How can we protect our personal data ourselves?

This 28 January, International Data Protection Day, is the ideal occasion to remind our dear readers of the minimum security precautions to take to protect their personal data while using digital products and services.

How can we protect our personal data ourselves?

Nowadays, all our activities on the web generate flows of personal data. This almost automated production of personal data can have a real impact on our daily lives. In this context, it seems necessary, even urgent, to protect our personal data and to be careful with our digital identity.

To do this, here are some tips.

Be careful with your passwords

According to a Verizon study in 2021, 81% of data breach notifications worldwide would be related to password issues. In France, approximately 60% of the notifications received by the CNIL since the beginning of 2021 are related to hacking and a large number could have been avoided by respecting good password practices.

It is therefore essential to choose a strong and complex password, which is not easy to reconstruct (family name, name of the cat or favourite town, etc.), and which is not a master key (i.e. the same password for all accounts).

To generate these passwords it is also advisable to use password managers such as Dashlane, Keepass, 1Password or Nordpass.

In any case, it is important to keep in mind four (04) risk factors for our passwords in order to avoid them:

1. The simplicity of the password;
2. Eavesdropping on the network in order to collect the transmitted passwords;
3. The storage of passwords in clear text;
4. The weakness of the password renewal procedure in case of forgetfulness (“secret” questions).

Do not hesitate to update your passwords if necessary, in order to minimise the risk of violation of your personal spaces in the event that a malicious user has somehow intercepted your password.

In France, the CNIL has considered that other means of authentication, such as two-factor authentication or electronic certificates, offer more security than passwords, so do not hesitate to use them, depending on the sensitivity of the information covered by the personal space in question.

Regularly check your internet tracks and look after your e-reputation

Our browsing history, our reactions and comments to social media posts etc. are all information about us and our habits that can be exploited by malicious people. For example, cybercriminals could scrutinise the information we disclose on social networks, to get to know us better and therefore refine the traps they can set for us as part of a phishing attack.

Another example of a problem that users may encounter on the internet is doxing. This practice consists of a malicious person called a doxer, who builds a detailed file on a user, including compromising information (browsing history on pornographic sites, nudes etc.), which he or she shares or threatens to share online in order to intimidate, blackmail or even obtain sexual favours from the victim. This practice is becoming more and more common in France and the United States, and what is most worrying is that the technical means are becoming more and more effective in equipping the doxer.

Moreover, it is quite possible nowadays that our uses on the Internet allow the collection of personal data without our knowledge, and very often to our disadvantage.

It is therefore recommended to ensure a good e-reputation, and to ensure this, nothing better than to check your traces on the internet. This verification can be done simply by searching on the search engines used, your name and surname in order to see what has been referenced about you and to judge yourself if you want this information to be referenced as such or not.

These actions are possible by using, for example, under the RGPD: the right of access to the data of the person concerned, the right to rectification and even the right to be forgotten. Similar provisions are, for example, provided for in the Senegalese law on the protection of personal data, Law No. 2008-12 of 25 January 2008 on the protection of personal data, which offers the same possibilities to Senegalese citizens.

In order to maintain your e-reputation, we also recommend that you

• Be careful about what you publish on social networks
• Take the time to set up the visibility and access to the information you disclose on social networks
• Do not accept all cookies from the sites you visit
• Do not save your bank details on all the e-commerce sites you shop on
• And if it’s not too much trouble…. Read the privacy policies of the sites you visit.

The protection of personal data is not just an individual matter

While the protection of our personal data is primarily an individual matter, it is also an institutional one.

As the development of Convention 108 at the global level, the adoption of the RGPD at the European level, and the adoption of the 2008 law at the national level in the case of Senegal demonstrate so well, the protection of personal data is also institutional!

World Data Protection Day is also an opportunity for E-Karangé to take stock of the evolution of data protection in Africa through the texts and authorities set up in the various African countries. This focus is justified by the fact that in Africa many developments have been noted in recent years on the issue of personal data protection, developments that are still under the shadow of the RGPD and the major American or Canadian regulations on the protection of personal data. Read our article here.