The Victorian Privacy Commissioner releases information booklet aimed at youth

December 11, 2013 |

The Victorian Privacy Commissioner is quite active.  The most active of the state privacy/information commissioners.  The office has released an information booklet to provide some advice on looking after one’s privacy.  The title is quite cool, Keep your Super Hero safe.  It covers the current hot button issues; computers and the cloud, mobiles and smart phones, sexting, social media and on line competitions, sign ups and surveys.  It is found here.

It provides:

Why ‘Keep Your Super Hero Safe’?

Keep your super hero safe is an information booklet advising young people how to keep their personal information safe from identity theft.

Youth Advisory Group member Marcel said, “Much like super heroes, everyone has a ‘secret identity’ which they would prefer to keep private. This ‘secret identity’ is information about yourself which you would rather not share with the whole world. The booklet Keep your super hero safe helps young people to understand how best to keep this information private online.”

“Everyone cares about privacy to some extent, including young people. The common misunderstanding that young people do not care about privacy may arise because young people are comfortable sharing information that older generations would never disclose. But the popularity of Facebook’s privacy settings demonstrates that young people do care about privacy,” Marcel said.

“There are many privacy risks for young people. One is the social ramifications of sharing information online. In today’s highly connected world, it is entirely possible that anything you share will be disseminated to a far wider audience than you intended. As a result, sharing that juicy bit of gossip, or that funny photo, is a decision that can come back and bite you. This can ruin friendships and make someone the target of bullying, both online and offline,” Marcel said.

Candice, another Group member, said, “Keeping your super hero safe is about protecting what makes you YOU – your reputation, your information and those of your friends and family. It means not sharing information that makes you feel uncomfortable, knowing it’s ok to say no, or checking that a request for information is legitimate.”

Got any questions or suggestions?

The Youth Advisory Group is constantly on the lookout for ways to help young people both understand and protect their privacy rights. We would welcome any input, suggestions and/or feedback for what we already have here. If you feel that there is something missing that you would like to know more about – just drop us a line at the email address below. We also delight in helping people to find answers to questions and resolutions to problems if we can, so send those in to us as well. Even if we ourselves don’t have the exact answers you’re after, chances are that we’ll be able to put you in contact with someone who does.

Computers, Internet and The Cloud

  • Ensure your antivirus software and firewall is up to date.
  • Don’t respond to emails asking for sensitive information, even if they look to be from an official organisation.
  • Create a new, unique password for every online account.
  • Always delete sensitive information from your USB once you are finished with it.
  • Don’t allow your browser to ‘remember’ your password.
  • Logout of websites such as Facebook and the one you use for your bank account when you have finished with them.
  • Be careful about what you upload online or do through the cloud.
  • Google yourself. It may reveal more than you expect.


Most people have had a run in with malware (malicious software), whether they know it or not. Malware is a broad grouping of things that you do not want on your computer. It includes viruses, worms, key loggers, spyware and many other examples of unpleasant software. The malware can steal your personal information such as bank details, take control of your computer or email, and even help criminals to steal your identity. Every computer should have protection from these threats. Protection comes in the form of your trusty antivirus software and your firewall. Although it might be a hassle to install and update these protections, their benefit is huge, and they are your shield against harm. However, the protection is not perfect so it is important to backup all your important files on an external hard drive or DVD in case your computer does become infected with malware.

Dodgy emails

If you do fall prey to malware, one consequence could be that someone takes control of your email account. If this happens they could use your email account to send out dodgy emails to your friends and family. You have probably received these emails from other people in the past. They often look like normal emails but they ask for bank details or passwords, or ask you to click on embedded links. Sometimes the emails look like they come from legitimate organisations like banks. You should never give out important details over email and if you suspect your friend has been hacked, let them know!


 Forgetting passwords is really annoying, so it is tempting to make all your passwords the same and easy to remember. However, passwords are the door to all your important information online. You shouldn’t leave your front door unlocked by using easy to guess passwords like ‘password1’. Never use the default password and ensure that any password you use is hard to guess. A combination of numbers and letters in upper and lower case is usually the safest bet. It doesn’t have to be something hard to remember, you can be creative and make hard to guess combinations that mean something to you. Finally, do not use the same password across all your accounts. That way, if someone does get access to your email, your bank account is still safe.

USB drives

For a small and easy-to-lose thing, a USB drive can be quite important as they can often contain a lot of very sensitive information. Always delete important data off your USB drive after you have finished transferring files, and always get rid of sensitive data before you lend your USB drive to a friend. Most people remember to delete things like their bank details, but what about those embarrassing photos from last year?

Autocomplete and being constantly logged in

Have you ever used your friend’s computer? It’s often easy to see what they have been searching for on Google if they have not disabled their Google web history. Your computer is a guide to what you do and can give other people access to all the important things in your life. Being automatically signed in on Facebook or other sites may be convenient, but, much like autocomplete, it is potentially dangerous if someone gets their hands on your computer. Imagine giving your little brother, mother, or a hacker complete access to everything you do online. Another security risk is allowing your computer to ‘remember’ your passwords, which potentially allows someone to access your accounts.

The Cloud

Many of the things you used to do on your own computer are now being done on the ‘cloud’. Cloud computing entrusts remote servers with the data and computing that is needed to complete your task. For example, you can access your email from any computer because your emails and contacts are all stored somewhere in the cloud. You simply access it through a web browser or application.

The same thing happens when you use Google Drive and many other services online. When you create a document, the information isn’t stored on your computer, but is instead kept on a server operated by a company elsewhere. While this is extremely convenient as it allows you to access your files from anywhere in the world, it also means that since your data is sitting in a server somewhere else and not on your computer, other people potentially have access to that information.
And, depending upon where that server is located, the privacy laws that apply in your state or territory in Australia may not apply to your data in that server if that country doesn’t have similar privacy protections.

Online Footprint

Everything you do online leaves a footprint. Google and other organisations collect data about everything you do through your email, calendar, searches, and other activities. This information is often indexed and analysed to help provide you with a ‘better’ online experience and may be sold on to other companies. Although it is impossible to measure the full extent of your online footprint, many people find it helpful to Google themselves and see just how many hits their names and aliases receive on Google. Finding your Facebook information that you thought you had made private or only visible to friends through a Google search might mean that you should change your privacy settings. Be careful about what you put online, because it is often impossible to delete all the copies once it is uploaded.

Mobiles and Smartphones

  • Think about what information you store on your mobile – is that the best place for it?
  • Lock your mobile with a secure PIN and don’t forget to keep that PIN secret
  • Monitor and update your use of ‘auto log-in’.
  • Delete old, unnecessary or sensitive data from your phone when it’s no longer needed.
  • Think carefully about the information that you send from your phone – once it’s gone, it’s gone!

For so small an item, your mobile phone can potentially be one of the largest sources of personal information that you have on you.

The leaps and bounds that smartphones have taken in recent years have turned the humble telephone into a media and communications centre in your pocket – allowing you to take photos, make videos, send emails, record notes, access the internet, organise your calendar, save contact details, play games, download apps, do your banking and plenty more besides.

Along with all of the information that we actively store in our phones – like phone numbers, pictures and emails – there is also the information that can be passively collected behind the scenes – such as the information that certain apps collect about our location, buying habits and contact details.

With so much information potentially stored on our phones, it is really important to know how to protect both our phones and the information stored within them. If you don’t and your phone is lost or stolen, it can lead to all sorts of nasty consequences including things like the loss of money, huge debts being racked up at your expense, the hacking of any social media or email accounts that your phone is automatically signed-in to and even full-blown identity theft.

But never fear! It need not be all doom and gloom. Here are a few tips that can help you to make your mobile or smartphone safer and that can help you to protect the personal information that is stored within it.

Ask yourself: ‘Do I need to store that?’

The first thing you need to be asking yourself is whether or not certain information needs to be kept on your phone at all. Is storing your Tax File Number as a contact under the ‘cleverly’ disguised name of ‘TFN’ really the best way to store this information? Same goes for saving your bank account details in the ‘Notes’ section of your phone; while this is obviously very convenient for you, it will also be very convenient for a thief should they get a hold of your phone.

Another important thing to consider is the information that you are storing about other people in your contacts list. You should remember that the information that you have entered about your contacts could also be compromised along with your own should your phone be lost or stolen. Consider how you would feel if the situation were reversed and a friend or colleague lost their phone with details of your home address, email addresses and all of your phone numbers in it.

Protect with PINs

While yes, it can be a pain to have to unlock your phone every time you need to use it, it is a really good idea to put a PIN lock on your phone. This ensures that only you will be able to access the information that is stored inside – something that you will be extremely grateful for should your phone every go missing.

To make your PIN even safer, increase the number of digits in your PIN (they are usually four digits long, but you can up this number to, say, six digits) and make sure that you don’t pick easy or predictable combinations like your birthday or ‘1,2,3,4…’ etc. Another obvious, but often overlooked, way of keeping your PIN extra secure is not to tell everyone what it is!

Monitor your use of ‘auto log-in’

Once again, while it is really handy to be able to click straight into apps such as Facebook and those for online banking without having to enter in your password and username each time, this also leaves these apps vulnerable to misuse should your phone be lost or stolen. Know which apps on your phone utilise the auto log-in feature and consider whether some of these could be changed to allow you to type in your log-in details each time instead.

Review messages

With the ever increasing storage space available on mobiles and smartphones, it becomes that much easier to hold on to old or unnecessary information. Whole conversations via text message over many years can be stored easily on many phones so it might be a good idea to review these periodically to ensure that only the information you need to keep is stored in your phone. Not only will you be protecting personal information, but think of how much extra storage space you’ll free up on your phone!

It is equally important to review the messages that you send out too. Be sure that you get the phone number right when you are texting personal information to others and think about what you are sending before you send it. This is particularly important when dealing with photos, including those more personal ones. Once you hit send, whatever you’ve sent is out of your control and it can be nearly impossible to get it back again.


  • Think before you click – Do you really want to share that photo?
  • Talk about your expectations to the person you’re sexting.
  • If something goes wrong and you need help, talk to someone you can trust.

 “Teen sexting is a very rational act with very irrational consequences” – Danah Boyd, social media scholar, youth researcher and advocate.

Sometimes people send sexy texts or photos of themselves (also known as ‘selfies’) to others – usually, but not limited to, someone they may be in an intimate relationship with. This practice is known as ‘sexting’. With Snapchat, and all the different forms of instant multimedia messaging, it is common for people either to send selfies directly to other people, or to upload particularly risqué photos to social media sites. Sexts can, however, include anything from racy texts, pictures displaying anything from partial nudity right up to sexual images, or video. This is quite normal, but there are a few key things to think about before you engage in ‘sexting’.

How much do you trust them?

We might think that we know someone really well, but as soon as that picture has left our phone, it is out there in the open. You can never take it back. Right now, you might completely trust the person that you are sending it to, but you never know what the future holds, and if the relationship between you might change. So ask yourself, ‘If we break up, will this person respect me enough not to share my pictures?’ If the person you have sent it to sends it on to his or her friends, or posts it in a public place, you will have little power to stop it.

But how does it get out?

It is important to think about the potential ramifications if the sext became readily available to people you know. Occasionally, if you have personal pictures of yourself on your phone, it might be possible to accidentally ‘share’ it via email, MMS or Bluetooth with the wrong person; but this is unusual. There may be potential for someone else to find it on you phone. There have been occasions where photos have been distributed after a phone has been stolen.

What are the consequences of leaked pictures?

It has the potential to be very embarrassing, but there are some consequences more severe than embarrassment. Currently, the area of law that deals with child pornography can be hard to navigate and understand. In the Crimes Acts 1958 (Vic) Section 68, if you are under 18 and you take a sexy photo of yourself, or you receive a sexy photo of someone who is under 18, you might be open to a charge of production or possession of child pornography. This is a very serious offence with very serious consequences; including, but not limited to, imprisonment and being put on the Sex Offenders Register.

Social Media

  • Think before you click – Do you really want to share that information?
  • Use the site’s privacy settings and check them regularly.
  • Respect other people’s privacy; ask before posting photos of others.

Almost everyone (including parents and teachers) seems to have at least one online social networking profile on sites like Facebook, Tumblr, YouTube or Twitter. These sites have been around for ages, but not everyone realises that the information uploaded onto them (photographs, videos, comments, check-ins and other personal info) is potentially viewable by others online forever – even if you delete it after it’s posted.

While social networking can be fun, a great way to connect professionally, or to share your lives with friends and family, some people (even those you know well) can accidently, or even intentionally, use the information you upload to embarrass you, damage your reputation, or even steal your identity or work. You could also be vulnerable to cyberbullying, identity theft or internet predators.

Thinking carefully about what information you share on the Internet is very important, as this information can have an impact on your life well into the future – for example, the photos and information you share with your friends may not be what you want a potential employer to see. This also applies when uploading information about other people. Making good use of privacy settings (like setting your online profile to ‘private’), and being selective about whom you ‘friend’ online puts you in greater control, and means strangers (or people you don’t know too well) can’t access your information.

When using social media at your school, university or workplace, ensure you have read their social media policy. Most organisations have individual social media policies that outline the ‘dos and don’ts’ of using these sites. If what you post does not comply, you may face disciplinary action – people have even been fired from their jobs because of what they have posted on social media! Social media can be a great resource, but not using it properly can also have consequences. So keep in mind the ‘grandma rule’ – don’t post something you wouldn’t want your grandma to see!

Online Competitions, Sign-ups and Surveys

  • Read the privacy policy.
  • Check (or uncheck) the opt-out boxes.
  • Think about whether or not you are comfortable supplying all the personal information they want.
  • Sign up to the Do Not Call Register.

So, you’ve just signed up for that loyalty card, competition or just completed that awesome online survey. For your chance to win a new iPhone, overseas holiday or year’s supply of cordial, you’ve filled in your name, date of birth, address and phone number, but do you know what happens to this personal information that you’ve just provided?

Hopefully, you’ll have noticed the words ‘Privacy Policy’ that are generally found somewhere in the fine print of both hardcopy and online forms. So what exactly does this all mean?

So what is a privacy policy? And what do they mean by ‘Third Parties’?

A privacy policy is simply a document that defines how the person or organisation collecting your personal information will be using this information. Most of the time it mentions how they themselves will be handling your personal information, but sometimes they’ll include details of how they provide or share it with ‘Third Parties’. This means how they’ll pass your details on to other people or organisations (you and the original collecting person/organisation are the ‘First’ and ‘Second Parties’).

Sometimes, sending your details to Third Parties is okay, say, for example, when your bank sends off your details so that you can be set up with that new credit card. But sometimes your information is passed on to organisations who will either use your information for marketing purposes (and send you lots of spam email) or, in a worst case scenario, sell your information to scammers or identity thieves. It is always important to think about whether or not the people or organisations you give your personal information to will treat your information securely. Always ask yourself: ‘Can I trust them with my personal information?’

Will I receive ongoing promotional material?

Hopefully, you would have noticed a tick box that they often have at the bottom of forms next to statements such as ‘Would you like to receive further information about upcoming events or products that may interest you?’ or ‘Do you consent to us sharing your details with third parties who could also offer you similar discounts or sales opportunities?’ Many forms have these boxes ticked automatically so you will need to make sure that you ‘opt-out’ or untick any of these boxes if you don’t won’t to receive any further correspondence from these organisations in the future – make sure you tick/untick wisely!

Will I be able to ‘opt-out’ later on?

Often, these promotional advertisements and correspondence have an ‘unsubscribe’ option contained within them. Usually, you can ‘opt-out’ by ticking this box/selecting this option and sending the message back to the organisation. Be careful though that you know what you’ve subscribed to, as sneaky spammers often use these types of emails and the ‘opt-out’ function as a way to check that your email address is still active.

Do I really need to fill in all of those fields?

Did you know that not all fields or boxes on forms need to be filled in? Just because a form asks for certain information and leaves a space for you to put it in, it doesn’t necessarily mean that you have to provide that information. A good rule of thumb is to ask yourself: ‘How much information do they really need to collect about me?’

Generally, fields or boxes that correspond to the really important or ‘must have’ information will be marked in some way – usually with an asterisk (*) or (^) symbol. These fields or boxes are then known as ‘mandatory fields’ and you will not be able to submit your form successfully unless they are all completed. While it is a good idea to think twice before offering information that the form isn’t asking for (i.e. leaving non-mandatory fields blank) it is also important to think about whether it is necessary for the organisation to collect all of the information that they have listed as ‘mandatory’.

What’s the Do Not Call (DNC) Register?

While it’s obviously important to try and avoid being on every single mailing list there is (using the tips outlined), some clever ploys will still slip through the cracks. In order to minimise the amount of annoying marketing and sales calls that can result from being on these lists, did you know that you can sign yourself up to the Do Not Call (DNC) Register?

Being on the DNC Register will mean that you won’t receive any of those annoying calls at inconvenient times (they always seem to call when you’re just sitting down to dinner, don’t they?). Once you’re on the DNC Register, it’ll mean that it’s illegal for telemarketers to call you. If you have registered you number and they still call you, you can make a complaint via the DNC website (remember that it takes three months for your registration to become fully effective). See

Quite a good fly overhead view of the issues and what can be done.



Leave a Reply