Ramesh Mohan, Ph.D., was on a mission for a new TV. He hopped in the car, pulled up Google Maps, and searched for the nearest Best Buy. After maps provided the fastest route, the app went a step further in supplying him with information.
“It immediately reminded me that I was at that specific Best Buy four years ago,” the Economics professor says, with surprise still appearing in his eyes as he recounts the story.
According to Mohan, this is one of many examples of data collection in our everyday lives. Whether we’re playing games on a free app or asking cashiers for an emailed receipt rather than a printed one, data collection is constant and the privacy we have — or thought we had — is increasingly limited.
“Personal data is like a commodity — you can buy or sell it,” Mohan says. “Companies collect this voluntarily and involuntarily; we need to think about how customers understand what's happening, so they have control over what’s collected.”
Allowing access to personal information, whether knowingly or unknowingly, increases a person’s vulnerability during data breaches; these compromises occur when an individual, group, or company obtains unauthorized access to sensitive information. In August, Forever 21 revealed that 500,000 customers were affected by a data breach where names, dates of birth, social security numbers, and bank account information were accessed. Fast forward to early October, the genetic testing company 23andMe informed customers that a hacker leaked one million of its profiles.
While there’s nothing a person can do once information is stolen, Mohan notes that families should educate themselves on the types of information companies collect so they can limit what’s gathered about them and their children.
According to the Federal Trade Commission, parents can protect their children’s personal information by storing private documents in a locked file cabinet, deleting personal information before getting rid of a computer or cell phone, and asking questions before giving out social security numbers – you might ask ‘Why do you need it?’ or ‘Can you use a different identifier?’
Mohan notes that parents should also freeze their child’s credit report to decrease instances of identity theft. Since those 18 years and younger typically do not have credit reports, those looking to commit fraud may take out loans in a child’s name.
“This is a very essential step for digital safety of children,” Mohan says, suggesting parents check out credit monitoring services such as Experian, Equifax, and TransUnion. “You can minimize risk and it’s free.”
As for using the Internet, Mohan notes that the Children's Online Privacy Protection Act protects those younger than 13 years old by giving parents tools to control what information is collected from their children online; therefore, parents should make sure that their kids are registered as younger than 13 on the sites they use. Taking these measures can help restrict personalized ads that occur when websites collect cookies.
Mohan also suggests individuals use a browser’s incognito mode since it doesn’t keep a record of websites they visit. In addition to limiting targeted ads and tracking, this mode can help consumers save money.
“If you're not part of incognito mode and search for the same thing five times, the price will not go down because there’s a system tracking you, and it’s saying ‘this person looked for this item ‘x’ number of times. They will likely buy it, so don't reduce the price,’” Mohan says.
He adds that those shopping in person should ask for a printed receipt rather than an emailed one. By sending the receipt electronically, people give up information that could be hacked. Furthermore, consumers may consider turning off the location feature on their devices.
“If I keep visiting Best Buy and other electronic shops, my phone knows I’m shopping for something. So, when I go online, it knows I am very serious and can send me information,” Mohan says.
Strides toward protecting people’s online privacy rights are in the works. He notes that state legislators are putting forth bills on the topic and some have even been enacted. For instance, in 2023, Connecticut enacted a law concerning data and safety protections while California passed a law that requires specified businesses that electronically store medical information to develop policies and procedures to enable certain security features. On the technology side, Apple is also implementing upgrades to its operating systems so data harvesters cannot track across apps.
“This is the data ecosystem we now live in,” Mohan says.