Do you have any rights when you go online?

While I certainly don’t think it’s necessary for you to learn about things like processors and RAM, I do think it’s important to understand how the internet affects our lives both personally and as a society. Here is a resource to steer you in the right direction.

Photo by Rob Laughter

With the number of Americans who don’t use the internet down to a mere 11%, I think it’s safe to say that the internet is here to stay. But there are still a lot of folks who don’t know (or don’t care) about what goes on behind the curtain. And while I certainly don’t think it’s necessary for you to learn about things like processors and RAM, I do think it’s important to understand how the internet affects our lives both personally and as a society. With so much talk about privacy, security breaches, etc., we all need to understand both our rights and our responsibilities as internet users.

So let’s take a look at some of the most important issues. Some of them may not apply to you right now, but if you bookmark this article, you can use it as a resource to steer you in the right direction if you ever do have a problem.

Privacy

Most people are shocked to find out just how much of their personal information is out there, not to mention the multiple methods used to collect and analyze it. Even when you don’t explicitly share a piece of information, today’s sophisticated algorithms are often able to piece little tidbits together into amazingly accurate profiles.

More and more, consumers are pushing back, and regulatory agencies are responding. One of the first was the EU’s General Data Protection Regulation (GDPR). With the recent passage of Brazil’s version of the GDPR, there are now more than 120 countries with some degree of data privacy regulation. And the U.S. currently has several proposed bills under consideration.

Privacy advocates are busy at local levels of government, as well. In the U.S., the California Consumer Privacy Act offers extensive protections. Eleven other states are considering similar legislation.

What does that mean for you?

It means that the idea of who owns your data is changing. In a rapidly increasing trend, governments are determining that your data belongs to you, not the businesses that collect and process it. While the particulars may vary, there are some commonalities you should keep in mind:

  • For the most part, you don’t have to live in the country or state where the law was passed to enjoy its protections. EU citizens living in the US are protected by the GDPR, for example, and anyone doing business with companies in California is protected by that state’s laws.
  • Companies must have a legitimate business need for the data they collect. An online business that sells clothing, for example, has no need to know (and therefore no right to ask) how many people live in your household. The days of collecting as much information as they can in case it comes in handy later are over.
    • Under the GDPR, businesses have to get explicit consent for each use of your personal data. So buying a product doesn’t mean you have to put up with an inbox full of marketing emails. While there isn’t a federal law on this issue in the U.S., many businesses are anticipating one and are already putting such policies in place.
  • You have a right to ask any company for a copy of your personal data in a digital format and, if you find mistakes, you have the right to ask that they be corrected. You also have a “right to be forgotten,” meaning that you can ask a business to delete any of your data that’s not required for legal or tax purposes.
  • Business have to notify you of any breach that puts your personal data at risk. In some jurisdictions, they have additional obligations, like providing you with free monitoring for identity theft for a given period of time.

Again, we’re still dealing with a mishmash of laws at this point. The important thing to know is that, if you have concerns about how your data is being used, where it’s being stored (and how tight security is), if you’re tired of receiving junk emails, etc., there may be things you can do to correct the problem.

Accessibility

Courts have ruled that the Americans with Disabilities Act (ADA) covers digital spaces as well as physical ones. In a nutshell, this means that you shouldn’t have to forego using a website because there’s not enough contrast between the text and the background, videos don’t have captions, the images aren’t tagged to work with your e-reader, the site isn’t navigable using only a keyboard, etc.

Websites are supposed to have an accessibility statement that tells you whom to contact if you’re having a problem using the site. If not, you can use the general contact information. The important thing is that your access to a given website can’t be restricted by any physical limitations you may have.

HIPAA

One goal of the Health Insurance Portability and Accountability Act was to make sure your private health data remains private. Another goal was to guarantee patients access to their own medical records.

What does that mean for you in terms of accessibility?

  • It means that your medical records are your own and that you have the right to request them from a healthcare provider at any time. The provider may charge you a reasonable copying and processing fee but may not withhold records due to an unpaid bill.‍
  • You have the right to get your records in an electronic format that you can share with another provider.
  • With your authorization, providers can share electronic copies of your records with other providers. This can save time, reduce unnecessary retesting, and help prevent problems like drug interactions.
  • You have the right to request that any inaccurate information be corrected.

What does this mean for you in terms of privacy?

  • Providers are required to protect your information through tools like PIN numbers and encryption. They’re also required to keep a record of who accessed your record, when it happened, and what changes (if any) were made.
  • Providers are required to follow certain procedures in the event of a breach.The provider is required to notify you as well as the Secretary of Health and Human Services. In the case of larger breaches, providers are also required to notify prominent media outlets.
  • You have the right to know when, why, and for what reasons your health information has been shared.

All in all, HIPAA has turned out to be a good law. A word of warning, however: Many people have found themselves in a situation where their doctors couldn’t talk to a family member who was trying to help manage a health crisis for them. Make sure you sign paperwork with each of your healthcare providers giving them permission to discuss your care with a person of your choosing.

Security

While there are many laws and regulations regarding the handling of your personal information (including payment information like credit cards), they do little good if those safeguards break down due to your own security practices. Here are some things you can do to make sure the weakest link in the security chain isn’t inside your own home:

  • Immediately change any default login information, like the kind that comes with a new wireless network, router, or IoT advice. There are only a certain number of default combinations in circulation, so it’s not a challenge for a serious hacker to access your home network. Once that happens, all of your information is at risk.
  • Don’t reuse passwords, and follow the latest guidelines for secure passwords. For example, experts recommend against using passwords that could be guessed through “social engineering,” like the names of your pets or children, your birthday, etc. The strongest passwords are long and include a variety of random characters, such as a mix of upper- and lowercase letters, numbers, exclamation points, etc. There are a number of secure password management apps that can help you keep track of your passwords.
  • Don’t click on links in emails that appear to be from your bank, your credit card institution, or anyone else that has access to your personal information. Called phishing attacks, these emails appear to be from trusted sources, but they’re really fake. Once you reply or click on a link, you’re sending information straight to the criminals. If you get an email telling you it’s urgent to contact your bank, credit card provider, investment firm, etc., don’t click on the link. Instead, open a browser window and log in the way you normally would. If there really is an urgent issue, you’ll be notified as soon as you log in.
  • Make sure you have the latest version of your browser, malware/antivirus software, firmware, etc.
  • Install updates and patches as soon as you receive them. I know it’s a pain to stop what you’re doing, but many of these updates are a response to a recently discovered security weakness. This is especially true for IoT devices, many of whose vulnerabilities are still being discovered (and exploited).

The opportunities presented by technological advances are almost beyond imagination. However, they don’t come without risks. I always tell my business clients that their approach to digital should be to balance risk with opportunity, and I think that’s good advice for the average user, too. You don’t have to “go offgrid” to be safe. Instead, know your rights, hold the businesses and agencies you deal with accountable, and practice your due diligence as a home user of technology. If you do that, you can enjoy the best of both worlds.

This insight originally appeared on kpodnar.com

Digital policy innovator, helping organizations see policies as opportunities to free the organization from uncertainty, risk, internal chaos.