A newsletter reader wrote recently and asked a question that I think many people should think about. I replied to him in email but thought I would also share my answer here in the newsletter in case others have the same question.
My correspondent wrote:
I am relatively new to genealogy technology. Are there tips you can provide to ensure the security of personal information? Would building a family tree in software only my computer be more secure than syncing it to a webpage (like MyHeritage)? Is it a good idea to not include details (name, date and place of birth) for all living relatives and maybe back a generation or two? Thanks.
Great questions! However, I don’t have a simple answer. In fact, I can offer several answers and suggestions.
The various web sites have lots of options to control your privacy, except for Facebook, a web site designed to steal as much of your personal information as possible and then to resell that info. You do need to read about each site’s privacy policies before using it. However, most of today’s online services have excellent methods of protecting your personal privacy and your sensitive information.
Unfortunately, the computer on your desk and your laptop computer and tablet computer probably have no such controls. Neither does your “smartphone” which probably contains more personal information about you than does any other computing device you own.
Hackers around the world are constantly trying to access your computer at home (and millions of other computers) through the Internet. In addition, there is even more danger when you take your laptop or tablet computer or smartphone out of the home where it is exposed to loss, theft, and other risks.
Generally speaking, placing genealogy information or any other information in the cloud is more secure than keeping the same information in your own computer. I speak from experience; I had a laptop computer stolen a few years ago from the trunk of my automobile. The thief obtained everything: my bank account info, my credit card numbers, my Social Security number, the email addresses and phone numbers of most of my friends and business acquaintances, my family tree info, and more. Had I been smart enough to only keep that info in a secure area in the cloud, the thief would have obtained nothing.
I do that now. I still have backup copies of my family tree info stored in my own laptop and desktop computers. After all, family tree information isn’t secret anyway. Almost all genealogy information is publicly-available info available in various public government records and elsewhere. (Hey, that’s where I found it!) However, I now keep my bank account info, my credit card numbers, my Social Security number, the email addresses and phone numbers of most of my friends and business acquaintances, and more ONLY in the cloud and only by encrypting it first before sending it to a cloud web site. I never keep sensitive information in plain text on my own computers, not even in my home computer(s), where it can be accessed by online thieves and/or visitors to my home.
The backup copies are created automatically every few minutes by the backup software I use, even if I am sleeping at the time or out of the house on an overseas trip.
For the information I store on MyHeritage, I know the web site (and almost all other genealogy web sites) have excellent controls where names, dates, places of birth, and other personal information for all living people are never displayed to anyone else. When I log in with my user name and password, I can see that information. However, if you or anyone else looks at the information there that I made public, you do not see the personal information for living people.
I also keep backup ENCRYPTED copies in various locations, including one encrypted copy on my laptop computer, one encrypted copy in a plug-in external hard drive connected to my desktop computer, one encrypted copy in a backup service in the cloud that I pay for, one encrypted copy in Google Drive (which obviously is also stored in the cloud), and one UNencrypted copy in a relative’s computer. (She has an interest in genealogy and the two of us share a lot of ancestors. I am sure she will preserve my data in case I predecease her.)
By the way, I do keep a lot of non-sensitive information in my own computers where it is available to me and probably to thieves at all times, even without an Internet connection. Copies of most things are also kept online. My calendar, my shopping list, my favorite recipe for vegan chili, the jokes I collect, copies of my past newsletter articles, and hundreds of other items are not secret. I don’t encrypt those and don’t lock them up. Probably 98% of the things I save online and offline are not secret. Heck, if anyone wants a copy of those things, just drop me a note and I will send them to you! I don’t see a need for security for those items.
In contrast, anything that I wish to keep secret is kept under lock and key (the key is called “encryption”) only in secure web sites where I can access the information whether I am at home or traveling. Sometimes, “traveling” means that I am at the grocery store or at the doctor’s office, but I still might need to access the information while I’m out and about. I strive to have all information securely available at my fingertips at any time, regardless of where I am.
I also want to keep my information away from thieves, whether they are located overseas or if they are standing behind my automobile, attempting to break in and steal my laptop or tablet computer.
Your need for security will undoubtedly be different from my needs. However, I strongly suggest you think about what you need to protect and then create your own security plan to make sure your private information remains private. The word “encryption” should be a major item in your plans.
Suggestion: You also might want to read my other web site: the Privacy Blog at http://privacyblog.com/