Protect your privacy online
Protecting your privacy online gives you more control over who can access your personal information, and helps to protect you from identity theft and fraud.
Why it matters
It's important to be aware of how much of your online self you’re sharing, and who you’re sharing it with.
That means both:
- what you choose to share yourself, and
- what you’re asked to share by the companies you have online accounts with.
Once you post something online, you lose control of where information about you goes and who can use it.
The risks
Your personal information can be used by:
- marketing companies who buy it from the social media sites who collect it
- attackers who can use it to their advantage, often to get money.
If your data’s made public, whether accidentally or intentionally, it’s shared with everyone – including people you don’t know or trust.
How to protect yourself
For starters, only share personal information online when you know:
- who’s asking for it, and
- why they want it.
Give out as little information as you can. Be aware that you’re actually paying for any ‘free’ services with your information, which the services will sell to marketers – or worse.
-
Think before you share
When sharing information with businesses, check that requests are legitimate before you share your details. Businesses are legally only allowed to ask for information that they need to conduct their business. So, if a company or business asks you for information, think about why it is necessary for them to have it. If you’re not sure, contact them and ask first.
You can ask to see what data is held on you, and you can ask to change it. The Office of the Privacy Commissioner has some good information on privacy rights.
Your Privacy Rights – Office of the Privacy Commissioner
When sharing information on social media, make sure you have set your privacy settings so that only your friends and family can see your full details. Think carefully about the type of information you share, and take care if accepting friend invites from people you don't know in real life.
-
Check company privacy policies
Before you share any personal information with a company, especially one you haven't signed up with or bought something from before, check their privacy policy to see how they will use your information.
Any organisation collecting personal information in New Zealand must follow the rules of the Privacy Act.
Privacy Act 2020 and privacy principles – Office of the Privacy Commissioner
Social media companies may also use the content you post – including images – to train artificial intelligence and other algorithms, such as facial recognition. This is often listed in the privacy policy regarding use of your data.
-
Watch out for unusual or unexpected requests
If a company, friend or family member sends you a request for information that's different from normal, or doesn’t feel quite right, it may well not be. For instance, your bank should never send you an email with a link to online banking and ask you to log in.
-
Only share information on secure websites and through secure connections
Make sure a web page is secure before you send any information through it. Depending on the browser you use, in the address bar, it should either:
- start 'HTTPS' not 'HTTP'
- show a padlock next to the URL.
When you send information through a secure website, it is encrypted – making it like a letter in a sealed envelope that only the person it is addressed to can open and read. It is not able to be read by anyone intercepting its path to the website.
Unsecure web pages might have:
- a URL starting with HTTP only
- no padlock, or a padlock with a red line through it
- a "not secure" warning.
Sending information through this sort of website is like sending a postcard through the mail – anyone whose hands the postcard passes through can read it.
Get help now
If you think you've been affected by a privacy breach, see the information on what to do on the Privacy Commissioner's website.
Office of the Privacy Commissioner
You can also report an online issue or security incident to us at CERT NZ.