Fact Sheets

Protecting your Privacy Online

Frequently Asked Questions

What should I know about protecting my privacy on the Internet?

Many websites collect personal information about you. Some sites, before granting access, ask for personal information, such as your name, address, and even your personal preferences. Many websites place “cookies” (small pieces of text) on your hard drive, which can be used to save information about you. Cookies can help to identify you the next time you visit. With a cookie on your hard drive, you don’t have to retype your information on the site, thus making it easier to go about your business.

If you wish, you may activate “private browsing” on your web browser so that websites cannot track you with cookies. This usually deletes web cookies, but other types of tracking technologies can still remain stored during these private browsing sessions.

In order to clear all the different forms of tracking technologies, you generally have to install and use special tools in your browser. You can also visit the http://donottrack.us website for more information on how you can prevent tracking.  Here too you will have to keep in mind that this is a partial solution, since not all third parties respect the “do not track” header.

While choosing private browsing will help you shake tracking technologies, it also means you will have to type in information about yourself, such as data for online order forms, more often. You should also know that some sites require your permission to install cookies in order for you to browse there.

Should I worry about online fraud?

Fraud is a major concern in an era of exploding online commerce. Fraudsters are continually devising ways to try to trick you into revealing your personal details online, so they can use it for nefarious purposes such as copying your credit card or ripping off your bank account. 

“Phishing” is the term used to describe such scams. A typical phishing attackstarts with an e-mail that claims to have come from your bank. The e-mail tells you to fix a problem with your account by logging into your online banking service with your user name and password. The message and the “bank” website it links to are phony, and your valuable data winds up in criminal hands.

Even if you don’t give up personal data, fraudsters can secretly steal your information by sending malware (malicious software) to your computer, often through unsolicited email messages, commonly called “spam.” If you inadvertently install such software on your computer (which sometimes requires little more than clicking on a link or opening an attachment) it can end up accessing information such as your bank account number, user name or password.

You can never entirely eliminate the risk of your personal information being stolen or misused. However, you can reduce your risk. For example, you can:

  • Make sure you have the newest version of your Internet browser, because that will give you the latest privacy options. Installing the latest software and virus protection also reduces the risk of hackers manipulating your computer and its data.
  • Take time to read website privacy policies before submitting any personal information, and never agree to something you don’t understand.
  • Only provide as much information as is absolutely required when filling out online application forms.
  • Always make sure your connection is secure (encrypted) before giving credit card or other financial information. Look in the browser for a connection that begins with the letters “https” instead of “http”.

For more information on these issues and how to web surf safely, please visit:

Internet Threats; and
Protecting Yourself From Spam

What are the unique privacy risks of social networking sites?

Protecting your Privacy Online - Frequently Asked QuestionsSocial networking has undoubtedly taken on a life of its own that nobody could have predicted when Canada’s online privacy laws were adopted a decade ago. Nine out of 10 young Canadians now socialize online, and nearly half of all Canadians are now on Facebook.

The benefits of connecting with and making friends, sharing ideas and memories are balanced by privacy risks, which can range from embarrassment to identity theft.  
One word deservedly associated with social networking is immediacy.  Seconds after we have a thought, we can act by, for example, posting a photo after or even during a raucous social event.  In short, what may be funny at that moment may prove embarrassing in the days, weeks, months and years to come. 

From time to time we hear stories of people who suffer serious consequences from online postings that they mistakenly thought were simply being shared among friends.  
There have, for instance, been reports about people who have been fired, missed out on job interviews and academic opportunities, or have been suspended from school because of communications that were not nearly as private as they should have been.

What are the more serious privacy risks of social networking?

In addition, social networking sites are increasingly being targeted by fraudsters, who comb them for people’s email addresses matched with personal information which may be posted such as one’s place of work, education, friends, family members, favourite TV shows and more.

In short, if your privacy settings allow strangers to see the same information about you as your friends, they have access to a one-stop-shop detailing who your friends and family are, where you go to school or studied, where you work as well as former jobs, what you like to read, what you like to watch, what are your religious beliefs and/or political leanings.

Depending on the information available, a fraudster can mount an effective personalised phishing attack. In other words, that fraudster can craft an email designed to appear as it’s coming from a friend or even family member (as they may also reveal their email addresses) and be related to one or more of your posted interests. 

The more authentic the email, the more likely a recipient may be tricked into:

  • providing personal information in  a reply;
  • clicking on a link to a phony website to enter sensitive data; or
  • inadvertently downloading malicious software.

How can I protect myself on social network sites?

There are steps you can take to reduce unwanted sharing of your personal information when using social networks:

  • You can adjust your privacy settings to reduce access to your personal information.  For example, you can set your preferences to only allow friends to see information other than your posted name.
  • Check your privacy settings regularly.  Some social network sites make changes to their privacy policies and settings without informing users, which can result in your information being shared beyond your friends
  • Be wary of including in your profile your birth date, your mother’s maiden name, or any other information that is routinely used as security identifiers at banks or other organizations where you have accounts.
  • Consider using a nickname that only your friends will know or, if you use your real name on your social network account, consider using a pseudonym within your email address so the two can’t be matched by an address harvester.
  • It’s wise to pause before you post words or pictures. Ask yourself: “Is this information that I wouldn’t mind an employer seeing -- now or in 10 years?”
  • Before uploading photos from a mobile device or photo library on your computer, check your settings. As a default, some may allow the posted photo to be seen by everyone on the Internet rather than just your friends.  Check it out and adjust the setting to suit your preference.
  • If one of your friends posts and tags a photo of you or perhaps one of your children, don’t be shy about asking them to un-tag it and to refrain from tagging you and your family in the future.  Make it clear that you will do the same in return, as they wish.
  • Think twice about revealing your location online.  While telling people where you are, you’re also revealing where you are not. For example, letting people know you’re at a five-star restaurant or on a weeklong cruise also reveals that your home may be unoccupied and therefore ripe for robbery.

Can I preserve my privacy if I take part in online conversations?

Protecting your Privacy Online - Frequently Asked QuestionsOnline forums enable two or more users communicate with each other in real time and can allow anyone with a computer to hre their views on a vast range of subjects with others. Chat groups can take place in public or private chat rooms. Discussion groups, on the other hand, permit you to communicate with others on a topic of common interests, usually by posting messages.

Keep in mind that your postings can become public. Anyone from the simply curious to potential employers or employees can search for copies of your messages, which may be kept on a site indefinitely. It is possible to find the name of discussion groups in which you take part, which can reveal a lot about you.

Also be aware that people can masquerade as others in online groups, perhaps to trick you into surrendering personal information.

To protect yourself you can:

  • Chat or participate in discussion groups under a pseudonym.
  • Be discreet. Don’t provide personal information unless absolutely necessary and by all means, never post sensitive information such as your mother’s maiden name, social insurance or credit card number.
  • Avoid posting your email address, which can be easy prey for address harvesters, who compile bulk lists of email addresses and sell them to spammers. If you need or want to share your email address and reduce the risk of it being harvested, “mask” it by spelling it out (ie john dot doe at emailservice dot ca).  
  • Use a second, disposable e-mail address that can be discarded without having to notify all your contacts.

Is online privacy protected under Canadian law?

Yes, it is. There are two laws that help safeguard your personal information: The Personal Information Protection and Electronic Documents Act (PIPEDA) has existed for a decade and a new anti-spam law was passed in Parliament in December 2010 and is expected to come into force in late 2011or early 2012.

PIPEDA requires private-sector organizations to obtain your consent if they want to collect, use or disclose personal information about you. They can use the information only for the purpose for which you gave consent. Also, even if you agree, businesses and organizations have to limit their disclosure to what a reasonable person would consider appropriate in the particular circumstances. You also have a right to see information that a business has about you, and to request that any errors be corrected. 

The Office of the Privacy Commissioner can receive and investigate complaints about possible violations of PIPEDA.

Canada’s new anti-spam legislation is designed to fight unsolicited commercial electronic messages (including e-mails, text messages and social networking messages) by requiring most senders to first obtain a recipient’s consent. There are exceptions, which generally include family, friends, and existing business contacts.

For more information on the new anti-spam law, please visit www.fightspam.gc.ca

When can I make a complaint with the Office of the Privacy Commissioner?

You can lodge a complaint with our Office when:

  • You believe that your personal information has been improperly collected, used, or disclosed.
  • You encounter problems obtaining access to your personal information held by an organization.
  • An organization refuses to correct information you consider inaccurate.