Data Banks: How Institutions Slowly Chip Away at Your Privacy

Suppose that you have signed a contract with a new employer. The contract includes your full name, email address, phone number, home address, the position you are going to fulfill, et cetera. On the other hand, you are also receiving information about this new employer. Such information may be internal company policies, trade secrets, information about the various departments of said company, and likely some basic information about your higher-ups (like their names).

Both parties just voluntarily engaged in a more or less equal transaction of possibly sensitive information in the hopes of mutual cooperation and benefit. Nothing all that wrong with this transaction of information, right?

Let’s now suppose that you’re opening a company account at your bank of choice. The information that you give up here (and will likely have to provide, such as the source of your starting capital) is obviously nothing compared to how much information the bank gives up – they know a lot more about you than you do about them. Perhaps you’re doing so in the hopes of some future benefit (such as securing a loan), or because you simply need a company account for your business; regardless, doubt begins to arise about the equality of this transaction and relationship.

Imagine a third scenario - one that we’ve all likely been in before. You are about to create an account on Google, ChatGPT, Facebook, or - God forbid - TikTok. Whatever reasons you may have, you ought to be aware of the fact that you are about to give up quantities of personal information, device information and permissions, and metadata that is going to be monetized and milked by these companies to the very last drop - all this simply upon registration, barring entirely whatever sensitive information you decide to communicate, post, or upload after the fact.

“We are collecting your data for business purposes”, they will tell you. What this really means is that your data will be sold to international data broker companies who will go on to put together complex advertiser profiles on you that are going to be sold to the highest bidder. These advertiser profiles likely know you better than you know yourself, and can contain highly intimate information. The massive risks to your privacy are self-evident. If you occupy any kind of government position, this also poses a genuine security risk to not only yourself, but your country (as we explained previously), and you should seriously not do it.

Treat your information as currency - an extremely valuable one. Think of companies and institutions as data banks. Always ask: why do you need this information? What is it going to be used for? Who is going to be able to access it, and with which third parties is it going to be shared? Must I really provide it? Always cross-reference whatever you’re told with the official privacy policy – and, most importantly, decide how important each information transaction is to you. Does a hotel, for example, really need to know your home address?

There is also the highly-related topic of certain companies requiring your ID to use their services, whether online or in-person. One such example is the popular online communication platform Discord, whose database was very recently breached by a threat actor. We plan to analyze this entire fiasco as part of a future public report - for now, however, we will use it to make a quick but important point here.

In certain situations, Discord required you to upload a photo of your identification. Skip forward to October of 2025, when Discord announces that “ID photos of 70,000 users may have been leaked” as part of a database security breach. These leaked IDs can now be used by various malicious actors for everything ranging from identity theft and personal security breaches to professional stalking. This is obviously terrible, but at least you can prevent it happening to you.

We implore you to never upload your ID online, to never send it via email or WhatsApp, and to not provide it to anyone unless you are strictly legally obligated to do so. In cases where you are legally obligated to provide ID and you are not doing so over the internet, we suggest that you simply provide your passport. According to Czech law, your passport is as much of a legal identification document as an actual Czech national identity card. The advantage is that your passport does not include your home address, nor your marital status. Corporations will seethe at this fact, and public administration will have no choice but to quietly acquiesce.

Don’t forget; this is only the tip of the iceberg and there is always so much more that can be done to secure your privacy. Book a consultation with us now in order to find out.

This concludes the second of our three-part series on personal data. In the final and third part, we will present a somewhat lengthier investigative case study on a few critical issues with mobile banking apps.

We look forward to your continued attention.

Stay Alert.