By Ron Zayas
One of your officers pulls over a motorist going 20 mph over the speed limit in a school zone. It’s a routine stop, though the driver barely holds his anger in check as he hands over his license and registration. After taking the citation, he waits until the officer is out of earshot and quietly says, “You haven’t heard the last of this.”
An officer arrests a member of a prominent gang, preventing a violent crime. As he is led away, his fellow gang members are ordered to find out the name of that officer — and where she lives.
You arrive on the scene of an officer-involved shooting. An investigation will confirm that the shooting was justified, but some in the community already harbor a grudge against cops. They share an inaccurate version of the event with thousands on social media, listing the names and home addresses of all the officers at the scene that day, and adding, “Let’s make them famous.”
These scenarios are not uncommon. What has changed over the past decade is how easy it has become for anyone motivated toward retribution to get information without ever leaving home.
With a few minutes and a couple of online clicks, your home address and other personally identifiable information (PII) can be found. If someone enters that address into Google Maps, they get turn-by-turn directions to your house. Switch to the aerial view, and anyone can review the layout of the residence and surrounding grounds, including areas with limited visibility where a person could easily hide. Further searches can identify local schools or the actual schools your children attend.
Where does this information come from?
Most sites that sell personal content point out that the information is publicly available. They buy DMV, property, court and other transaction records and simply compile them, making them more convenient to view. Most of the information does indeed come from different databases that are refreshed each month or on a regular basis. Buying a home, signing up for retail loyalty programs, giving your mobile phone to virtually any company, and ordering free stuff can place you on databases that show up online.
Providing such information for very specific reasons may seem harmless enough, but it can open the door to an invasion of privacy. Before sharing your PII, consider the ramifications and decide if the risk is worth the reward:
- Websites and apps will always ask for information, to join a restaurant’s loyalty club or to receive digital coupons at the supermarket. Don’t share personal information online unless absolutely necessary.
- Don’t open links and attachments in emails unless the sender is familiar – and confirm the sender’s email address is correct.
- Update passwords often and use random collections of letters, numbers and punctuation marks so they are much harder to steal.
- Companies like Google, Yahoo and Microsoft thrive on collecting and monetizing private information — even the content of emails sent and received through services like Gmail and Outlook. Use email aliases for loyalty programs, online forms and more that can be provided and changed without being traced back to their source.
- A cell phone tracks its owner everywhere he or she goes. Every call, every application an officer uses and every search they make is provided to organizations that sell this information. A VoIP cell number can’t be tracked, doesn’t reveal the owner of the number, and easily forwards calls and text messages to an officer’s phone.
- Internet and phone providers are legally entitled to eavesdrop on all web traffic, and to collect and disseminate it. Every search, email and online purchase is captured, indexed and sold. With a VPN, officers can encrypt their online activity, while also hiding their location. A VPN can also provide protection from malware and viruses.
- Update software and devices regularly to fix any security weaknesses.
- Clear your cache regularly. Saved cookies, simple searches, and Web history can point to home addresses, family information, and other personal data.
- Use the security protocols provided by social media platforms. While not entirely effective, they do provide some protection. For instance, by disabling the sharing platform on Facebook, friends can no longer leak an officer’s personal data.
Private content may also be leaked in the wake of a ransomware attack. This happened last year in the City of Oakland, where a data breach exposed city personnel, including the Police Department, by releasing officers’ personal, employment, and financial information.
What can be done to protect PII…after the fact
Several states have passed consumer data privacy protection laws that allow anyone to have their information removed from websites and their underlying databases. Others have passed specific bills to protect police, judges, and other at-risk professionals by providing exemptions to PII publication or making it unlawful to knowingly make their personal information available online. These include Arizona, Colorado, Connecticut, Florida, Idaho, Indiana, Kentucky, Louisiana, New Jersey, North Dakota, Texas and Utah. New bills are introduced, and laws are passed every year, suggesting that some form of data privacy protection will eventually be afforded in every state.
But even after that happens, someone must enforce those laws. And that responsibility will likely fall to officers and their departments or organizations. The do-it-yourself approach for individuals will require at least two hours every week to keep personal content off the internet, especially with thousands of people-finder websites, data brokers, and other online sources where this information could be found.
Given the escalating threat levels emerging from exposed PII, proactive police departments may contract out this vital service, which can then be offered to personnel as a benefit or payroll deduction. At a time when many metropolitan police departments are dealing with staff shortages, offering this security may also be an effective recruiting incentive.
The best of these services provides daily internet searches and removals, reporting on removal status, emergency support if an active threat is found, and preventative tools that replace authentic PII with content that cannot be traced back to its source.
Should you choose to pursue this protection for yourself, the important thing is to stick with it. Removing home addresses is not a one-and-done action. Most databases are always collecting new content from new sources that can cause information once taken down to reappear.
There’s an old saying that you can’t put toothpaste back in the tube. It simply means that some actions, once taken, can’t be undone. Sadly, many individuals believe that is true about their online privacy — that it’s too late now to retroactively remove so much content before it can be weaponized. But it is possible. And for officers who are always one traffic stop, one arrest, or one aggrieved social media post away from danger that will follow them home after their shift, it must be done so those who protect and serve are also given the protection they deserve.
About the author
Ron Zayas is an online privacy expert and CEO of Ironwall by Incogni. A sought-after speaker and author, Ron has helped courts, law enforcement and other public service organizations across the country protect the online privacy of their personnel, which in turn fuels their personal protection. He spearheaded the development and implementation of Ironwall’s proactive strategies that incorporate client education, data broker outreach, and the enforcement of laws that require the online removal of personally identifying information. Ron has led the company since its inception in 2011, facilitating the protection of thousands of at-risk professionals in the public and private sectors.