The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Online safety

More and more people are conducting their personal affairs online. Online shopping, social networking, job hunting and the ability to carry out official functions, such as renewing car tax or contacting local councils and government departments online, are now an everyday part of life. Doing things online can offer convenience and widen opportunities, and in general people value it.

Organisations that collect and use your information have responsibilities to protect it. However, you can take various precautions to protect yourself from identity fraud or the misuse of your information, or to ensure that your privacy is respected in the way you would want.

How can I protect my personal information online?

When doing any online transaction you can take steps to protect your personal information. Use the same common sense as you would when asked for personal information on paper or face to face. Ask yourself:

  • who is collecting the information?
  • is it necessary?
  • what will be done with it?
  • what are the consequences for me?

Check a site’s privacy notice to find out what it intends to do with your information. A privacy notice, sometimes called a privacy policy or statement, should tell you who is collecting your information, what it is going to be used for, and whether it will be shared with other organisations.

If the intentions are not clear, ask the company concerned before you give any personal information, especially if it is sensitive. Companies may want to use your personal information to send you marketing or pass your details to other companies for marketing. They should give you the chance to opt in or out of receiving such information.

How can I protect my identity online?

Be careful when providing your personal information online. In particular, do not make too much personal information available to lots of people, for example by having open access on social networking sites. Your personal information can be used to steal your identity and commit fraud. Be wary of anyone who asks for your bank or credit card details, and only use secure sites when shopping online – secure sites usually carry the padlock symbol.

Be careful when providing your:

  • Full name
  • Full address
  • Date of birth
  • Telephone number
  • National insurance number
  • School/ workplace
  • Birthplace
  • Previous addresses

When choosing a password, avoid obvious choices such as mother’s maiden name, child’s name, pet’s name, or other references that someone may be able to find out through information you have posted elsewhere. Try to use random mixtures of numbers and letters. Use different passwords for different sites.

What are online scams and how can I avoid them?

Numerous scams are in operation to get you to provide personal details, including details of your bank account or credit card, for fraud. Phishing is a scam that lures you under false pretences to websites which look legitimate to get you to provide personal information. Such emails appear to be from recognisable sources such as banks but are actually linked to fraudulent websites.

  • If in doubt, don’t open emails or attachments.
  • Before disclosing any personal information online, make sure you know who you are dealing with.
  • Be suspicious of anyone who asks for your bank account of credit card details or asks for your password.
  • Examine the email sender’s address carefully before opening an email, and do not click on any links or email attachments unless you are sure of the sender’s identity.

For more about protecting your personal information online, see

Can I opt out of online marketing and advertising?

There are different ways of advertising to people online. Some involve displaying the same adverts to everyone who visits a particular website. Online behavioural advertising involves showing you a selection of adverts based on websites visited. This targeted approach aims to tell you about products or services you are likely to be interested in.

Organisations and companies have always used information about their customers to market goods and services to them. For many people this will be a welcome and useful feature of using the internet, particularly when shopping online. However, some people dislike this approach and don’t want their buying and browsing habits used like this. Websites should provide an easy way for you to opt out of receiving such adverts or recommendations. You should be told when cookies are being used and given choices about whether you agree to this use.

The Internet Advertising Bureau provides information on how online behavioural advertising works, and gives links to several organisations that enable you to opt out of behavioural advertising.

Cookies – what do they do and how can I control them?

Cookies are files used by websites to collect information about your online activity. They can recognise your computer when you log on and can allow a website to store and remember usernames and passwords. For websites you use regularly, this can save you time. Some sites use cookies to send you targeted advertisements or offers, based on the websites you have visited.

All major browsers have cookie controls, which allow you to view and delete cookies or block them completely. Remember that blocking all cookies may mean you have to re-enter your login and password details when returning to familiar sites, and that some functions, such as shopping carts, may not work. Some cookie management tools allow you to selectively block cookies or receive warnings when a cookie is placed on your computer. You can use your cookie controls to strike the right balance between convenience and privacy.

What security measures can I take?

Your internet browser – the software you use to browse the web, for example Internet Explorer, Firefox, Chrome or Safari – will have built-in tools to help protect your personal information. Take some time to learn about the security and privacy settings in your browser. Some tools help you to control the amount of personal information you put online; others allow you to wipe the details of sites you have visited, or searches you have made, from your computer. Install antivirus and security software and keep this software updated.

How can I stay safe on social networking sites?

People use social networking sites to keep in touch with friends and family, make new friends or business contacts, or share opinions. These sites allow you to share personal information, opinions and videos or photos. It is important to remember, however, that any information you post on a site could be public and may be seen by lots of people.

Most sites allow you to control how public or private your information is – these controls are usually called privacy settings. While some sites set privacy settings automatically at their most private level, on others all your information could be available to anyone unless you change the privacy setting. If you don’t understand what a particular privacy setting means in practice, don’t post any information until you have found out.

Here are a few things you should consider before posting information or images on social networking sites:

  • Find out how the privacy settings offered can limit access to your personal information.
  • Adjust your privacy settings so that information about your family and children is shared only with those you know well.
  • Don’t include too much personal information that could make you vulnerable to identity fraud.
  • Think carefully before posting information – would you want your employer or potential employer to see those compromising pictures?
  • Review your information regularly – what may have seemed like a good idea at the time may not seem such a good idea some months or years later.
  • Get people’s consent before you upload their pictures or personal information.
  • Use strong passwords and logins to prevent your account being misused.

How can I help my children stay safe online?

Children use the internet regularly and may be involved in more online activity than their parents. Some children may have greater technical knowledge than their parents, but they may be unable to identify the risks of giving too much personal information online, and may be unable to spot scams as readily as adults. So:

  • Take the time to get involved in your children’s internet use and teach them about online safety.
  • Explain to children that they should not give any personal information online, eg full name, address, mobile number, email address, school name etc, if they would not want it freely available in the offline world.
  • Explain that people online may be lying about who they are, and ensure your children know they must always get your permission before agreeing to meet anyone.
  • Make children aware of spam or junk emails and explain that they should not open emails or texts from someone they don’t know.
  • If children are using social networking sites, make sure they use appropriate privacy settings.
  • Be aware that children may be accessing the internet via their games console or mobile phone.
  • Consider using internet filtering and monitoring software for computers, mobiles or games consoles that your children own or use.

For more on child internet safety and useful materials aimed at children, parents and teachers, see:

What can I do if someone says something about me online that I don’t like?

There are several things you can do:

  • Most social networking sites have a policy for dealing with inaccurate or derogatory posts. Have a look on their website for their procedure for complaining about a post or asking for something to be removed.
  • If you can’t find a procedure or form on the website than try contacting the website administrator with your concerns.
  • Take the matter up directly with the organisation or individual who has posted the comments about you, if you think that this might help.
  • If you think that the posting is defamatory, or you feel threatened or harassed then consider taking legal advice or contacting the police.

If you don’t get things resolved by following the above advice then we are limited in what we can do to help you.

If the person posting comments about you is another individual expressing their personal view, we won’t be able to take any action against them.

We sometimes work with social networking websites to help them ensure their procedures for dealing with disputes about inaccurate or derogatory posts are adequate. If their procedures are adequate then we’re unlikely to consider complaints against websites about individual postings, and if we do then it's important that we recognise the right to freedom of expression guaranteed by the European Convention on Human Rights.

What other rights do I have?

You also have the right to stop organisations using your information to send you direct marketing. You should get the opportunity to opt in or opt out of receiving such marketing at the point you give your personal details. You should also have the opportunity to change your preference later if you change your mind.

If you would like to see or correct personal information that is held about you, or if you think there is a problem with how your personal information has been collected online, or how it is being used, you should first contact the person or organisation responsible for collecting the information.

The provider of the service or website you have given the information to should give details of how you can contact those responsible – often this information is in the privacy notice on its website.

If you complain to an organisation about the collection or use of your personal information, they should be able to explain to you how they are processing your personal information in line with the Data Protection Act.

Do I have any responsibilities when posting personal data about other people online?

In a personal capacity

If you are acting in a purely personal capacity when you post other people’s personal data online then you are not subject to the Data Protection Act.

However, even if you are exempt from the data protection principles it is still possible for you to break the law in other ways when posting online. For example, you could be prosecuted under the Protection from Harassment Act 1997 or the Communications Act 2003.

You could also be subject to a claim in the civil courts for damages, or be held to be in contempt of court. So it's important to think carefully about what you intend to say before posting information.

In a non-personal capacity

If you are representing an organisation or promoting your business interests then, even if you are doing so through your own social networking pages, you will be subject to the Data Protection Act and may need to comply with the data protection principles.

If you are in any doubt about this then you should refer to our guidance social networking and online forums – when does the DPA apply? (pdf)