Protect your personal information

Personal information is any information or combination of information that enables an individual to be identified.

Personal information is used by many businesses for legitimate communication. However, this is not always the case and some personal information can be misused by criminals or used inappropriately by marketers.

This page offers general advice for adults. Targeted advice is also available for young people and for anyone experiencing online abuse as part of domestic and family violence.

What is personal information?

Your personal information may include your:

  • full name
  • address
  • phone numbers
  • school
  • date of birth
  • email address
  • usernames and passwords
  • bank details.

Setting strong passwords

To set a strong password, select it carefully. Security experts now recommend using a ‘pass phrase’ rather than simply a password. The phrase should be relatively long — perhaps 20 characters or so — and consist of seemingly random words strung together along with numbers, symbols and upper and lower case letters. 

To create a pass phrase, think of something that you can remember but others cannot guess such as BlueChocololate#239TriumphFi$h. 

When creating passwords or pass phrases there are some definite dos and don’ts.


  • Use between 12 and 20 characters — longer passwords are stronger.
  • Use a combination of words that aren't predictable but that you can remember.
  • Use two-factor authentication on accounts containing personal information.


  • Use pet names, birthdates, family or friends’ names, favourite foods, colours or singers in your new passwords.
  • Use a predictable combination of words e.g. 'ilovehiking', a context specific word e.g. 'google' or repeated sequential characters e.g. 'aaaaaa' or '123456'.
  • Avoid using famous quotations that might be easy to guess.
  • Share passwords with others, even with friends.
  • Store them on your device, unless it's via a password manager which stores them in an encrypted database.

How to set strong passwords


Effective passwords keep emails and online accounts protected and secure.
Passwords should be hard to guess, and there should be a different password used for each important account.

The best passwords are at least 12-15 characters long. 
To make them easier to remember, passwords can be made into a sentence. 
For example, #sandytoesinhawaii7 is easier to remember than a series of random numbers and letters. 
Adding symbols and numbers makes it harder to guess.
No-one should use words that are associated with them, that could be easy to guess. 
For example, don’t use the names of children or pets, or birthdays.

Users should not allow browsers to remember passwords. 
While it is faster to have passwords automatically filled-in, it means anyone using the same device can have instant access to these accounts if they know the user name.

Users should Log out every time they have finished using a website or app, or other online service.
If a User doesn’t log out, their account remains open which means others with device access can also access the account.
The browser window should also be closed after using a website or other online service.

If a user thinks their device is being monitored by a perpetrator, they should regularly change the username and passwords of the important accounts they access, using a safe device to do so.

Passwords should not be shared with anyone else, including children if an abusive current or ex-partner is in contact with them.

How to make effective passwords if you are at risk of tech-facilitated abuse

Changing passwords on a Windows based machine

Changing Passwords on Macs

Sharing or disclosing personal information online

Many online services require users to provide some personal information in order to use their service. Prior to providing personal information, you should think about what can be done with your personal information and assess whether you are still happy to pass on these details. In addition to inappropriate or illegal use of information, disclosing personal information online can have an impact on your digital reputation.

There are several online activities that may require a level of disclosure of personal information. These include:

Shopping — to verify the identity of the purchaser, to process payments or for the delivery of goods.

Subscribing or registering — providing a screen name or ID and an email address are often minimum requirements to subscribe or register, but other requested information may include: age, gender, address, photo and personal likes or dislikes. Remember that an asterisk (*) generally identifies mandatory fields that are needed to register.

Competitions, prizes and rewards — often require users to provide extensive personal data, including personal interests and demographic details — these are often used by marketers to promote products and services.

Online games and virtual worlds — these may require users to register before they can begin to play.

What might happen if I share my personal information online?

Spam, scams, identity theft and fraud are just some of the more serious issues you might face if you share personal information online.

How can I protect my personal information?

It is important to understand how personal information is used online and how to protect your information and digital reputation.

Tips for protecting your personal information online:

Only disclose financial information on secure websites. Look for an address beginning with https:// and a ‘locked’ padlock symbol next to the URL or at the base of your browser window, which indicates that data is being encrypted

If in doubt about the legitimacy of a website, call the organisation it claims to represent. The Scamwatch website provides further advice on how to identify and report potential scams.

Banking institutions will never email individuals asking for their user name or password. If you receive an email by an organisation claiming to represent a banking institution report the email to the bank and Scamwatch. Do not respond and do not click on any links provided.

Read user agreements and privacy policies. Many organisations use information for marketing purposes and may sell it to other marketing firms. If you do post information on a website that sells information to marketers, you may receive promotional spam emails which can be difficult to stop.

Understand that information shared online can be permanent — you may not have control over who sees or accesses your personal information. This includes teachers, parents and prospective employers.

How can I reduce the amount of spam I receive?

Reduce spam by protecting your personal details. Spam can be reduced by:

  • limiting disclosure of email addresses and mobile numbers
  • installing and using spam filtering software
  • checking the terms and conditions when purchasing products, entering competitions or registering for services or email newsletters
  • not allowing contact details to be used for marketing purposes (making sure you check the opt out box)
  • boosting online security to limit spam.