SafetyDetectives recently had an enlightening conversation with Hayley Kaplan, the CEO and Founder of What is Privacy. Kaplan’s journey into the world of online privacy began with personal tech mishaps, leading her to create “What is Privacy?” – a blog focused on identifying and solving social media and tech-related issues. Over time, this endeavor transformed into a thriving business helping individuals remove their personal data from data broker sites. In this interview, Kaplan discusses her range of services, the significance of understanding and safeguarding one’s online identity, and the potential dangers of oversharing personal information online. She also offers valuable insights into strategies for recovering from a tarnished online reputation and underscores the importance of cautious online behavior in an era of evolving cyber threats.
Can you talk about your journey and what motivated you to start What is Privacy?
I’ve always been comfortable with technology and I quickly embraced social media when it became available. Even though I considered myself to be “tech-savvy” I made a few technological mistakes along the way. For example, I accidentally sent an email calling out a client to that client, instead of to my boss. Her attorney promptly and embarrassingly fired us.
Another time, I posted photos of my adorable baby nephew on Facebook without realizing it would not be okay with his parents. The moment they saw those photos online, they angrily insisted I remove them. That got me thinking, “If I’m making these types of mistakes when I use technology, then, what about everybody else?”
As a result, I created a blog called What is Privacy? to identify problems related to social media and technology and to provide solutions to them. When I started to write a series of tutorials to guide my readers to remove personal online data about themselves, several people asked if they could pay me to remove the information for them. That’s when my free blog turned into a business and people began to hire me to remove their personal data from data broker sites. Everyone’s online footprint was unique and each person’s needs were different. Over time, people approached me to remove different types of information. Over time I expanded my skills to remove a wide variety of online information that extends beyond data broker sites.
What services do you offer?
I remove the following types of online information:
- Personal information from more than 100 data broker sites
- Some types of photos
- Some types of videos
- Inaccurate business information
- Personal information on business directories or sites
- Problematic content on websites, blog articles or journals
- On limited occasions, a newspaper article
- Some court records
Many a reputation has been ruined by a variety of online posts, both legitimate and malicious. Each client requires a unique and customized solution and while much content is removable, some is not.
I offer customized lectures for universities and private organizations or businesses pertaining to a variety of privacy, security, technology and social media topics.
I provide general consulting services regarding matters of privacy, security and Identity Theft.
I help with problematic online reviews.
Why would someone want to scrub their online identity?
I don’t think anybody should scrub their online identity! In 2023, we all need to have an online identity and presence.
That said, there are important reasons to know what information you have online and to remove what is problematic when it’s possible to do so. Some people don’t want their age online for vanity reasons or to avoid work discrimination. (Ageism) Having your home address available for anyone to find online can be dangerous therefore scrubbing an online identity can enhance safety. For example, people in mental health and law enforcement are at risk from criminals and mentally ill people. Celebrities, victims of violence or rape, judges and people who repossess cars can also be at risk with their home address online. A variety of online data combined with a home address and name can facilitate robberies and home invasions.
In the United States, a lot of information stems from public records. If you have an indiscretion, a court appearance, a criminal or civil judgment against you, that’s easily found online. Sadly, it’s easy for someone to create evil and malicious information and put it online, even if it’s untrue. Now we also have to worry about Artificial Intelligence adding its own spin on what’s already out there.
When I need someone’s home address, I either ask Siri or I look that person up on a data broker site. If I can do that, so can cybercriminals. Having too much information out there can make you a victim of extortion, a scam, abduction, robbery or identity theft.
The more pieces of personal information that you have online, the easier it is for a criminal to do something inappropriate with it. We all know businesses that have been hacked and I’d venture to say that most of us have gotten a notification of a breach on a site we use. If a cyber criminal gets your social security number, other bits of data found on sites that include mother’s maiden name, pet’s names (social media), cell phone numbers, addresses and more can make it easier to wreak havoc in your life with identity theft. This havoc includes using and ruining your credit, using your identity for medical procedures, wiring money right out of your bank accounts, and more.
How can an individual or company recover from a bad online reputation?
My preferred strategy is to delete information. But you have to be careful because while deleting is the first choice, it has to be done in an appropriate manner or it can backfire on you.
My next strategy is to change the narrative. For example, contact someone who has left a negative review and provide such good customer service that the bad review turns into a favorable one or is taken down by the person who posted it.
Some reviews are designed to damage a reputation and can be based on untruths. In those cases, contacting the person who left the review may not be a viable option. Some reviews can be taken down because they don’t follow general guidelines. For example, if a review includes a home address, sites are likely to be willing to redact or remove the address. Some sites won’t tolerate bullying and other inappropriate comments in reviews and could be willing to remove a review for those reasons.
Another way to recover from a bad online reputation is to use a technique called, “suppression.” With suppression, new content is created to push the damaging content down in search results. This process can be costly and also takes time to work. Additionally, since the information is still on the web, it can easily resurface if the content is clicked on it frequently. As mentioned from the start, deleting information is the safest and preferred method for helping with reputation recovery.
What’s the danger of sharing too much information online?
Some people like to check in at places, share their location, or divulge a lot of personal information in one way or another. This information is readily available to anyone who seeks it. Cybercriminals can scrape internet content and extract details such as home addresses, age, birthdays, family members, and financial information. They then combine this data with information from social media to construct a fairly accurate profile of a person, including their residence, history, and more. This type of social engineering is one of the most common methods for hacking passwords, committing identity theft, or even carrying out physical attacks or in person thefts. In a nutshell, sharing too much information poses a safety risk.
Phishing by email or text remains a common problem. These scams used to be easy to identify because of typos or other obvious signs of illegitimacy. Unfortunately, they are becoming increasingly sophisticated and personalized and more people are likely to click on them as a result.
If you click on one of these scams, you can download malware or viruses onto your device. An attorney in San Diego clicked on a USPS phishing email that enabled the cybercriminals to track every single keystroke on his computer, including when he reset a password or entered his passwords. When he lost access to his bank account, he thought it was a problem with the bank. He later discovered that over $200,000 had been wired out of his account because hackers had taken over his account. Since this was not the bank’s fault, they weren’t held liable, and the bank did not reimburse him for the stolen money.
Since we never know what new and clever way a cybercriminal will use our data, it’s always safer to be cautious, to avoid oversharing and to remove any problematic online content that is removable.