Created by the IBM Corporation and Hogan Lovells US LLP as part of the IAPP’s Pro Bono Privacy Initiative
Note: This toolkit was originally developed for use with a U.S.-based non-profit organization providing services to victims of domestic violence. It is offered as a resource here with the expectation that it can be used with similar such organizations, since many organizations want to maintain an online presence but at the same time almost all at times will want to keep certain private information “off the grid.”
Sometimes, despite best efforts, information meant to remain confidential ends up online. So what happens if you learn that your organization’s private building locations or confidential supporter lists or staff’s annual incomes along with names and addresses are available to anyone with Internet access? Or what happens if that same private business information is placed in a LinkedIn account by an ex-employee and you want it removed or the account deleted?
This toolkit offers four categories of tips that you or your volunteers can use to help protect private and confidential information:
1. RESEARCH for inappropriate disclosures;
2. IDENTIFY the data sources that are providing your information to Web sites;
3. REQUEST the removal of such information; and
4. MONITOR for when such information resurfaces on the Web.
Tip #1: Research for Inappropriate Disclosures: Search the Web for Information of Concern
You can search for your confidential information on Google, Yahoo! Search, Bing, other popular engines by using likely search queries such as your organization’s name followed by the word “confidential.” or your own unique search query. Try it and see what information you find. Here are the top 10 popular search engines to consider:
* The information below is believed to be accurate at the time of publication but is offered here without guarantee or representation as to its efficacy or comprehensiveness.
Tip #2: Identify Data Sources: Find Websites that Provide Personal or other Confidential Information to other Web sites
You may not be able to monitor the internet 24/7 for your private data but here is a list of the most popular sites on which your private information might be found. You might want to check each one to see how much of your business or individual personal information shows up.
Whitepages.com / Yellowpages.com
Infospace.com / Infousa.com
Tip #3: Request Removal of Personal or Private Information from Sites: Determine Best Solution for your Organization
Here is information on how to remove personal information or private listings from top visited sites (Note: as with the other lists provided in this tool kit, this list is not exhaustive so consider what other steps you might wish to take.)
You can remove information from Google’s search results. But bear in mind that removing a page from Google search results doesn’t remove it from the Internet, and you may still be able to see that page by going to it directly or via another search engine.
You can report Websites containing the information listed below directly to Google if you have been unable to work directly with the site owner:
Google will check and take steps to remove it from search results. To find more information about removing personal information from Google, look here:
In some cases, you may find your business is listed on Google Maps and Google Places and you’d like to delete it because the information is private or wrong. The best way to remove these listings is to double click the “more” link in the business’ listing and click the “Report a Problem” link. Under the “Actions” column for the listing you wish to remove, you can also click Delete. From there you can choose between two options:
Once you have made your selection, click Save Changes. If you need additional help, check out Ways to correct business information or http://maps.google.com/support/bin/answer.py?hl=en&answer=171429
Information on Google Maps and Google Places may have been pulled from third-party sources such as the Yellow Pages or Info USA. Note: In these situations, you will need to get in touch directly with these companies to request removal.
1. Go to Bing.com
2. Click "Help" (bottom right hand corner)
3. Click "Report a Concern about a Result” (right column) http://onlinehelp.microsoft.com/en-us/bing/ff808455.aspx
4. Click, Get More Help and then Click "Contact Support"
5. You'll then get a list of services - click "Bing" and you should get a contact form from where you can select an option to get content removed.
Intelius and Acxiom are big data aggregators that are a large source for websites that share sensitive information on the Internet. Note: You may want to remove private information everywhere possible since only removing your information from Intelius, Acxiom or similar companies may not effectively remove your personal information from most other websites too.
To remove your private information:
1. Make a clear photocopy of your state ID or driver's license. Along with the copy, write or type a request to "opt out" your personal information. Intelius cannot permanently remove your information since it gathers its information from public records, but can prevent it from being visible based on Intelius’ actions.
2. Cross out your photograph and your driver's license number, if you are using your driver's license. Intelius only needs your name, date of birth and current address.
Fax your identification and written request to their office. Before faxing any documentation, make sure the fax number is correct; the Website lists the number as 425-974-6194. Allow for 7-14 days for Intelius to process your request.
To remove your private information you can fill out the "opt out request form" on the Website. On this form, you will include your name, address and reason for the request. Once you submit the form online, an "opt out package" will be mailed to you. Fill out the documents in the package in their entirety, and sign. Return the completed package so processing can begin. You can email Acxiom at email@example.com or call 1-877-774-2094 for additional assistance.
To learn more about Acxiom's Marketing Data Products – who uses them and what kind of data is found in them, you can review its brochure or download at http://www.acxiom.com/SiteCollectionDocuments/Resources/Brochures/AC-1255-10%20Acxiom%20Marketing%20Products.pdf.
Once an individual links to another on networking sites like LinkedIn or Facebook, can an organization for valid reasons request that such a contact or link be removed? For example, an employer may have reasonable grounds for expecting a former employee’s contact list used for fundraising to be kept confidential to the organization.
While the law and societal expectations are in flux in this area, to protect your organization and individuals alike, a prudent step to take in this situation is to create a social media policy for your organization that addresses this point (e.g. that requires current employees to set their LinkedIn account settings so that their connections are hidden, and that articulates obligations upon termination of employment). As well, you may wish to include an explicit description of employees’ responsibilities in the terms of employment used in your organization. These steps may help retain the necessary confidentiality needed to protect the information and have it removed at a future date.
You can contact LinkedIn and provide them with the following information to remove information posted on LinkedIn:
1. The full name of the person posting information and the location of the information you want removed–
2. A screenshot of the page with the information - paste this into a word document and upload it.
3. An explanation of why they should be removed.
You send this information to LinkedIn via their information form: http://help.linkedin.com/app/ask/subject/Privacy+Policy+Question.
Tip #4: Monitor for Information to Surface: Get Notified When Your Personal Information Appears on the Web
Google, and Yahoo Alerts are email updates on the latest relevant search results (web, news, etc.) based on a query you create. They are free and you can request an unlimited number. Use these to keep track of when information of interest to you “surfaces” on the Web.
Additional information on protecting your privacy online is available from the US Federal Trade Commission e.g. at http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt106.shtm
The information in this presentation was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute legal advice and accordingly, you should consult with your own attorneys when developing programs and policies. You should not take, or refrain from taking action based on its content. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this publication and sample policies and procedures, including any information, methods or safety suggestions contained herein. Moreover, this presentation cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances.