Keep your devices (and information) safe while under repair

Most of us have experienced having our laptops, smartphones, or tablets break down on us.  A software may have failed or malfunctioned, or there might be broken parts due to an accidental fall, spilt liquid, or some other reason. Our first typical reaction is to check if it can still be repaired. More than our desire to save money, we often want to save the device and its contents (e.g., contact numbers, email addresses, pictures, videos, personal documents, etc.) for their sentimental value.
 
And so, more often than not, we find ourselves bringing our gadgets to a repair shop. For this task, many of us are naturally drawn towards malls given their ubiquity and proximity; a few can afford to seek out service providers specifically recommended by friends and family.
 
At the shop, the technician will frequently ask the customer to leave the device for the duration of the repairs. This could be due to a number of reasons—there’s a long job queue, the problem is complicated, a replacement part is currently unavailable, etc. As a customer, you are left to mull over your options and, in the process, ask yourself one or more of these questions: will they tinker around with the contents of my device?  If they do, what will they find? Do I have pictures in them? videos? How about passwords? IDs?
 
In most cases, we have no choice but to agree and simply trust the shop and its personnel. Bringing them to another will likely yield the same results. One can only hope then that one has already made all necessary precautions. But what exactly are these safeguards that we should be adopting or practicing in the first place?
 
Before we get to that, it should be clear that having complete strangers gain control or custody of our personal devices will necessarily put at risk any information we have in them. This includes those situations where we leave them with repair shops, no matter how reputable they seem. There are already plenty of stories these days about information being unlawfully accessed or copied while gadgets were under repair. In 2019, the National Bureau of Investigation (NBI) arrested a cellphone technician who was accused by one of his clients of demanding money in exchange for not exposing the victim’s nude photos which he supposedly accessed via her phone. Just this year, tech giant Apple paid a woman millions of dollars in legal settlement after her nude photos were posted on her Facebook account by employees of the company’s authorized service center. In 2016, the woman turned over her iPhone to the center for repair. This is scary, considering some malicious individuals may take things even further and actually install applications that would compromise one’s security and continuously collect information about device owners.
 
Consequently, it is important for us to learn how to keep our devices secure and preserve the privacy of our personal information. As far as data is concerned, it’s better to just keep them off the hands of other people, rather than go after the latter in case they violate our boundaries.
 
A good first step is to check a repair shop’s policies on privacy. As a business, it is expected to respect the privacy of its customers and the security of the latter’s devices whenever these are in their custody. As a personal information controller, it must then have a customer-facing privacy notice. The document must adequately explain what information the shop is collecting and how these are going to be processed. It should be prominently displayed at the business premises and the company website, if any.
 
As a customer you can also be more direct and ask the technician for the shop’s policies and procedures when handling customers’ devices, particularly those left behind for repair. A reliable business ought to have them, including provisions that mandate respect for customer privacy. Such a duty may be imposed by a policy or a non-disclosure agreement (NDA) signed by all company personnel. In some instances, customers themselves make sure such an imposition exists by asking the technician or company representative to sign a document whereby the latter commit to uphold the confidentiality of any information stored on the device under repair.
 
Meanwhile, there are also steps that customers can take on their end to eliminate or lessen the chances of their information being accessed sans their permission. The simplest—but not always the easiest—is to remove all sensitive information from the device before turning the latter over for repair. If necessary, they can simply be transferred temporarily to another device or backed up to cloud before deleting them from the primary device. If removal is too cumbersome, there is always the option of encrypting the information.
 
Do all these seem excessive? For some, maybe. But not really.
 
We have to remember that the amount of information stored in our computer devices today is so enormous; their value is almost priceless. It is then no surprise that the temptation among technicians and repair shop owners to access and collect them is high, even if doing so exposes their livelihood and business to tremendous risks.
 
Nevertheless, that doesn’t change the fact that unauthorized access of personal data is an actionable offense, and even considered a crime in some jurisdictions like the Philippines. As such, those in the repair business must learn to respect their customers’ privacy if they want to stay out of trouble and out of jail.
 
For customers and device owners, they should also be careful and be more proactive in protecting their data and their rights. Securing the information in their devices should be a priority. After all, while data breaches and privacy intrusions are committed by people against others, protecting personal data—one’s own and that of others—is a responsibility shared by everyone.