Most people lock their doors. They protect their wallets, and they think twice before sharing their IC number.

Online, however, many still live with the digital equivalent of open windows and spare keys under the doormat.

Passwords are reused. Apps are downloaded without checking permissions. Links are clicked in a hurry. Defaults are accepted without question.

It’s not carelessness so much as habit, shaped by convenience and fatigue.

Following the recent observance of World Data Privacy Day, it is timely to think about privacy hygiene the way we think about basic upkeep in everyday life, as routine maintenance for living in a digital environment.

Privacy hygiene does not require deep technical knowledge. It does not mean reading every privacy policy or treating every app with suspicion.

Far too many people click ‘allow’ out of habit when mobile phone apps request permission to use their personal data.

The aim is not to retreat from digital life, but to reduce unnecessary exposure and to be more deliberate about what we share and why.

The logic is simple enough. Locking a gate does not eliminate risk entirely, but it does lower it.

The habits that matter most

Most effective privacy practices are straightforward. They are not time-consuming, but they are all too easy to overlook. These are five simple but highly effective steps you can begin with to safeguard your personal data:

1. Turn on two-factor authentication (2FA)

Two-factor authentication adds a second layer of protection to an account. Logging in requires not only a password but also a one-time code sent to a phone or generated by an app.

It introduces a small inconvenience. It also makes stolen passwords far less useful.

Email, banking, cloud storage, messaging platforms and social media accounts all benefit from 2FA. Where the option exists, enabling it is one of the most effective steps a user can take.

2. Avoid reusing passwords

Password reuse remains one of the most common vulnerabilities.

When one service suffers a data breach, exposed login details often circulate online. If the same password is used elsewhere, attackers do not need to guess. They simply try the same combination across other platforms.

Password managers are designed to address this problem. They store credentials securely and generate strong, unique passwords for each account.

Even shifting only your most important accounts - such as email, financial services and device logins - to unique passwords can significantly reduce risk.

3. Review app permissions periodically

Most smartphones contain dozens of installed apps, many of which retain access to sensitive functions long after they were first installed.

A torchlight app does not need location access. A shopping app rarely requires microphone access. A casual game does not need access to contacts.

Does a phone’s torchlight app need to know the user’s location?

Reviewing which apps have access to location, camera, microphone, photos and contacts can reveal permissions that are unnecessary. A simple principle applies: if the permission does not clearly support the app’s function, it deserves reconsideration.

4. Use ‘While using’ instead of ‘Always allow’

Location data is among the most revealing categories of personal information. It can expose where someone lives, works and spends time.

Many apps request “Always allow” access by default, even when their core function only requires location data while the app is open. For navigation, delivery, ride-hailing and shopping services, “While using” is usually sufficient.

When using a ride-hailing app, switching the location setting to ‘While using’ is usually sufficient.

This single adjustment quietly limits how much continuous background data is collected.

5. Be selective with free tools and quizzes

Personality quizzes, face filters, AI avatar generators, free productivity tools and online converters often request broad access to photos, profiles or device data. Some are harmless, while others collect more information than users realise.

Before granting access, it is worth considering whether the request is proportionate to the function offered. If a simple tool asks for extensive permissions, exercise caution.

Understand that data brokers exist

Many users have never knowingly interacted with a data broker, which is largely the point.

Data brokers are companies that collect and aggregate personal information, often sourced indirectly from apps, websites and public records. Users may not have provided data to these entities directly, yet their information can still circulate within this ecosystem.

You do not need to track every data broker to practise good privacy hygiene, but recognising that personal data can travel beyond the apps you see reinforces why everyday precautions matter.

Why this matters now

Digital risks are increasing, scams are more sophisticated, and data breaches are frequent. AI tools are lowering the barrier for impersonation and identity misuse. At the same time, phones now contain more personal information than wallets ever did.

Good privacy hygiene does not make one invisible, but it makes us more deliberate in our choices. In an environment designed for speed, convenience and passive sharing, deliberate behaviour becomes a form of protection.

The goal is not to transform daily life, but to care for digital habits in the same way we care for other aspects of life: through small, ordinary practices, applied consistently.

Each intentional action shifts a little more control back to you.

This S.A.F.E. Internet Series is in collaboration with CelcomDigi.

The views expressed here are those of the author/contributor and do not necessarily represent the views of Malaysiakini.