In the chapter on identity theft we talked about the reasons for identity theft and gave instructions how to check personal data for leaks. In this chapter we will talk about how to remove your data from public access. If your personal data has leaked to the network and has been posted on one or several sites, the following measures can be effective:
Appeal to the site owner
It is the easiest and often the most effective method if your personal data has leaked and has been posted on one or more sites. Ask politely and without threats the site owner to help you. If polite treatment does not help, warn that you will be forced to go to court and to the regulatory body for the only purpose – to protect your personal data.
The first sample:
Hello. Your website (link) has my personal data exposed. I kindly ask you to help me remove it. Thank you in advance.
The second sample:
Hello. I have recently asked you for your help in removing my personal data made public at this link (link). Unfortunately, I haven’t received a reply from you and my data is still publicly accessible. I kindly ask you to help me remove it, otherwise, I will have to file a complaint to the authorized body and request the help of the domain name registrar and hosting provider of the website. I sincerely hope for your aid and assistance.
Appeal to the regulatory body
In Russia it is Roskomnadzor. Write a message in which you inform that the specified site is distributing personal data without your permission, violating the laws of the Russian Federation. Be sure to include a link to the data posted.
The maximum that the regulatory body is capable of is to fine the owner, if they are identified and are in the same legal jurisdiction with the body itself, or block them in the country where the regulatory body is located.
Complaint to the hosting provider and registrar
If you are not very familiar with the principles of the sites, I will start with a small educational program. A hosting provider is an organization that provides a site with a server for hosting, a registrar is an organization where the site owner has registered a domain name.
You can have a look at this data here. The screenshot below shows that the hosting provider of the PanicButton.pw site is Leaseweb, while the registrar is Namecheap.
You need to go to the sites of the registrar and the hosting provider and find contacts for complaints there, they usually contain the word “abuse”. Even if such a contact does not show up, contact any available one.
Sample treatment:
Hello. The website (website) your company has been providing services for made my personal data public on this page (link). I have contacted the owner of the website, but I haven’t received any answer from him. I kindly ask you to help me remove my personal data from the website.c
It is difficult to assess the effectiveness of this method, but it should not be neglected as well.
Appeal to search engines
Probably not the most effective method, but if we carry out comprehensive work aimed at deleting personal data, you should not refuse it.
Contact information of search engines for treatment can be found here:
Sample treatment:
Hello! The search results of your search engine contain my personal data that was illegally made public by the owner of the website (link). The owner has ignored my request to remove my data. I really hope for your help in removing my personal data from search results.
Appeal to the owners of messengers
If a malefactor not only has posted your data, but also sells them or uses them for advertising using messengers, you can ask for help in the support service of the messengers.
For example, Telegram's support service once blocked the channels whose owners posted copies of their passports as a present to subscribers, and ICQ blocked them at all for using an account for commercial activities. If you have the opportunity, use this pressure tool as well. Unfortunately, I am unable to provide the sample text in this case, since it strongly depends on your situation.
Appeal to the fighters with fraudsters
If the site is fraudulent (for example, it sells documents, or your personal data is posted there for the purpose of blackmailing), you should warn organizations dealing with such sites or components of the dangerous sites database.
Here is a list of whom to write to:
In some organizations, the appeal must be written in English. Below I attach a treatment pattern, for sure, it is not suitable for sites like WoT, where you will need to write a review.
I would like to inform you about a fraudulent website (link) that shares users’ personal data. Here’s the page where the owners of the website made my personal data publicly accessible (link). The administrator of the website keeps ignoring my requests. Perhaps, you will be able to help me or at least warn your customers about a dangerous website.
Going to court
If the appeal to the site owner, the hosting provider and the registrar did not bring any positive result, you need to find a lawyer and think about going to court. The court may decide that the page with personal data will be blocked on the territory of your country, as well as oblige the search engines to remove your personal data.
However, the possibilities of the court highly dependend on the legislation of your country, you should consult a lawyer on this issue. The effectiveness of the method is also linked with the capabilities of the court, in Russia it is one of the most effective methods. Site owners often in order to remove restrictions from them delete the content blocked by a court decision.
This method is useless if the data is uploaded to Deep Web, as it is impossible to block individual web sites on the Top network.
Appeal to law enforcement agencies
In Russia, as in many other countries, the distribution or sale of personal data is a criminal offense. You should notify law enforcement agencies about the site that violates the law. Fortunately, today it is not necessary to go to the nearest station, stand in a queue and write a statement, as residents of most countries can do it all online.
Links to websites of law enforcement agencies of different countries can be found on this site.
Changing document data
If you fear that the uploaded photocopy of your document may be used for fraudulent purposes, for example, to apply for a loan, a reasonable step would be to contact the law enforcement authorities and change the document number. This option is not available in all countries, so you should contact a lawyer for details.
Remember that it is always easier to prevent leak than to deal with its consequences. In our course there have been published recommendations to help you minimize the risk of leak. Be sure to read them and implement in everyday practice.