← Back to Modules

🔒 Module 5: Data Privacy & Protection

Discover best practices for protecting personal data, understanding privacy policies, and data encryption.

📚 Training Content

Why Data Privacy Matters

In the digital age, your personal data is extremely valuable. Companies, advertisers, and criminals all want access to your information. Understanding data privacy helps you control who has access to your personal information and how it's used.

What is Personal Data (PII)?

Personally Identifiable Information (PII) is any data that can identify you as an individual.

Sensitive PII (requires highest protection):

  • Tax File Number (TFN)
  • Driver's licence number
  • Passport information
  • Medicare number
  • Financial account numbers (BSB and account number)
  • Biometric data (fingerprints, face scans)
  • Medical records
  • Login credentials
  • Centrelink details

General PII:

  • Full name
  • Home address
  • Email address
  • Mobile number
  • Date of birth
  • Place of birth

Data Encryption: Protecting Your Information

What is Encryption? Converting readable data into an unreadable format that can only be decoded with the correct key.

Types of Encryption:

1. End-to-End Encryption (E2EE): Only the sender and recipient can read messages. The service provider cannot access the content. Used by: Signal, WhatsApp, iMessage.

2. At-Rest Encryption: Protects data stored on devices (full disk encryption like BitLocker, FileVault).

3. In-Transit Encryption: Protects data while being transmitted (HTTPS, TLS/SSL).

Why It Matters: Even if data is intercepted or stolen, encryption makes it useless to attackers without the decryption key.

The Principle of Data Minimisation

Data Minimisation: Only collect, share, and store the minimum amount of personal data necessary for a specific purpose.

Why It's Important: The less data you share, the less can be stolen, misused, or sold.

Practice Data Minimisation:

  • Only provide required information on forms (skip optional fields)
  • Use privacy-focused services when possible
  • Regularly review and delete old accounts
  • Limit social media oversharing
  • Use temporary/disposable email addresses for signups
  • Decline cookies and tracking when possible

Social Media Privacy

The Problem: Social media platforms collect massive amounts of data and use it for targeted advertising, often sharing with third parties.

Best Practices:

  • Review privacy settings regularly (they change frequently!)
  • Limit who can see your posts (friends only, not public)
  • Be cautious about location tagging
  • Don't share sensitive information (address, phone, birthdate)
  • Think: "Would I be okay with a stranger knowing this?"
  • Disable third-party app access
  • Turn off facial recognition features
  • Review tagged photos and posts

Understanding Privacy Policies

Privacy policies explain how companies collect, use, share, and protect your data. While long and complex, key sections to review:

  • What data is collected: Personal info, browsing history, location, etc.
  • How data is used: Improving services, advertising, research
  • Who data is shared with: Third parties, partners, advertisers
  • Data retention: How long they keep your data
  • Your rights: Can you access, correct, or delete your data?
  • Security measures: How they protect your information

Red Flags: Vague language, excessive data collection, sharing with "partners," no clear opt-out.

Privacy Rights & Regulations

Australian Privacy Act & APPs: Australia's Privacy Act 1988 includes 13 Australian Privacy Principles (APPs) that govern how organisations handle personal information. You have rights to:

  • Know what personal information an organisation holds about you
  • Access your personal information
  • Correct inaccurate information
  • Request deletion of your information in certain circumstances
  • Make a complaint to the Office of the Australian Information Commissioner (OAIC)

Notifiable Data Breaches Scheme: Since 2018, organisations must notify you and the OAIC if a data breach is likely to result in serious harm.

Additional Regulations:

  • GDPR (Europe): If dealing with EU citizens - right to access, correct, delete, and port data
  • CCPA (California): If dealing with California residents - right to know, delete, and opt-out

Practical Privacy Protection Steps

  • ✅ Use privacy-focused browsers (Firefox, Brave) or private browsing mode
  • ✅ Install ad/tracker blockers (uBlock Origin, Privacy Badger)
  • ✅ Use privacy-focused search engines (DuckDuckGo, Startpage)
  • ✅ Enable device encryption (FileVault, BitLocker)
  • ✅ Use end-to-end encrypted messaging (Signal)
  • ✅ Review app permissions regularly (disable unnecessary access)
  • ✅ Use email aliases or temporary emails for signups
  • ✅ Opt-out of data broker sites
  • ✅ Use VPNs on untrusted networks
  • ✅ Regularly review connected accounts and services

Key Takeaways

  • 🔒 Minimize the personal data you share
  • 🔒 Use encryption whenever possible (E2EE messaging, encrypted storage)
  • 🔒 Review privacy settings regularly on all platforms
  • 🔒 Understand what you're agreeing to before accepting terms
  • 🔒 Exercise your privacy rights under relevant laws
  • 🔒 Think before you post on social media

📝 Test Your Knowledge

Test your understanding of data privacy and protection!

QUESTION 1 OF 4
What is end-to-end encryption?
QUESTION 2 OF 4
Which of these is personally identifiable information (PII) that should be protected?
QUESTION 3 OF 4
Before posting information on social media, you should consider:
QUESTION 4 OF 4
What is the principle of "data minimisation"?

Quiz Complete!

0%
Back to Modules