With over 3,200 data breaches reported in 2024 alone — exposing more than 1.7 billion records — waiting for something bad to happen is no longer a strategy. An annual privacy checkup is the single most effective habit you can build to stay ahead of identity thieves, data brokers, and invasive tech companies. This guide gives you a repeatable, step-by-step process to review and strengthen every layer of your digital privacy.
Why You Need an Annual Privacy Checkup
Your digital footprint grows every day. New accounts, fresh data breaches, and expanding data broker networks all chip away at your privacy. An annual checkup lets you:
- Catch compromised credentials before criminals exploit them
- Revoke permissions you never meant to grant permanently
- Remove personal data from broker sites that re-list you after previous opt-outs
- Stay current with platform policy changes that may have quietly exposed your information
The best time to start is January, giving you a clean slate for the new year. Mark your calendar for quarterly mini-reviews as well — privacy erosion doesn't wait twelve months.
Step 1: Review and Update Your Passwords
Passwords remain the front door to every online account you own. Start your checkup here:
- Open your password manager and look for reused or weak passwords — update every one of them to a unique, randomly generated passphrase of at least 16 characters
- Visit haveibeenpwned.com and enter each of your email addresses to see if they appeared in known breaches
- For any account flagged in a breach, change the password immediately and check for unauthorized activity
- If you are not already using a password manager, adopt one now — it is the single highest-impact privacy tool available
Step 2: Audit Two-Factor Authentication
A strong password is not enough on its own. Review every important account — email, banking, social media, cloud storage — and ensure two-factor authentication (2FA) is enabled. Prefer authenticator apps or hardware security keys over SMS codes, which are vulnerable to SIM-swap attacks. Remove old phone numbers or devices you no longer use from your 2FA settings.
Step 3: Review App Permissions on Your Phone
Apps quietly accumulate permissions over time. Go through your phone's privacy settings and audit access to:
- Location — switch apps to "While Using" or "Never" unless they genuinely need background location
- Camera and Microphone — revoke access for any app that does not need to record audio or video
- Contacts — many apps request contact access for "friend finding" features and then upload your entire address book
- Photos — limit access to selected photos rather than your full library where possible
Where to Find Permission Settings
On iPhone, go to Settings → Privacy & Security. On Android, go to Settings → Privacy → Permission Manager. Spend ten minutes here and you will likely revoke a dozen permissions you never realized you granted.
Step 4: Check Data Broker Listings
Data brokers scrape public records, social media, and commercial databases to build profiles on you. Search your name on major people-search sites including Spokeo, BeenVerified, WhitePages, TruePeopleSearch, Radaris, and FastPeopleSearch. If your information appears — and it almost certainly will — submit individual opt-out requests to each site.
Brokers frequently re-list your data within months. PrivacyOn automates this process by monitoring over 100 data broker sites and submitting removal requests on your behalf, saving you hours of work every year.
Step 5: Review Social Media Privacy Settings
Platforms update their privacy settings and defaults regularly — often in ways that expose more of your information. For each social media account:
- Set your profile, posts, and friends list to the most restrictive visibility you are comfortable with
- Remove personal details like your phone number, birthday, and home city from your public profile
- Review tagged photos and posts — remove tags you did not approve
- Check the "Apps and Websites" section and revoke access for services you no longer use
- Log out and view your profile as a stranger to see what is actually visible
Skip the manual opt-outs
One opt-out won't stop them — brokers relist your data. PrivacyOn removes your info from 100+ sites and keeps it removed.
Start your free scanStep 6: Check Credit Reports and Freezes
Identity thieves often open new credit lines in your name. Protect yourself financially:
- Request your free annual credit reports from AnnualCreditReport.com and review them for unfamiliar accounts, hard inquiries, or address changes you did not make
- If you are not actively applying for credit, place a credit freeze at all three bureaus — Equifax, Experian, and TransUnion — which is free and prevents new accounts from being opened in your name
- Consider placing a fraud alert as an additional layer of protection
Step 7: Review Cloud Storage and Photo Sharing Settings
Review the sharing settings on Google Drive, iCloud, Dropbox, and any other cloud service you use. Look for:
- Files or folders shared publicly or with people who no longer need access
- Photo albums shared via link that anyone can view
- Automatic backup settings that may be uploading screenshots, downloads, or sensitive documents
Watch Out for AI Training Opt-Outs
Several major cloud providers have updated their terms of service to allow the use of your stored content — including photos, documents, and emails — to train artificial intelligence models. Check the privacy and data usage settings for Google, Adobe, Meta, and other platforms you use. Look for AI or machine learning opt-out toggles and disable them. These settings are often buried deep in account preferences and enabled by default. Review these terms at least once a year, as companies frequently update them without prominent notice.
Step 8: Clear Old Accounts and Subscriptions
Dormant accounts are a serious liability. They hold your personal data, often with outdated passwords, and are prime targets in data breaches. Search your email for phrases like "welcome to," "verify your email," and "your subscription" to find accounts you have forgotten. Delete every account you no longer use. For services that make deletion difficult, use JustDeleteMe to find direct deletion links. While you are at it, cancel subscriptions you no longer need.
Step 9: Update Browser Privacy Settings and Extensions
Your browser is your primary window to the internet, and its settings directly affect how much data you leak:
- Enable Enhanced Tracking Protection (Firefox) or equivalent in your browser
- Set cookies to be cleared when you close the browser, or at minimum block third-party cookies
- Install trusted privacy extensions like uBlock Origin, Privacy Badger, and HTTPS Everywhere
- Remove browser extensions you no longer use — each one has access to your browsing data
- Review your default search engine and consider switching to a privacy-focused alternative like DuckDuckGo or Brave Search
Step 10: Review Email Subscriptions and Unsubscribe
Marketing emails are more than an annoyance — every newsletter and promotional list you are on represents a company that has your email address and potentially other personal information. Spend 20 minutes scrolling through your inbox and unsubscribing from lists you no longer read. Use your email provider's built-in unsubscribe tools or a service like Unroll.me to bulk-manage subscriptions. Fewer subscriptions means fewer companies holding your data and fewer vectors for phishing attacks.
Bonus: Check Your Dark Web Exposure
Beyond public data broker sites, your information may be circulating on dark web marketplaces — including passwords, Social Security numbers, and financial details from past breaches. Free tools like HaveIBeenPwned cover known breaches, but dedicated dark web monitoring scans deeper. PrivacyOn includes continuous dark web monitoring that alerts you when your email, passwords, or personal data surface in breach databases or underground forums, giving you time to act before criminals do.
Your Printable Annual Privacy Checklist
Use this summary as a quick-reference checklist you can print or save:
1. Update all passwords and check HaveIBeenPwned
2. Verify 2FA is active on all critical accounts
3. Audit phone app permissions (location, camera, mic, contacts)
4. Search your name on major data broker sites and submit opt-outs
5. Tighten social media privacy settings
6. Pull credit reports and confirm freezes are in place
7. Review cloud storage sharing and AI training opt-outs
8. Delete old accounts and cancel unused subscriptions
9. Update browser settings and remove unused extensions
10. Unsubscribe from marketing emails you no longer need
Bonus: Run a dark web exposure scan
Schedule quarterly mini-reviews to stay on top of changes between annual checkups.
Automate Your Privacy Protection with PrivacyOn
Completing this checkup once a year is a solid start — but privacy threats do not follow an annual schedule. PrivacyOn handles the ongoing work of privacy maintenance so you do not have to:
- Continuous data broker monitoring — scans 100+ broker sites around the clock and automatically submits removal requests
- Dark web monitoring — real-time alerts when your credentials or personal data appear in breach databases
- Family coverage — protect up to 5 household members under a single plan
- Affordable plans — starting at just $8.33 per month
Use this guide as your annual deep dive, and let PrivacyOn handle the daily vigilance in between. Your privacy is not a one-time project — it is an ongoing commitment, and the right tools make it manageable.