information for analytical or marketing purposes or pass your details on to other companies for similar reasons. They should ideally give you the chance to opt in or, in some circumstances, out of such services.

What are online scams and how can I avoid them?

Numerous scams exist that try to get you to provide personal details, including details of your bank account or credit card, for fraud.

Phishing is an email scam that lures you under false pretenses to websites that look legitimate to get you to provide personal information. Such emails sometimes appear to be from recognizable sources such as banks or disaster relief organizations but are actually linked to fraudulent websites.

Spear phishing usually occurs on social media sites and involves fraudsters pretending to be part of a particular social network to build trust and solicit information for nefarious purposes.

Be wary of unsolicited email or spam from unknown sources or questionable links in social media messages. They may contain malware that could harm your computer and potentially steal your personal data. Even if it looks like it comes from somebody you know, be suspicious of odd messages as your friend’s account may have been hacked.

If in doubt, don’t open emails or attachments or click on suspicious links. Also, don’t disclose any personal information online unless you are sure you know who you are dealing with. You may wish to authenticate the message by contacting the person or organization that purportedly sent it to you directly.

Can I opt out of online marketing and advertising?

There are different ways of advertising to people online. Some involve displaying the same ads to everyone who visits a particular website. Online behavioural advertising involves showing you a selection of ads based on the websites you’ve visited. This targeted approach aims to tell you about products or services you are likely to be interested in.

Organizations and companies have always used information about their customers to market goods and services to them. For many people this will be a welcome and useful feature of using the Internet, particularly when shopping online.

However, some people dislike this approach and don’t want their buying and browsing habits tracked for these purposes.

Websites should provide an easy way for you to opt out of receiving such ads or recommendations. For example, you should be told when cookies are being used and given choices about whether you agree to their use.

Tip: For more information about online behavioural advertising and tracking, check out our fact sheet: Online Behavioural Advertising in Brief.

What security measures can I take?

Your Internet browser has built-in tools to help protect your personal information. Take some time to learn about the security and privacy settings in your browser and keep it up to date.

Some tools help control the amount of personal information you put online; others allow you to wipe the details of sites you have visited, or searches you have made, from your computer. Install antivirus and security software and keep this software updated.

When surfing on public Wi-Fi, avoid sensitive transactions such as online banking as the connection is not secure and others may be able to capture the data you are sending. You may wish to enable private browsing on public wireless networks by adding security such as a Virtual Private Network (VPN). A VPN allows you to send and receive data on a public network as if you were connected to your private home or work network.

When choosing a password, avoid obvious choices such as mother’s maiden name, child’s name, pet’s name, or other references that someone may be able to guess through information you have posted elsewhere. Make them eight or more characters. Use a combination of letters, numbers and symbols. Use different passwords for different websites and email accounts and change your passwords regularly. Don’t write them down or share them with others.

Be wary of anyone who asks for your bank or credit card details via email and only use secure sites when shopping online. While not foolproof, look for the lock icon, HTTPS protocol or green highlighting in the address bar. These are all signs the site is likely secure.

What should I consider when social networking?

Whether you are using a networking site, internet dating site or just chatting on a message board, chances are you are putting personal information online. Once it’s out there, you may not be able to control what happens to it. This could pose a risk to your privacy or even make you vulnerable to identity theft or fraud.

So before you create a profile, post a picture or tell the online world what you’re doing, think about how to make sure you’re safe online.

Avoid sharing too many personal details with large numbers of people, for example by allowing open access to your social media pages. Familiarize yourself with the privacy settings of your favorite social networks and adjust them according to your comfort level.

When posting information online it’s also worth thinking about who might see it apart from your intended audience—would the things you write or the pictures you post cause embarrassment in real life? How would you feel if your current or potential employer saw what you posted?

Most sites have privacy settings that allow you to control how public or private your information is. While some sites set privacy settings automatically at their most private level, on others all your information could be available to anyone unless you change the privacy setting. If you don’t understand what a particular privacy setting means in practice, don’t post any information until you have figured it out.

Here are a few things to consider before posting information or images on social networking sites:

  • Find out how the privacy settings offered can limit access to your personal information;
  • Adjust your privacy settings so that information about your family and children is shared only with those you know well;
  • Don’t include too much personal information that could make you vulnerable to identity fraud;
  • Think carefully before posting information—would you want your employer or potential employer to see those compromising photos;
  • Review your information regularly—what may have seemed like a good idea at the time may not seem like such a good idea months or years later. But remember that while there are often tools to delete or hide information, data posted online can persist in different places and permanent removal can be difficult if not impossible;
  • Get people’s consent before you upload their pictures or personal information; and
  • Use strong passwords and logins to prevent your account from being hacked.

How can I help my children stay safe online?

Children use the internet regularly and may be involved in more online activity than their parents. Some children may even have greater technical knowledge than their parents, but they may be unable to identify the risks of sharing too much personal information online, and may be unable to spot scams as readily as adults.

Tip: Check out our 12 Quick Privacy Tips for Parents for more on how to protect young internauts.

What can I do if someone says something about me online that I don’t like?

There are several things you can do:

  • Most social networking sites have a policy for dealing with inaccurate or derogatory posts. Have a look on their website for their procedure for complaining about a post or asking for something to be removed;
  • If you can’t find a procedure or form on the website, try contacting the website administrator with your concerns;
  • Take the matter up directly with the organization or individual who has posted the comments about you, if you think this might help; and
  • If you think that the posting is defamatory, or you feel threatened or harassed, seek legal advice or contact the police.

It’s important to note that Canada’s private sector privacy law only applies to organizations involved in a commercial activity. Since disputes between individuals generally don’t involve commercial activity, the Office of the Privacy Commissioner of Canada can seldom intervene.

What else can I do?

You can try to stop organizations from using your information to send you direct marketing. You should be given the opportunity to opt in or out of receiving marketing materials at the moment you are asked to give your personal details. You should also have the opportunity to change your preference later.

Check off the “no thanks” box on electronic forms when asked to provide personal information or send an email stating your refusal to be contacted. Report email solicitations that are fraudulent or misleading or that you did not consent to receiving. It may be spam and the sender may be breaking the law.

If you have concerns about the personal information handling practices of an organization, your first step should be to bring it to their attention. Most organizations are sensitive to consumer concerns about privacy. In many cases, a concern you have about how your personal information has been handled by an organization can be quickly and effectively addressed if you raise it directly with them.

You also have the right to access and correct the personal information an organization has about you.

If, after speaking directly with the organization, you have not resolved your issue, you may wish to contact our Office for more information or to file a formal complaint.

You may also wish to read up on the basics of Canada’s federal privacy laws: the Privacy Act, which applies to the personal information handling practices of federal government institutions, and the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal private sector privacy law.

* We wish to thank the U.K. Information Commissioner’s Office for granting permission to adapt sections of their document on online safety for use by the Office of the Privacy Commissioner of Canada.

Date modified: