Your ISP might have more information about your personal life than you expected. Of course, the data you provide when you sign up for an internet plan is already revealing. It’s certainly enough for identity theft if it fell into the wrong hands.
But, although your ISP probably isn’t watching your every move with attention, they are storing information about the data packets you send and receive using their infrastructure. The details of what you view online are likely to be hidden.
After all, most websites are encrypted, but it’s possible to see which websites you visited, when, and how often. That could reveal a lot about you.
But, you may ask, why all the data gathering? Here are the not-so-shady reasons why your ISP retains so much of your data.
Some of the basics are easy to guess. For example, your ISP needs your billing information and they must activate their service at your address.
However, many of the behind-the-scenes uses for your data aren’t as obvious while being just as necessary.
To perform well, networks require careful management. NetSpeed Canada founder, Tomas Novosad, explains that ISPs need to understand data traffic patterns so that they can optimize bandwidth distribution.
Based on their quality of service policies, they may choose to give certain types of traffic priority so that users are better able to enjoy online services.
And, of course, if there’s a network outage, user data can give ISPs vital clues as to the extent and origin of faults.
Apart from using data to optimise current functionality, ISPs also use it for capacity planning. Which areas are most in need of the next network infrastructure upgrade? User data points to the answers.
One of the most important uses for your data is among the least known. Your ISP is your first line of defence when there’s a cyberattack. Because they’re monitoring traffic, they will notice unusual traffic patterns and respond. They’re looking at the big picture, and they own the infrastructure. If there’s a large-scale cyberattack, they’ll be the first to notice it.”
ISPs are very active in keeping you safe by blocking scam sites too. Typically, scammers start by sending a phishing email or text that’s engineered to make you respond by clicking a link. That can take you to a near-exact copy of a site you trust – one where you’re quite happy to make a payment or share your details.
There’s just one problem: it’s a fake site. It’s being used to steal from you or to harvest your data, opening you to identity theft or fraud. In another scenario, the site might sneak malware onto your device, turning it into part of a botnet, opening you to ransomware, or spying on you with malicious intent.
So, be warned. If your ISP is blocking access to a site, there are probably excellent reasons why it is doing so.
Your ISP may be gathering and storing information about your online activity because it’s a legal requirement. In Canada, they’re complying with the Personal Information Protection and Electronic Documents Act.
It requires ISPs to keep records about the data packets you send and receive for a minimum of six months. It also mandates the need for your information to be safeguarded and stipulates a need for data privacy.
As for the reasons, we’re primarily looking at criminal investigations. If you’re up to something shady, chances are your browsing information might help authorities confirm what you’ve been up to.
Canada’s data privacy laws are quite advanced in comparison with those of the US. Way back in 2013, Bell was investigated by the Privacy Commission for allowing user data to be used for targeted advertising. Users could opt out, but Bell didn’t ask them to opt in first. Given the attention from the authorities coming from that, no telco is going to try that again in hurry.
However, Tomas points out that de-personalised data is still shared. “Bell, Telus, and Rogers are among the ISPs that will sell aggregated data. It can’t be tracked back to individuals, but it’s still out there. Although the threat is not as great, not everybody is comfortable with that.”
While ISPs are frequently demonised for data gathering, they have a legal obligation to protect it and only use it in ways that align with privacy laws.
Encryption during data transmission and when it is in storage is their top weapon. As for who has access to your information, the controls are in place. Without the right permissions, credentials, and keys, it’s impossible to see your information.
Privacy Policies set out what data protection measures users can expect from their ISPs. “It’s pretty high-level,” says Tomas “but I always recommend that people read privacy policies carefully. Check why and how your data is collected, how it is protected, and how long it will be retained.”
Despite security measures, there’s still a chance of hackers gaining access to data. Canada’s largest ISP has fallen victim in the past with a notorious data breach in 2017, and another in 2022. In the event of security breaches such as these, organisations are required to disclose what occurred and contact people who may be affected.
To minimise the risk of data storage, ISPs must comply with General Data Protection Regulations (GDPR), which state that they should only keep data for as long as it is needed to meet operational and compliance needs. Wondering what your ISP has on you? GDPR requires disclosure if you ask for your data, and you may be sure that you will have to prove your identity first.
With data breaches having serious impacts on any organisation’s reputation, and litigation on the horizon if they are shown to have been negligent, you can be sure that your ISP is on the alert.
So, how safe is the data your ISP stores? It’s as safe as they can make it – and if their protections fail, you will be among the first to know.
This website uses cookies.