Each time the latest data breach news is made public, there’s generally widespread disdain toward the company responsible for not doing more to protect affected data. What people often overlook is they shouldn’t have trusted that company with their information in the first place.

You know, details on social media like where you work, what your entire family looks like, your phone number (which is tied to your Social Security number and home address through your carrier), and tons of other personal details that in some cases can be found without even needing to follow or friend you (gasp).

Many people blindly hand their information over without having even a basic understanding of the risks involved. Recently, Facebook subtly updated a recent announcement that indicated the passwords of “tens of thousands” Instagram users were stored in a readable—meaning non-encrypted—format. In truth, the number was in the millions.

As if that security risk wasn’t enough, Facebook also revealed that it “mistakenly” uploaded the personal contacts of 1.5 million users without their consent. According to Business Insider, “A Facebook spokesperson said before May 2016, it offered an option to verify a user’s account using their email password and voluntarily upload their contacts at the same time. However, they said, the company changed the feature, and the text informing users that their contacts would be uploaded was deleted — but the underlying functionality was not.”

Of course, Facebook should have been more diligent and trustworthy. But users of Facebook and Instagram platforms should be aware their so-called private information is already being gathered and sold to other companies—which are arguably at even higher risks of being breached.

Not only do you have to worry about well-known and largely reputable companies selling your data, but a recent ZDNet article reported on the threat of cybercrime markets now selling people’s digital identities, including digital fingerprints, “for prices ranging from $5 to $200 and then log into that user’s account to steal funds, personal photos, sensitive or proprietary documents, or submit official papers on his behalf (to government-related agencies).”

These examples illustrate the real issues surrounding privacy and security—both of which are often assumed to be the same thing. That couldn’t be further from the truth. Google’s platforms are incredibly secure, but what many people don’t realize is they’re shockingly not private. All of the security measures in the world only mean that it’s difficult for hackers to illegally obtain your information, but the companies that own your information with a weak privacy policy are able to legally sell that information for their profit. Former Google CEO Eric Schmidt once summarized the company’s stance on your privacy when he stated, “A person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.”

A wise man once said, “Don’t put anything on a Google (or Facebook) platform that you wouldn’t write on a postcard.” A secure platform can and will eventually be compromised. The real risk each time one of these breaches occurs with your personal information is that most people likely have that account or a reused password tied to a variety of other sites and services that then make them an easy target across multiple platforms.

What can you do about this? The first basic step is to stop willingly putting your information out there. This can be done by changing your social media and online shopping habits.

  • Don’t tie your social media account to every online retail site you visit.
  • Stop using the same password for everything you do online and instead use a password manager that gives you the ability to use randomly-generated complex passwords for each online account. Having a unique password means that when a password database is breached, someone looking to target you is limited to just that one account.

If you really want to step up your game, use unique email addresses for all of your accounts to add another layer of security.

What about the private information on your smartphone that Facebook and others can access through it? Delete the app! You’d be surprised if you actually took the time to read the Facebook privacy policy to see just how much it can access on your phone when you “consent” by simply installing the app.

Do yourself a favor and look at the usage settings on your phone to see how much of your day is wasted on certain apps. You’ll be surprised at how much your quality of life improves without that app. You can use a web browser—preferably a more secure one like Firefox—to login instead. And how about those apps you never use? They can go as well.

What if you happen to be caught in a data breach? Well, assume your personal information is already out there. But don’t worry: after changing passwords, there are other actionable steps available to ensure that much of it is removed from public space. After some cleanup, keep your information more private by using aliases, disinformation, and anonymous purchases—all through legal methods. Just because you “don’t have anything to hide” doesn’t mean you should needlessly have personal information shared for public access, putting yourself at risk.

While there are many phases of privacy and security, it’s recommended that you evaluate your situation along with the help of a privacy and security guide to see what level of security suits you.