I have just finished reading through all of my unread RSS feeds and came across this one from David Canton, one of our guest bloggers. With his permission I want to share the following with you to make sure that as an IT Manager you are not negatively contributing to privacy concerns.
Originally from: http://www.canton.elegal.ca/archives/2007/01/#000990
The Canadian Privacy Commissioner has issued a news release with her top 10 recommended resolutions for consumers for protecting their privacy in 2007. Its a practical list that's worth reading.
It reads in part as follows (with a couple of my comments thrown in.)
1. Guard your information
Ask questions when a cashier ringing in your purchases wants your name, address or telephone number. Why is the information being requested? How will it be used? If you are concerned about unwanted junk mail or telemarketing calls, decline to provide the information. It’s as simple as saying, "Sorry, I don’t want to share that personal information." Privacy laws give you a choice. You don’t always have to say "Yes."
[And shield the keyboard when typing your PIN number at the cashier]
2. Check your receipts
Some retailers still use older equipment that prints receipts with a complete credit card number – creating a risk the number will fall into the wrong hands and be fraudulently used. If the number is complete, use a pen to scratch out the middle four numbers on your copy.
[Some don't print the whole number on your copy - but do on the merchant copy. That's worse in my view. The transaction has been approved by then and the merchant does not need to keep the full number (unless they use the old fashioned impression method). Remove those digits from the merchant copy as well. A pen may not be enough if it can be read through it.]
3. Become a junk mail buster
If you don't want to be added to marketing lists, check the "no thanks" or opt-out box, or initial a note stating your preference, whenever you give personal information to magazine publishers, retail stores, charities and other organizations.
4. Take three steps to create more quiet nights at home
- Take advantage of the Do Not Contact Service (do-not-call, do-not-mail, and do-not-fax) offered at no cost by the Canadian Marketing Association (CMA). You can make the request online at www.the-cma.org.
- Ask your telephone company to remove you from the lists it sells to external organizations.
- When telemarketers call, insist they remove your name from their calling lists. They are now required by law to maintain do-not-call lists.
5. Develop a shredding habit
Make sure your blue box is not a goldmine for identity thieves. Buy a shredder (many are surprisingly inexpensive). Destroy all documents that include sensitive personal information, such as bank statements, credit card statements, credit card receipts, and pre-approved credit card applications.
[To make it easier - just shred everything that has your name or any info at all on it. Get into the habit of shredding everything but the newspaper. When you buy a new shredder - get a cross-cut version rather than a strip cut one.]
6. Check loyalty program fine-print
7. Become more privacy-aware on-line
Educate yourself about protecting your privacy on-line. Install the latest anti-spyware, anti-virus and firewall software on your computer. Shop only on secure sites – check for a lock symbol on the bottom right of the window. There’s plenty of advice on the Internet.
8. Stop Spam
Invest in a good spam filter and learn how to use it. Spam affects privacy rights because it involves the inappropriate use of personal information – your e-mail address. Protect your regular e-mail address by using it only with trusted friends and business associates. Get another address for other online uses. If you receive an e-mail from a sender you don’t recognize, or with a subject line that doesn’t make sense, just delete it. Opening spam may send a confirmation that an e-mail address is valid – and lead to more spam. The OPC homepage, www.privcom.gc.ca, includes a link to more information about spam.
9. Caution on the phone
Apply a healthy dose of skepticism when an e-mail or phone caller warns that your bank account or credit card has been compromised. Never reply to such e-mails, which may have been sent by ID thieves. Call your bank instead. Fraudsters are also using the telephone to get personal information. The best way to determine whether a call about account problems is legitimate is to say, "I’ll call you right back," and then call either the number on your credit card or account statement.
10. Protect your SIN
Ask questions when an organization asks for your Social Insurance Number. An ID thief could use your SIN to apply for a credit card or bank account in your name. Companies can’t insist that you provide a SIN unless it is required for a specific and legitimate purpose, such as tax reporting. Ask why the organization needs your SIN and whether you are required by law to provide it. If you are refused a product or service unless you give your SIN, complain to the Office of the Privacy Commissioner of Canada.
Check out more of David's musings at http://www.canton.elegal.ca