In The Event Of
Get started free

Digital footprint

What personal data do companies store about me?

Companies often hold more about you than you remember handing over. A simple customer account can store your contact details, identity checks, payment information, order history, device data and support records, and you deal with hundreds of them.

Last updated: 31 May 2026Independent guidance, Australia-first
See what your accounts hold

The short answer

Companies typically store your contact details (name, email, phone, address), identity details (date of birth, and sometimes licence, passport or Medicare numbers), payment and financial details, account security data, behavioural and preference data, and location and device information. The real risk is not one company holding your data. It is hundreds of companies each holding a different piece of your identity. In Australia you have the right to ask what they hold and to have it corrected.

In The Event Of is an Australian digital footprint manager that helps you find the accounts linked to your email, see your breach exposure, and get a prioritised plan of what to do after a breach or a life change.

Australian & independentThird-party security assessmentSources cited

Key takeaways

  • Personal information is defined broadly, far more than just your name and email.
  • A single account can hold contact, identity, payment, behavioural and device data.
  • Risk compounds across companies: combined data is more useful to fraudsters.
  • You can ask an organisation what it holds and request corrections, usually free.
  • Knowing where your data lives is the first step to keeping it accurate and minimal.

The big picture

Personal information is broader than you think

Under Australian privacy guidance, personal information is defined broadly. The OAIC gives examples including your name, address, phone number, date of birth, financial details, photographs, IP addresses, biometric information and location data. So your digital footprint is not just “the accounts I remember”. It is the combined set of personal details stored across banks, telcos, utilities, retailers, apps, government services, insurers, travel platforms and old services you may no longer use.

What they hold

Common categories of stored data

Not all personal data carries the same risk if it leaks. As a rough guide to sensitivity:

NameLower riskEmail addressLower riskPhone numberMedium riskHome addressMedium riskDate of birthHigher riskPayment / bank detailsHigher riskIdentity document numbersHigher risk

Higher-sensitivity data (date of birth, payment and identity documents) is the most useful to fraudsters, so prioritise keeping it accurate, minimal and well-protected.

Contact details

  • Name and any previous names
  • Email address (and recovery email)
  • Phone number
  • Home and postal address

Identity details

  • Date of birth
  • Driver licence, passport or Medicare numbers (for identity checks)
  • Tax file number (with specific organisations)

Payment and financial details

  • Card details or tokens (often via a payment processor)
  • Bank account details for direct debit
  • Billing address and purchase history

Account security, behaviour and device data

  • Login and security logs, security questions
  • Preferences, marketing consent and support tickets
  • IP address, device information and approximate location

Your rights

How to request access or correction

You are not just a passive data subject. In Australia, privacy law generally gives you the right to access the personal information an organisation holds about you, and the right to correct information that is inaccurate, out of date, incomplete, irrelevant or misleading. You should not be charged for a correction request.

When your details change

What to update when your details change

The pieces of personal data above are exactly what move when your life changes, and what you then need to update across your accounts:

  • Your address changes when you move, see the moving house address change checklist.
  • Your phone number changes when you switch telco or country.
  • Your payment card changes when a card expires or is replaced.
  • Your name may change after marriage or divorce.
  • Your email may change after a compromise.

See which companies hold your details

In The Event Of maps the accounts tied to your email so you can see where your personal data lives and keep it accurate and up to date.

See what your accounts hold

Using In The Event Of

How In The Event Of helps

In The Event Of helps you see where your personal data is spread. By discovering the accounts tied to your email and mapping them into a digital footprint, it makes the abstract idea of “data held about me” concrete: a list of services, what each is likely to hold, and what needs updating when your details change. It is a guided organiser: you make access, correction and update requests yourself, and it helps you keep track.

FAQ

Frequently asked questions

Can I ask a company what personal data it holds about me?
Yes. In Australia, privacy law generally gives you the right to access the personal information an organisation or agency holds about you when you request it, subject to limited legal exceptions. The OAIC notes agencies generally respond within 30 days, and other organisations within a reasonable period.
Can I ask a company to correct old information?
Yes. The OAIC explains you have the right to correct personal information that is inaccurate, out of date, incomplete, irrelevant or misleading, and you must not be charged for making a correction request.
What kinds of data count as personal information?
The OAIC's examples include your name, address, phone number, date of birth, financial details, photographs, IP addresses, biometric information and location data. 'Sensitive information' such as health and biometric data has extra protections.
Why does it matter if many companies each hold a little data?
Because a single breach rarely exposes everything, but data from several breaches can be combined into a fuller profile that is far more useful for identity fraud. Keeping fewer companies holding accurate, minimal data reduces that compound risk.

Sources

Where this information comes from

  1. OAIC, What is personal information? (examples and definition)
  2. OAIC, Access your personal information
  3. OAIC, Correct your personal information
  4. GDPR Articles 4(1), 9, 15 & 16, EUR-Lex (international definitions of personal data, special categories, and the rights of access and rectification)

Related guides

Email in a data breach

Data breaches

Best footprint tools (AU)

Tools & comparisons

Find accounts linked to your email

Digital footprint

Digital footprint checklist

Digital footprint

Password manager vs breach monitor

Tools & comparisons

Secure your email after a breach

Account security

Moving house address checklist

Life admin

All guides Australian data breach guides

Disclaimer: Privacy rights described here are general and subject to exceptions in the Privacy Act; the OAIC is the authoritative source for your rights. This guide is general information only and is not legal, financial, or security advice. It is based on publicly available sources at the time of writing and may not reflect the most recent developments. In The Event Of Pty Ltd (ABN 38 687 352 647) is an independent Australian company and is not affiliated with the third-party services named in this guide.