Please ensure Javascript is enabled for purposes of website accessibility

Safeguarding private data consists of more than what meets the eye. Learn a comprehensive set of measures that will ensure your most valuable information stays safe. 

Data protection does more than solely prevent the theft of social media accounts. Acting as a first line of defense against financial fraud and identify theft, the appropriate cybersecurity measures can help you avoid years of headaches. 


At its essence, data protection is no singular solution; it is a range of protocols leveraged by both individuals and organizations, constantly evolving to address emerging threats from technological advancement. In many respects, technology makes our lives easier by enhancing our ability to communicate, both personally and professionally, and automating previously laborious tasks. However, the evolution of archaic processes has led to a plethora of unforeseen threats, just as an increase in wealth can increase one’s vulnerability to theft. That’s why data protection should be a high priority, but first it's important to understand how your data is used.


Privacy Policies


All internet users should be familiar with privacy policies. They often appear when consumers sign up for online services or create profiles on mobile applications. At their core, privacy policies explain how a business uses your personal information as well as how they intend to protect it. 


While they should be quick, easy reads intended to facilitate understanding irrespective of education level, most privacy policies take roughly 18 minutes to read and require a college-level reading ability, according to a past New York Times analysis of 150 privacy policies.1  


We suggest requesting a copy of the company’s privacy policy prior to doing business with it. This means understanding the protective measures it takes before filling out a credit application or typing a credit card number into an online order form. 

Privacy policies should answer these basic questions:  


• What personal information is being collected?

• Why is the information collected?

• How is the information used?

• Who will have access to the information?

• What choices do you have?

• Can you review or correct your personal information?

• What security measures are being taken to protect your personal information?

• How long will the organization honor its privacy policy?

• Who is accountable for the organization's privacy practices?


If the business does not have a written policy, it is best to avoid further interaction and look for another vendor. Additionally, it can be helpful to understand how an organization’s website uses data collection software.  




Cookies are files created by websites to track visitor activity. They save browsing information to remember site preferences and tailor locally relevant content. These files are categorized in two distinct buckets: first-party cookies and third-party cookies. 


First-party cookies are set by the site the user visits. Websites collect first-party cookies to gather analytics data, such as page views and number of users, as well as information like shopping cart settings and login information. Only the website that created the first-party cookies has access to them. 


On the other hand, third-party cookies are set by domains not directly visited by the user and store information for the purpose of ad targeting. They live on third-party web features like chatbots, social media plugins and advertisements, and collect data from search inquiries, social media pages and general online activity.  



The key is to avoid illegitimate websites, which use personal information for unintended purposes. Basic preventative measures include not using public computers to access personal information, disabling the storage of cookies on internet browsers, using browser add-ons that block third-party cookie trackers, and installing anti-malware software. Lastly, if a website seems inauthentic and requests you accept cookies, leave it immediately. 


The CIA Triad 


When it comes to implementing a comprehensive set of tools to protect data, look no further than the CIA triad. The acronym stands for confidentiality, integrity and availability. Developed to provide guidance on best practices for information security, it has been a guiding light for organizations for quite some time.


Each of the three components are defined as follows: 


Confidentiality limits access to modify data to authorized personnel. 

Integrity bolsters data trustworthiness, assuring it’s in the correct state and can’t be improperly altered. 

Availability ensures data can be accessed by authorized personnel whenever necessary. 


For any technology that works with sensitive data, the CIA triad can be applied to its overall functionality. Institutionally, this can range from running a payroll database to protecting the personal information of eCommerce customers. Individually, it can be found everywhere from digital banking to online medical portals. 




A proper evaluation of privacy policies, a thorough understanding of cookies, and the CIA triad can go a long way in preventing the mismanagement of data. Taken together, they can reduce the probability that you will fall victim to financial fraud or identity theft. 


BNY Mellon is committed to protecting your data and account information. BNY Mellon’s Enterprise Resiliency Office works in coordination with our digital and technology teams to deliver timely and effective incident identification, assessment, escalation, communication and resolution. This is done with the goal of providing clients with superior service as well as world-class products and services.






This material is provided for illustrative/educational purposes only. This material is not intended to constitute legal, tax, investment, or financial advice. Effort has been made to ensure that the material presented herein is accurate at the time of publication. However, this material is not intended to be a full and exhaustive explanation of the law in any area or of all of the tax, investment or financial options available. The information discussed herein may not be applicable to or appropriate for every investor and should be used only after consultation with professionals who have reviewed your specific situation. The Bank of New York Mellon, DIFC Branch (the “Authorized Firm”) is communicating these materials on behalf of The Bank of New York Mellon. The Bank of New York Mellon is a wholly owned subsidiary of The Bank of New York Mellon Corporation. This material is intended for Professional Clients only and no other person should act upon it. The Authorized Firm is regulated by the Dubai Financial Services Authority and is located at Dubai International Financial Centre, The Exchange Building 5 North, Level 6, Room 601, P.O. Box 506723, Dubai, UAE. The Bank of New York Mellon is supervised and regulated by the New York State Department of Financial Services and the Federal Reserve and authorized by the Prudential Regulation Authority. The Bank of New York Mellon London Branch is subject to regulation by the Financial Conduct Authority and limited regulation by the Prudential Regulation Authority. Details about the extent of our regulation by the Prudential Regulation Authority are available from us on request. The Bank of New York Mellon is incorporated with limited liability in the State of New York, USA. Head Office: 240 Greenwich Street, New York, NY, 10286, USA. In the U.K. a number of the services associated with BNY Mellon Wealth Management’s Family Office Services– International are provided through The Bank of New York Mellon, London Branch, One Canada Square, London, E14 5AL. The London Branch is registered in England and Wales with FC No. 005522 and BR000818. Investment management services are offered through BNY Mellon Investment Management EMEA Limited, BNY Mellon Centre, One Canada Square, London E14 5AL, which is registered in England No. 1118580 and is authorized and regulated by the Financial Conduct Authority. Offshore trust and administration services are through BNY Mellon Trust Company (Cayman) Ltd. This document is issued in the U.K. by The Bank of New York Mellon. In the United States the information provided within this document is for use by professional investors. This material is a financial promotion in the UK and EMEA. This material, and the statements contained herein, are not an offer or solicitation to buy or sell any products (including financial products) or services or to participate in any particular strategy mentioned and should not be construed as such. BNY Mellon Fund Services (Ireland) Limited is regulated by the Central Bank of Ireland BNY Mellon Investment Servicing (International) Limited is regulated by the Central Bank of Ireland. 


Trademarks and logos belong to their respective owners. BNY Mellon Wealth Management conducts business through various operating subsidiaries of The Bank of New York Mellon Corporation. 


The information in this paper is as of April 2023 and is based on sources believed to be reliable but content accuracy is not guaranteed. 


©2023 The Bank of New York Mellon Corporation. All rights reserved. WM-367066-2023-04-04