Your personal information is valuable. Scammers and companies collect it to target you with fraud, spam, and unwanted advertising. Here is how to protect yourself.
What “Personal Information” Means
Personal information includes:
- Your full name
- Your home address
- Your date of birth
- Your phone number
- Your email address
- Your bank or card details
- Your National Insurance number
- Your passwords
Each piece of information on its own may not seem important. But when criminals combine them, they can steal your identity, open bank accounts in your name, or take out loans you know nothing about.
Rule 1: Share Only What Is Necessary
Many websites ask for more information than they actually need. You do not have to fill in every field.
Before you share your details, ask: “Why do they need this?”
- Shopping sites need your address to deliver the item — that is reasonable
- A recipe website asking for your date of birth and phone number — that is not
If a website asks for sensitive information without a clear reason, either skip those fields or use a different service.
Rule 2: Be Careful on Social Media
Many people share too much on Facebook, Instagram, and other social media without realising it. Scammers use this information to target you or guess your passwords.
Avoid posting:
- Your full date of birth
- Your home address
- Photos that show your house number or street name
- Information about when you are away from home (burglars look for this)
- Answers to common security questions (“What is your mother’s maiden name?”)
Check your privacy settings: On Facebook, go to Settings → Privacy and make sure only friends can see your posts and profile.
Rule 3: Use a Strong, Unique Email Password
Your email account is the most important account to protect. If a hacker gets into your email, they can reset the password for all your other accounts.
Make sure your email password is:
- At least 12 characters long
- Not used anywhere else
- Changed if you ever suspect it was compromised
Read our guide on creating strong passwords for help with this.
Rule 4: Watch Out for Phishing
Phishing is when criminals send you fake emails or texts pretending to be your bank, HMRC, Amazon, or another trusted organisation. They want you to click a link and enter your personal details on a fake website.
Signs of a phishing message:
- It creates urgency: “Your account will be closed!” / “Unusual activity detected!”
- The email address looks odd:
support@amazon-security.netinstead of@amazon.com - The link goes to a strange website when you hover over it
When in doubt, do not click. Go directly to the website by typing the address in your browser.
Read our full guide: How to Spot Scam Emails
Rule 5: Enable Two-Factor Authentication
Two-factor authentication (2FA) means that even if someone gets your password, they cannot log in without a second verification — usually a code sent to your phone.
Enable it on:
- Your email account
- Your bank (most banks have this already)
- Facebook and other social media
- Amazon and other shopping sites
Look for it in Settings → Security on any website.
Rule 6: Be Careful on Public Computers
If you use a computer at a library, hotel, or friend’s house:
- Always log out when you are finished
- Never save your password in the browser
- Do not check your bank account on a public computer if you can avoid it
What to Do If Your Information Is Stolen
If you believe your personal information has been stolen:
- Change your passwords immediately — start with email and bank
- Contact your bank to check for unusual transactions
- Report it to Action Fraud (UK): 0300 123 2040 or actionfraud.police.uk
- Check your credit report — you can do this for free with Experian or Equifax to see if anyone has opened accounts in your name
The key message: Your personal information is like your house keys — keep it safe and only give it to people you trust completely.