Web tracking and data breaches explained

This short guide is a reference tool to help refresh your knowledge or practise what you have learned in the Web tracking and data breaches explained course, including:

how web tracking uses cookies to target you with ads
how to minimise web tracking
what a data breach is and what to do if one affects you.

How web tracking works

Big companies such as Amazon and Google can combine records of your visits to different sites, to track where you go online:

Websites build a profile and use this to target you with ads.
A site can remember your visit using a small file called a cookie.
Websites will ask if you want to accept cookies.
If you agree you are giving permission for the website to track your visit.
Most cookies are useful but some can be used to help advertisers target you.

Cookies don't save private information such as passwords, but they can save your login status. This means if you log in to a site, then turn off your device, the next time you go to that site you might still be logged in. You should log out securely from any websites when you leave, by clicking a log out or sign out button.

How to minimise web tracking

You can minimise web tracking by taking some simple steps:

Use your browser's Incognito mode or Private browsing mode.
This mode blocks cookies but may limit the functionality of some websites.
Use small programs called browser extensions to block many ads. Ad blockers are usually free.
Use a private search engine such as Duck Duck Go instead of Google.
Avoid products that claim they can hide you online.
Use your browser’s clear cookies and clear browsing data function.
You can try a VPN but be aware that Google can still track you.

What is a data breach?

A data breach happens when personal information is accessed, disclosed without authorisation, or is lost. This means not all data breaches are malicious in nature; they can be caused by human error, machine or systems failure.

An example of a non-malicious data breach

An employee of a health provider decides to back up some data that includes your records. Instead of copying the data they accidentally delete it.

An example of a malicious data breach

A hacker illegally accesses your mobile phone service provider and downloads your information and the information of thousands of other users, and sells it to scammers.

What happens in an ‘eligible’ data breach

This is where the breach is likely to cause serious harm:

The company is required to notify you about the breach.
They must also tell you what steps you need to take.
You might have to update passwords for your important online accounts.
You may have to provide new or different identification details.
The company might have to stop operating and you might need to find a new provider for the service.
You may be instructed to go and get new ID documents, or renew certain kinds of ID.

How to tell if you're part of a data breach

There are three main ways you are likely to find out about being part of a data breach:

A breach affecting a company or service you use, might be reported on radio, TV, online news, and in newspapers.
If the breach is serious enough, the company must notify the Office of the Australian Information Commissioner (OAIC) and the affected customers of the breach.
The company might contact you directly to inform you of the breach, even if it is not very serious.

What data to regularly check up on

Because smaller breaches don’t get much attention, it’s a good idea to check up on your:

private medical or health insurance
phone provider (especially if you use a smaller one)
internet service provider
internet banking service
car, property or home contents insurance provider.

You can visit their websites or contact them to ask if your data remains secure.

Read data breach emails and texts carefully

If you receive a text or email from a company saying your information was involved in a data breach, read it carefully and don't click any links.

You might also receive data breach information via a company’s app on your phone.

Sometimes scammers send fake data breach emails. Instead of clicking a link in the email, use your web browser to visit the company's home page directly and look for information there. Never click or tap a link in an email or text message.

Take precautionary steps right away

If you suspect you are involved in a data breach, it’s best to act quickly. A useful first step is changing important passwords for your:

main email address (such as your Google or Apple email)
social media accounts
banking app or any other apps that can access your money
myGov account.

Useful contacts for finding out what to do next

For more information about what to do in the case of a data breach and how to protect your identity and data:

Services Australia: servicesaustralia.gov.au
Scamwatch: www.scamwatch.gov.au