A Word About the Privacy of Your Genealogy and Other Information

A newsletter reader wrote recently and asked a question that I think many people should think about. I replied to him in email but thought I would also share my answer here in the newsletter in case others have the same question.

My correspondent wrote:

I am relatively new to genealogy technology. Are there tips you can provide to ensure the security of personal information? Would building a family tree in software only my computer be more secure than syncing it to a webpage (like MyHeritage)? Is it a good idea to not include details (name, date and place of birth) for all living relatives and maybe back a generation or two? Thanks.

My reply:

Great questions! However, I don’t have a simple answer. In fact, I can offer several answers and suggestions.

The various web sites have lots of options to control your privacy, except for Facebook, a web site designed to steal as much of your personal information as possible and then to resell that info. You do need to read about each site’s privacy policies before using it. However, most of today’s online services have excellent methods of protecting your personal privacy and your sensitive information.

Unfortunately, the computer on your desk and your laptop computer and tablet computer probably have no such controls. Neither does your “smartphone” which probably contains more personal information about you than does any other computing device you own.

Hackers around the world are constantly trying to access your computer at home (and millions of other computers) through the Internet. In addition, there is even more danger when you take your laptop or tablet computer or smartphone out of the home where it is exposed to loss, theft, and other risks.

Generally speaking, placing genealogy information or any other information in the cloud is more secure than keeping the same information in your own computer. I speak from experience; I had a laptop computer stolen a few years ago from the trunk of my automobile. The thief obtained everything: my bank account info, my credit card numbers, my Social Security number, the email addresses and phone numbers of most of my friends and business acquaintances, my family tree info, and more. Had I been smart enough to only keep that info in a secure area in the cloud, the thief would have obtained nothing.

I do that now. I still have backup copies of my family tree info stored in my own laptop and desktop computers. After all, family tree information isn’t secret anyway. Almost all genealogy information is publicly-available info available in various public government records and elsewhere. (Hey, that’s where I found it!) However, I now keep my bank account info, my credit card numbers, my Social Security number, the email addresses and phone numbers of most of my friends and business acquaintances, and more ONLY in the cloud and only by encrypting it first before sending it to a cloud web site. I never keep sensitive information in plain text on my own computers, not even in my home computer(s), where it can be accessed by online thieves and/or visitors to my home.

The backup copies are created automatically every few minutes by the backup software I use, even if I am sleeping at the time or out of the house on an overseas trip.

For the information I store on MyHeritage, I know the web site (and almost all other genealogy web sites) have excellent controls where names, dates, places of birth, and other personal information for all living people are never displayed to anyone else. When I log in with my user name and password, I can see that information. However, if you or anyone else looks at the information there that I made public, you do not see the personal information for living people.

I also keep backup ENCRYPTED copies in various locations, including one encrypted copy on my laptop computer, one encrypted copy in a plug-in external hard drive connected to my desktop computer, one encrypted copy in a backup service in the cloud that I pay for, one encrypted copy in Google Drive (which obviously is also stored in the cloud), and one UNencrypted copy in a relative’s computer. (She has an interest in genealogy and the two of us share a lot of ancestors. I am sure she will preserve my data in case I predecease her.)

By the way, I do keep a lot of non-sensitive information in my own computers where it is available to me and probably to thieves at all times, even without an Internet connection. Copies of most things are also kept online. My calendar, my shopping list, my favorite recipe for vegan chili, the jokes I collect, copies of my past newsletter articles, and hundreds of other items are not secret. I don’t encrypt those and don’t lock them up. Probably 98% of the things I save online and offline are not secret. Heck, if anyone wants a copy of those things, just drop me a note and I will send them to you! I don’t see a need for security for those items.

In contrast, anything that I wish to keep secret is kept under lock and key (the key is called “encryption”) only in secure web sites where I can access the information whether I am at home or traveling. Sometimes, “traveling” means that I am at the grocery store or at the doctor’s office, but I still might need to access the information while I’m out and about. I strive to have all information securely available at my fingertips at any time, regardless of where I am.

I also want to keep my information away from thieves, whether they are located overseas or if they are standing behind my automobile, attempting to break in and steal my laptop or tablet computer.

Your need for security will undoubtedly be different from my needs. However, I strongly suggest you think about what you need to protect and then create your own security plan to make sure your private information remains private. The word “encryption” should be a major item in your plans.

Suggestion: You also might want to read my other web site: the Privacy Blog at http://privacyblog.com/

9 Comments

Ask yourself – why am I doing this? To discover my ancestors and cousins and keep what I find to myself? Or to collaborate with others to discover more? Do I want to be secretive or to make my research available to next generations descendants and cousins? When you have found the answers to those questions, do what you are comfortable with.

Like

    Great response Trevor,
    All of my cousins currently fear sharing their own family connections on the web due to hackers, so they do nothing.
    Dick had some reassuring facts.
    Ray Z

    Like

One thing you left out is that many banking institutions and others ask for your mother’s maiden name as a security word. If you have not put that on line some other relative probably has. if you select a word that might have many responses and you forget it a personal appearance at the local bank you use or a notarized document requesting a new password that you can remember will give you renewed access.

Like

    If a bank asks for your mother’s maiden name “for security purposes,” you need to leave immediately and find another bank. Usage of mother’s maiden name is an obsolete method used years ago but is never used today by anyone with even rudimentary knowledge about security. Your mother’s maiden name is shown on birth certificates and other public documents that are accessible to everyone.

    Like

    Side note, you can give any answer you want to the question “Mother’s maiden name”. It is not the only thing used but one used for something I do at work, and I actually ask the question “what would you answer if someone asked, What is your mother’s maiden name?” They do not know what you’re mother’s maiden name is, so give them whatever.
    Now I have not had a bank require that for years, there are a few others who still use it. Where I do it is a reloadable pre-paid visa, so I have also had to enter information from you id, and it is a combination of information that is used when you phone in or call about your account. When I call in most places now ask a “series of questions for security”.

    Like

I like the approach used in the FamilySearch family tree. Information on deceased people is public, but information on living people is private. Living people can only be seen from the account where they have been added. i.e. Each user has a “private space” for living people that is inaccessible to everyone else. The downside is that each of my children need to create a new record of me (and their mother and each other’s families) if they want to be able to view us online.

Like

I give a name totally unrelated to my family when they ask for my mother’s maiden name. The bank doesn’t know my mother’s name, they only know what I tell them. As long as I remember what I told them we’re all good.

Like

Just don’t use your mother’s real maiden name – make one up! Take it from Dickens or another favorite author. Re-name her ‘Fanny Whatchamacallher’ …the bank doesn’t care. It’s just a combination of letters that you supply them with. They don’t request your family tree so as to verify.

Like

I keep my tree private because all family researchers are not honorable. Some want nothing more than to find a landing place for their family and will stop at nothing to achieve that.

Have you ever communicated with an individual(s) to determine whether you have a connection? Have you subsequently determined that you do not – you are not from the same family / branch and disclosed your findings to the individual? Has that individual persisted until you finally terminate communication? Have you some time later found your family added to a large online surname database with changes to your family tree to accommodate the individual previously mentioned?

My grandmother was ‘assigned’ a husband who never was, children/siblings who never were … Some people have no honor … Fortunately, I was able to have the large database corrected but not before the information had been spread far and wide, posted, copied and reposted!
Consequently, I do keep my tree(s) private

Like

Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: