“Privacy and online safety go hand in hand. And when you’re using the internet, it’s important to have control over how your sensitive, personally identifiable information can be found.” This statement comes from a new policy update announced by Google last week. For years, the search engine has provided options for users to report pages that are hosting private, potentially-harmful information — for example, credit card numbers or social security numbers. However, with the rising public awareness of “doxxing” (i.e. sharing someone's private information with malicious intent), Google has expanded its guidelines to include more types of personal information that can be reported and removed from search results.

Here's a fictional example of what it might look like if you get doxxed. It might be a website or blog run by someone deliberately harassing you for political reasons, or someone who wants to get revenge over a personal disagreement. Or maybe it's a third-party directory site that inadvertently ended up with leaked personal info. Either way, you never gave them permission to circulate this information, and you certainly don't like the idea that strangers can easily escalate the issue by showing up on your doorstep or calling your employer.

First Step: Contact the Source

If this happens, the first step should always be to contact the source of this leaked info, if it's possible and safe to do so. If the site isn't sharing your info with malicious intent, a quick email to the webmaster can often get your info removed. It may also be worth reaching out to the web site's hosting service provider, since some of them have terms of service (TOS) stipulations that forbid doxxing.

Subscribe Today and Save!

Get the Mag

Above: Here's an excerpt from one web host's TOS that explicitly prohibits doxxing.

Unfortunately, in cases of malicious doxxing, it's likely that contacting the source of the leaked info will be a waste of time. It might even make the harassment worse. Instead, you can limit the spread of that information by asking Google to remove it from search results.

Types of Personal Information that Qualify

In a policy update statement, Michelle Chang, the Global Policy Lead for Search at Google, wrote: “The availability of personal contact information online can be jarring — and it can be used in harmful ways, including for unwanted direct contact or even physical harm. And people have given us feedback that they would like the ability to remove this type of information from Search in some cases.”

Google's updated policy is very specific about its criteria for removing personal information. You can't just ask them to remove every instance of your name or photos of your face, since that information is already in the public record and wouldn't be considered harmful. Here's Google's latest list of information that can be removed:

• Confidential government identification (ID) numbers like U.S. Social Security Number, Argentine Single Tax Identification Number, Brazil Cadastro de pessoas Físicas, Korea Resident Registration Number, China Resident Identity Card, etc.
• Bank account numbers
• Credit card numbers
• Images of handwritten signatures
• Images of ID docs
• Highly personal, restricted, and official records, like medical records
• Personal contact info (physical addresses, phone numbers, and email addresses)
• Confidential login credentials

Google will also remove doxxing content that includes your contact info along with “explicit or implicit threats [and/or] calls to action for others to harm or harass.”

Additionally, Google revealed a new policy that allows people under age 18 (or their parents or guardians) to request removal of their images from search results.

Google says it typically will not remove information that is “determined to be of public interest,” such as content from government and official sources, newsworthy content, and professionally-relevant content.

How to Remove Your Personal Info from Google Searches

If you find a web site in Google search results that you believe meets the personal information guidelines above, click here to start a removal request. You will need to include specific URLs for the pages, web sites, or images in question. Up to 1,000 URLs can be included in your request. You may also need to submit screenshots to indicate the specific information that applies to you.

Once your request has been submitted, it will be evaluated by Google. If it's confirmed that your request meets the guidelines, the page or pages may be blacklisted from all search queries, or only for search queries that contain your name. That decision depends on the severity and specificity of the information that was leaked.

It's Not Foolproof

Google explains, “When we remove content from Google Search, it may still exist on the web. This means someone might still find the content on the page that hosts it, through social media, on other search engines, or other ways.” However, if you've been doxxed or your personal info has been leaked, removing it from the world's largest search engine — a company that holds a staggering 92% market share — is a good way to start regaining control of the situation.

For more information on online privacy, check out some of our previous articles:

• Infographic: Social Media Privacy Settings
• Cybersecurity and Travel
• Digital Security: How to Set Up a VPN

Written by Patrick McCarthy