As parents, you may have to pull off an especially tricky balancing act around the holidays. It can be hard to navigate the commercials that entice kids with the hottest holidays toys while still trying to stick to a budget, and no one wants to imagine the dilemma of not being able to find that one present a child has his heart set on. However, while you focus this year on maintaining some level of sanity to your holiday shopping, there’s another important factor to keep in mind.

Safety is always a consideration when you’re buying any toy for a child. Is it a choking hazard? Does it contain harmful chemicals in the plastic? Is it age-appropriate and will it encourage healthy play? Those are all important points to keep in mind, but it’s absolutely vital in the digital age to make cybersecurity a part of your shopping list as well.

Last year, holiday headlines went haywire with news of a Mattel product that posed a security risk to children. The company’s Hello Barbie interactive doll recorded children’s conversations with the doll and transmitted them over wifi to a third-party. The goal of the data gathering was to make the doll more personal to its owner and to make it more intuitive in its responses; most artificial intelligence relies on “machine learning,” after all, to help it be more useful and accurate. But many parents and security advocates balked at the notion that a third-party—and potentially any hackers who worked their way in—were listening in and recording underaged children.

Also, around this time last year educational technology toy manufacturer VTech suffered an intentional data breach that stole the user profiles for millions of consumers’ Learning Lodge accounts. The information included adult account holders’ names, email addresses and passwords, secret questions and answers, I.P. addresses, mailing addresses, and more. Even more alarming, the hacker also stole the names, genders, birth dates, and even photographs of the users’ children.

So this holiday shopping season, it’s important for parents to understand all the potential security risks and mechanisms that drive the toys they plan to buy. We tend to discover a security vulnerability after the fact, but there are some common sense questions you can ask before you make that purchase:

1. Does the toy require a wifi connection, Bluetooth connection, or downloaded app to make it work?

2. Does the toy require you to make an account in order to use it?

3. Does it record, store, or share any information about you or your child?

4. If it’s installed on your computer or mobile device, what permissions does it require, like access to your camera and microphone?

5. If it’s installed, are there optional permissions it wants, like access to your contacts list or photo albums?

It’s important to find these things out before you buy so that you can make a determination about the product’s potential for harm. If you’re confident that your child is old enough to understand the security requirements and can follow your rules for safe use, then you’ll feel better knowing the risks and knowing that you’ve addressed them.

Questions about identity theft? Connect with the ITRC through our toll-free call center at (888) 400-5530, live chat feature or on-the-go through our IDTheftHelp app for iOS and Android.