By 2025, almost every digitally connected person will be tracked and have their data sent to the cloud 4,800 times daily – once every 18 seconds. For hackers, it will be like shooting fish in a barrel if some behaviours don’t change across companies, politicians, and individuals.

In the recent cyber hack of Latitude Financial customers, almost 8 million Australian and New Zealand driver’s licence numbers were stolen. In what is shaping up to be one of the biggest data breaches in Australian history, it demonstrates how essential it is for consumers to take control of their online data via a personal data strategy.

Having a personal data strategy is surveillance self-defence, and involves making informed decisions about the relationship between sharing personal information with fitness apps, streaming services, social apps, and e-commerce sites, and the value they receive in return – “Hey, big company, if I give you this are you going to give me something I actually want back?”.

Data is identity, and identity has value. Just as a consumer wouldn’t throw cash around indiscriminately, nor should they ‘spend’ their data while not receiving something of value in return.

In this internet-driven economy, I’ve seen companies struggling to change from creepy collection of consumers’ personal data to asking for their permission to use their personal data to make products and services better. Equally, politicians are grappling to keep up with the pace of change as they reform the Privacy Act to stop bad actors. Consumers have a responsibility too in personal data protection. To start with, I often advise individuals to envision their personal data as their digital conjoined twin.

A digital twin is out there shopping at Woolworths, binge-watching Netflix, diving down video rabbit holes on YouTube or TikTok, and filling out a profile on Taste.com.au that includes your food taste preferences. All these interactions create data, which tells companies who consumers are so they can personalise ads and experiences. With this in mind, consumers should ask themselves a few questions: “How do

I want my digital twin to represent me?”, “Do I want companies to know my digital twin at all?”, “What topics do I want companies to discuss with my digital twin?”. Answering these questions can help determine which tactics to use in developing a personal data strategy.

For example, if a consumer’s goal is on more data protection after being caught up in a data breach, they need to know they can embrace the power of ‘no’ instead of blindly opting in when asked to share their data. Companies have a data duty of care at every level of the organisation. That includes apps and websites clearly communicating the value consumers receive in return from sharing their data.

Another protection tactic that isn’t well know is adopting virtual credit cards. Virtual cards protect personal data by allowing a consumer to use a virtual card number tied to their account instead of their real credit card number when making purchases online. Westpac, for example, offers a virtual credit card service, allowing secure online transactions. If the virtual card number is compromised, the real credit card number remains safe.

Consumers who value personalisation of ads and are okay with sharing data to get more relevant offers should prune their personal data several times a year.

Tools like Google‘s “My Activity” lets them review their online activity regularly to gain better control over the information Google has collected. Consumers can understand how Google describes them to advertisers and identify potential privacy concerns.

For people like me who freely share data, but have also been subject to data breaches (my number is 18. Find out your number at haveibeenpwned.com) can try more advanced tactics like opting out of data brokers and joining a data union. Data brokers buy and sell personal information to companies for marketing and law enforcement purposes. Sites like DeleteMe.com and their DIY Guide are helpful in removing an individual’s collected data, but the process can be tedious and time-consuming.

A new concept gaining traction overseas is joining a Data Union. Data unions empower consumers to negotiate the value and use of their personal data. Joining a data union allows individuals to monetise their data while ensuring it is used ethically and responsibly.

It should be no secret by now that everything we do online leaves a trace, and personal data can be used by businesses, advertisers, governments, and hunted by scammers. Consumers need to be informed, proactively cautious, and demand businesses communicate why they should be trusted with personal data before asking permission to hold and use it. Consumers are the frontline of data protection. By developing a personal data strategy, they can take back control to safeguard this extension of their identity.

Maurice Riley is chief data officer, Digitas