WASHINGTON – A new survey released March 17, 2026, by WhistleOut reveals that 92 percent of Americans express concern about their personal data being collected by websites and apps on their mobile devices, yet many fail to take basic protective steps.
The poll of 1,000 U.S. adults highlights a gap between widespread worry and actual behavior when it comes to online privacy. While most respondents recognize risks from tech companies, smart devices and data brokers, a significant portion admit to blindly accepting terms and conditions or skipping privacy settings reviews.
Americans showed the highest concern levels for data security while using web browsers at 93 percent, followed closely by mobile smart devices at 92 percent. Other smart devices such as speakers and doorbell cameras drew concern from 83 percent, and smart TVs from 81 percent. Extreme concern was highest for mobile smart devices at 26 percent.
Despite these worries, 41 percent of people never read the privacy policies of websites or apps before using them. Forty percent of phone users have never reviewed privacy settings on their devices to limit data collection. Twenty-three percent do not check permissions granted to mobile apps for camera, contacts or location access. Only two in 10 people always read through terms of use when downloading a new app.
The survey points to real risks from both corporate data practices and criminal activity. Tech companies build profiles from browsing history, location and personal information that can be sold to third parties, including data brokers. Government agencies have purchased commercially available data without warrants. Emerging concerns include AI-enabled surveillance pricing, where companies could adjust prices based on tracked user behavior.
Scammers exploit weak security habits. Only 23 percent of respondents said they feel very confident in identifying and protecting themselves from online threats. One in three remain unsure of their abilities. Fifty-two percent use the same passwords across multiple important accounts. Twenty-one percent do not regularly update their phone operating systems for security patches. Forty-four percent have taken no steps to secure their home Wi-Fi networks. Sixty-three percent lack robocall blocking software, and 29 percent use no antivirus or antimalware protection.
Data breaches continue at record levels. The Identity Theft Resource Center reported 3,322 data compromises in 2025, a 4 percent increase from the prior year. Thirty-one percent of survey respondents said they had personally experienced a data breach involving unauthorized access to accounts or information on their mobile devices. Sixteen percent of breaches in 2025 involved AI for phishing or deepfake impersonations. One major incident in June 2025 exposed over 16 billion user credentials from major platforms.
Southern Maryland residents in St. Mary’s, Calvert and Charles counties face the same risks as the rest of the nation. Many households rely on smart home devices, online shopping and mobile apps for daily needs, from banking to government services. Maryland’s Online Data Privacy Act, with enforcement beginning April 1, 2026, grants consumers rights to access, correct and delete personal data held by certain businesses. It also allows opting out of targeted advertising and data sales. Violations are treated as unfair trade practices under the Maryland Consumer Protection Act.
The WhistleOut report offers straightforward protective measures that take minimal time. Recommendations include using strong, unique passwords managed by a password manager, enabling two-factor authentication through an app rather than text messages, reviewing and retracting unnecessary app permissions, disabling location tracking when not needed, deleting unused apps and accounts, employing a virtual private network, limiting browser cookies, keeping software updated, activating anti-robocall features and limiting direct sharing of financial information through services such as Apple Pay or PayPal.
In the event of a breach, individuals should monitor or freeze their credit, change passwords across affected accounts and request new card numbers if payment information was involved. The Federal Trade Commission provides detailed guidance for different breach types.
The survey underscores that while concern runs high, action lags. Simple habits such as reading policies, updating devices and using basic security tools can reduce exposure. As AI and data collection practices evolve, experts encourage ongoing vigilance.
Southern Maryland consumers can take advantage of Maryland’s new privacy law by exercising their rights starting in April and reviewing settings on commonly used devices and apps. Local libraries and community colleges often offer free digital literacy workshops that include privacy and security training.
