Under the Personal Information Protection Act, personal information refers to data that can directly or indirectly identify an individual. This includes a person’s name, date of birth, identification numbers, physical characteristics, fingerprints, marital status, family details, education, profession, medical records, financial status, and social activities. Certain categories, such as health-related data, genetic information, intimate behavior, medical examination results, and criminal history, are classified as sensitive personal information due to their nature. For example:

• Health Data: Includes medical records, diagnosis, treatments, prescriptions, and procedures by medical professionals.

• Criminal History: Refers to records of legal outcomes such as convictions, deferred prosecutions, or other judicial decisions.

Sensitive data’s special status requires extra protection. However, challenges arise in various sectors. For instance, security firms face limitations in screening employees for criminal records, childcare providers cannot verify staff backgrounds, and transport companies cannot confirm whether drivers’ health conditions could impact public safety. In light of these challenges, the government is considering amendments to ease restrictions on the use of sensitive information while ensuring robust safeguards.

What Rights Do Individuals Have Over Their Data?

Individuals hold specific rights concerning their personal data maintained by others. These rights include:

1. Requesting access to their information.

2. Obtaining copies of their data.

3. Requesting corrections or updates.

4. Requesting the cessation of data collection, processing, or usage.

5. Requesting the deletion of data.

How to Protect Personal Information

Given the ever-evolving tactics used in fraudulent schemes, protecting personal data is more crucial than ever. Criminals exploit stolen data for financial gain, such as unauthorized credit card use or selling sensitive information on underground markets. Victims not only face financial losses but also long-term damage to their reputations and credit scores. Below are some common fraud tactics and preventive measures:

Common Fraud Tactics:

1. Phishing: Sending fake emails pretending to be from trusted institutions (e.g., banks or online platforms) to steal login credentials.

2. Smishing: Using text messages to lure individuals into revealing sensitive information on fraudulent websites.

3. Spyware: Malicious software that tracks keystrokes to capture sensitive data such as passwords and credit card details.

4. Vishing: Using automated calls to trick individuals into providing account information.

5. Card Skimming: Tampering with ATMs or payment terminals to collect card data and PINs.

Preventive Measures:

General Tips:

• Be cautious of unsolicited requests for personal information via phone or email.

• Monitor financial statements for unauthorized transactions.

• Avoid storing sensitive information (e.g., passwords) on your phone or easily accessible devices.

• Keep important identification documents secure and avoid carrying them unnecessarily.

• Regularly update system software and security settings.

• Use strong, unique passwords for different accounts and change them periodically.

Online Safety:

• Avoid using public or unsecured computers and networks for financial transactions.

• Only shop on reputable websites, ensuring they use secure URLs (https://).

• Do not click on suspicious links or open unknown email attachments.

• Back up important data using external devices or cloud storage.

ATM and Card Safety:

• Check ATMs for suspicious devices before inserting your card.

• Memorize PINs instead of writing them down.

• Keep transaction receipts secure and shred sensitive documents when discarding them.

Responding to Identity Theft

If you suspect your identity has been compromised, take the following steps immediately:

1. Report to Authorities: File a report with local law enforcement and obtain a copy of the report.

2. Notify Affected Entities: Contact banks, credit card companies, and other relevant organizations to alert them of the breach and request account closures if necessary.

3. Monitor Credit Reports: Place fraud alerts or freeze your credit with credit bureaus to prevent unauthorized accounts from being opened in your name.

4. Rectify Credit Records: Work with financial institutions to resolve fraudulent transactions and repair your credit history.

5. Seek Professional Assistance: Consider identity theft protection services to help recover from the incident.

In the United States, victims can report phishing scams to the Federal Trade Commission (FTC) or seek assistance from resources such as the Identity Theft Resource Center (ITRC). Additionally, victims may file complaints with the Internet Crime Complaint Center (IC3) for cybercrime-related incidents.

By staying vigilant and adopting strong privacy practices, individuals can minimize the risk of personal data misuse and navigate today’s digital landscape more securely.