Minnesota Attorney General's Office
1400 Bremer Tower
445 Minnesota Street
St. Paul, MN 55101
M - F 8 am - 5 pm
Guarding Your Privacy
We all work hard to protect our valuables. We buy insurance policies to protect our homes from theft or fire and we invest in safes to store jewelry, old coins and birth certificates. Despite this, most of us are not working hard enough to protect one of the most valuable things we own – our good name.
Identity theft is on the rise nationwide and is helped along by lenders and creditors who are willing to grant thousands of dollars in credit in mere minutes with little or no proof of identity. In today’s electronic age, an ID thief can easily, and sometimes legally, tap into your personal information with just a click of the computer mouse. A few bits of personal data are a gold mine for information crooks looking to steal your identity. An impostor using personal information like your address, birthdate, Social Security or credit card number, can acquire phony credit cards, private phone lines, siphon money from your checking or savings account, get a mortgage and even give you a criminal record.
Identity thieves may rummage through trash searching for discarded account statements, pre-approved credit card offers or credit receipts, search public records for your address, and even rob your mailbox. It may take a few months, but eventually you’ll start getting calls from creditors demanding payment for charges that you never made. A strange bank may call you about an overdrawn account in your name – an account you never opened. Identity theft takes months for you to detect, and sometimes years or longer to unravel.
This booklet will help you guard your privacy, protect your personal information and avoid identity fraud.
The Personal Information Trade
When we wonder or worry about who might be snooping in our private affairs, we often think about the government, “Big Brother,” watching our homes, telephone calls, or travels; however, today there is another threat to our privacy in the network of commercial databases that keep personal information about each one of us.
The sale, collection, and integration of personal information about consumers are new industries in the information age. There are currently over 1,000 private companies keeping comprehensive databases about individual consumers, a ten-fold increase in just five years.
These companies do not engage in the “mass marketing” of products or the researching of general demographic groups. Rather, they focus on gathering as much information as possible about specific people to engage in what is sometimes called “personalization” or “personal marketing.” Technology now allows these businesses to cheaply gather information about consumers, and then sort and categorize the data, sometimes called “data mining,” to isolate specific people for “target marketing” purposes.
The information possessed by these companies goes far beyond mere demographic data. For example, a privacy lawsuit against a marketing company revealed the types of information contained in its database. Its computer files contained more than 900 tidbits of information on individual consumers dating back more than a decade. One individual’s file was reportedly 25 single-spaced pages and contained information such as her income, marital status, hobbies, medical ailments, her preferred brand of antacid tablets, whether she had dentures, and how often she had used room deodorizers, sleeping aids, and hemorrhoid remedies.
The array of information available is limited only by the technology itself. Each electronically recorded transaction – from your use of credit, debit or ATM cards to your payment of mortgage or student loans – provides a glimpse into your private life. When layered on top of one another, these pieces of information create a complete picture of you as an individual.
Here are a few examples of the personal information trade:
One company maintains a database that operates twenty-four hours a day, gathering and processing information on 95% of American households. For a price, it will sort information based on income, lifestyle (outdoor, mechanic, intelligence, etc.), or even a profile of “ethnics who may speak their native language but do not think in that manner.”
Another company offers lists of people with particular medical conditions. In 1999, it offered for sale nearly 50 lists of individuals suffering from different medical ailments. It sells the names and addresses of 427, 000 people who are clinically depressed, 1.4 million women who have yeast infections, and 1 million individuals who have diabetes. It also sells lists of people with Alzheimer’s Disease, birth defects, Parkinson’s Disease, and “physical handicaps.”
A New York company offers the names of high school students according to GPA, religion, ethnicity, and SAT scores.
A hospital sells the names of its patients who may be eligible for social security insurance to a lawyer.
No information appears to be too personal for companies to collect or too insignificant to sell. In 1999, electronic research companies were selling unlisted phone numbers for $49, social security numbers for $49, and bank balances for $45. A company will obtain another person’s driving record for $35, trace a cell phone call for $84, or create a list of stocks, bonds, and securities for $209. This personal data is merged into a consumer tracking and information system that becomes larger every day it is sold to whomever may be interested in buying. Each piece of information gathered, stored, and sorted by these large databases represents an erosion of your right to privacy.
The personal information trade also enables a special kind of telemarketing called pre-acquired account telemarketing. Pre-acquired account telemarketing occurs when a telemarketer calls you with the ability to charge your credit card or bank account already in their hand. Unlike most telemarketers, these companies have acquired the ability to charge your account for the product that they are selling before they call you. A typical telemarketing sale, not involving pre-acquired accounts, requires that you provide a credit card or other account number to the telemarketer, or that you send a check or sign a contract in a later transaction. Providing a signature or an account number – like paying cash – is a readily recognizable way for you, as the buyer, to give your consent or assent to a deal.
Pre-acquired account telemarketing removes these short-hand methods for you to control when you have agreed to a purchase. Instead, the telemarketer controls the method by which you provide “consent” to the transaction, making the determination whether you have actually consented to the deal. This puts the telemarketer in a privileged position, such that he or she can charge your bank account or credit card in situations where you would never have voluntarily provided your account number to the caller.
Identity theft occurs in a variety of ways and has different labels. Two key variations are commonly referred to by law enforcement as “true name” or “true party” frauds and “account takeover” frauds. With “true name” or “true party” fraud, the thief pretends to be you. The thief uses pieces of your identity to obtain new credit cards from banks and retailers, open checking and savings accounts, apply for loans, establish accounts with utility companies, or rent an apartment. The thief can ultimately ring up a tab worth thousands of dollars – all in your name. In an “account takeover” fraud, the thief steals your money and/or assets. The thief obtains enough personal information about you to gain access to existing credit or bank accounts. Thieves impersonating you contact creditors and banks to order additional cards on the account and have the cards sent to their address instead of yours. The thief may also file a change of address with the postal service to divert any newly ordered credit cards or checks into his or her hands.
Identity theft is usually more complex than an ordinary case of credit card fraud. Armed with just one or two pieces of identifying information, such as your birth date or address, a thief can assume your financial identity, access your existing accounts, and obtain a wide range of services and benefits in your name.
Interviews with victims of identity theft and experts have revealed a wide range of thief profiles. Thieves may be friends, relatives, co-workers, employees at companies or organizations with personal information about you in their databanks, and, worst of all, total strangers, who gain access to your personal information through any number of means.
Victims of Identity Theft
Creditworthy consumers with high incomes are the preferred prey of identity thieves, but almost any of us is a potential victim. It is impossible for you to totally eliminate the possibility of falling prey to identity fraud. To lessen the chance of becoming a victim keep a tight rein on your personal information, get off telemarketing lists, stop businesses from sharing your private information, dispose of sensitive documents safely, and closely monitor your finances.
Legal Protections Against Identity Theft>
Under Minnesota and federal law, a person who knowingly transfers, possesses, or uses an identity that is not the person’s own, with the intent to commit, aid, or abet any unlawful activity, is guilty of felony identity theft. In Minnesota, the maximum prison term and/or fine for violating the identity theft statute varies depending on the number and type of victims and amount of money stolen. Though laws exist to help prosecute identity theft, prevention is better.
The Federal Fair Credit Reporting Act establishes procedures for correcting mistakes on your credit report and requires that your record only be provided for legitimate business purposes.
The Fair Debt Collection Practices Act prohibits debt collectors from using unfair or deceptive practices to collect overdue bills that your creditor has forwarded for collection.
The Fair Credit Billing Act establishes procedures for resolving billing errors on your credit card accounts. The act provides the most important protection for victims of identity theft. If you notify your card issuer at the address given for “billing inquiries” within 60 days after you receive a bill with an error, the act allows you to dispute the erroneous charge.
The Truth in Lending Act limits your liability for unauthorized credit card charges on lost or stolen cards to $50 per account. If you notify your card issuer before the thief’s unauthorized use, your liability will be $0. Therefore, if a company tries to sell you a credit card “protection” against unauthorized charges, you don’t need it. The federal law already protects you from significant monetary liability.
The Electronic Funds Transfer Act provides protection for all transactions using your debit card or other electronic means to debit or credit an account. It also limits your liability to $500 for unauthorized electronic fund transfers.
Today, personal financial information is widely accessible through a variety of sources.
Identity thieves legally obtain much of the information they need. Often, additional
information is obtained illegally, but at low risk and low cost.
The three major credit bureaus – Experian, Equifax and Trans Union – and other credit reporting agencies, produce hundreds of millions of credit reports each year. The reports include a wealth of personal information about you including your date of birth, addresses, social security number, credit account information, public records and employment data.
Credit reports are easy for unauthorized people to get. All a thief needs is your name, Social Security number and a current or previous address. Credit bureaus, to their credit, only send reports to the current address displayed on the report. However, thieves anticipate this move by sending a creditor a pre-approved credit offer using your name and the thief’s address. The credit reporting system is designed to automatically update your file, so the report is sent to the thief instead of you. The thief then has all the information they need to steal your identity
Easy Access to Credit
In the United States today credit is easier to obtain than ever. We expect quick loans, which enable us to grab a surprise bargain or finance an emergency. Easy credit makes for easy crime. The credit approval process often amounts to little more than matching two bits of information on an application – a name and a Social Security number – with a credit report.
Social Security Numbers as Universal Identifiers
When social security numbers were first issued in 1936, the federal government assured the public that use of the numbers would be limited to Social Security programs. Today, however, the social security number is the most frequently used record keeping number in the United States. Social security numbers are used for employee files, medical records, health insurance accounts, credit and banking accounts, university ID cards, and many other purposes. In fact, a social security number is now required for dependents over one year of age.
Computer records have replaced paper filing systems in most organizations. Since more than one person may share the same name, accurate retrieval of information works best if each file is assigned a unique number. Many businesses and governmental agencies believe the social security number is tailor-made for this purpose. Because your social security number is frequently used as your identification number in business and government computer databases, information about you in one database is easily linked to other databases that contain different types of private information. Using your social security number as a universal identifier makes it possible for identity thieves to gain a more complete picture of your financial records and personal information.
What Is a Credit Bureau?
A credit bureau is a clearinghouse for credit history information. Creditors provide the bureaus with information about how their customers pay their bills. The bureaus assemble this information, along with public record information obtained from courthouses around the country. Then they turn this data into a “file” on each consumer. In return, creditors can obtain credit reports about consumers who wish to open accounts with their business or organization.
There are more than 1,000 local and regional credit bureaus throughout the United States. Most credit bureaus are either owned by, or are under contract with, one of the nation’s three major credit card bureaus – Experian, Trans Union and Equifax. These national agencies maintain centralized databases containing the credit records of more than 170 million Americans. Credit bureaus generate more than a half billion reports per year.
What Is In a Credit Report?
Credit reports are a gold mine of information about you. The report contains your name, Social Security number, address, credit payment status and employment history. A credit report also contains legal information including liens, bankruptcy and other matters of public record. Federal and state laws restrict who has access to your sensitive information and how it can be used. Anyone with a “legitimate business purpose” can gain access to your credit history, including: those considering granting you credit, landlords, insurance companies, employers and potential employers, and companies with which you have a credit account.
Certain pieces of information cannot be included in your credit report:
Medical information (unless you give your consent).
Negative information, including a bankruptcy that is more than 10 years old.
Debts that are more than seven years old. Information about your age, marital status, or race cannot be included in your report if requested by a prospective employer.
Experts recommend looking at your credit report every year and before making a major purchase. Every year consumers can get a free credit report from each of the credit agencies — Equifax, TransUnion and Experian. The credit bureaus have created a centralized website, toll-free telephone number and mailing address for Minnesota consumers to order their reports. Annual reports may be requested the following way:
- Logging on to: www.AnnualCreditReport.com
- Calling: 1-877-322-8228
- Writing: Annual Credit Report Request Service
P.O. Box 105281, Atlanta, GA., 30348-5281
If you have already received your free annual credit report, Minnesota law allows you to purchase another credit report once a year for $3 from each of the credit bureaus, separately. You are entitled to one free copy of your report each year if (1) you’re unemployed and plan to look for a job within 60 days, (2) you’re on welfare, or (3) your report is inaccurate because of fraud. In addition there is no charge for the report if a company takes adverse action against you, such as denying your application for credit, insurance or employment, and you request your report within 60 days of receiving notice of the action. You may use the Credit File Request Form, located on page 23 of this booklet to order your credit report. To do so, contact one or more of the three national credit bureaus:
PO Box 105851
Atlanta, GA 30348-5851
PO Box 2104
Allen, TX 75013-9595
PO Box 2000
Chester, PA 19022
What Is Your Social Security Statement?
Your Social Security Statement provides both a statement of past earnings and an estimate of future benefits you will receive from Social Security. The statement shows how much you’ve paid into Social Security over your working years. The statement also shows how much you can expect to receive when you retire or if you become disabled. You can also determine from the statement how much your family is entitled to receive if you die. The Social Security Administration recommends that you check your Social Security earnings at least once every three years. After that it becomes more difficult to trace the earnings. A Social Security Statement is available upon request. To get a statement, call the Social Security Administration’s toll-free number at 1-800-772-1213 (TTY 1-800-325-0778).
What Is on My Driving Record?
Driver and Vehicle Services, a division of the Minnesota Department of Public Safety, keeps records on drivers (such as driver license and driver history information), and about vehicles (such as ownership information). Information stored about you includes your name, address, social security number, physical description (height, weight, eye color), date of birth, status of your driver’s license, whether corrective lenses are needed for driving, and if you are an organ donor. In addition, a record is kept of any moving violations that you are convicted of, and whether you have medical conditions that may affect driving.
Who Can Get the Information in My Driving Record?
The Minnesota Department of Public Safety (DPS) restricts access to your driving record unless you expressly consent or federal law authorizes such access. You may allow entities, including businesses, to access your driving record by checking a box on your driver’s license or vehicle registration application. If you do not check the box, then only those entities authorized by federal law may access your record.
Your driver’s license photograph, social security number, and medical and disability information receive heightened protection. Without your consent, that information can be released only for use by government
agencies such as law enforcers, for use by insurers to investigate claims or fraud, for use by an employer to verify that you have a commercial driver’s license, or for use in legal proceedings.
Most of the remaining data in your driving record is less protected. That data can be released without your consent not only to government agencies, insurers, employers and in legal proceedings for the purposes above, but also to:
Auto manufacturers, for uses related to auto safety, theft, emissions, alterations, recalls, advisories, market research, and performance monitoring;
Legitimate businesses, but only in the normal course of business to verify the accuracy of personal information you submitted so as to prevent fraud or recover a debt;
Researchers, to publish statistical reports that do not identify individuals;
Towing companies, to notify owners of towed or impounded autos;
Toll companies, to operate private toll transportation facilities (if Minnesota had such facilities)
Licensed private investigators or security services, for any of these purposes; or
Any person who has obtained your written consent.
However, if a person or business requests your driving record for a purpose other than one permitted above (by federal law), then DPS will not release your driving record unless you have expressly consented by checking a box on your license or ownership application renewal. Thus, without your consent, no commercial or business firms can access your record to add your name to direct-mail, telemarketing, or survey list.
What Is in My Medical Information Report?
Medical records are created when you receive treatment from a health professional such as a physician, nurse, dentist, chiropractor or psychiatrist. Records may include your medical history, details about your lifestyle (such as smoking or involvement in high-risk sports), and family medical history. In addition, your records contain laboratory test results, medications prescribed, and the results of surgery and other medical procedures.
A wide range of people, in and out of the health care industry, may access your medical information. Generally, access to your records is obtained when you agree to let others see them. You probably signed a blanket waiver or general consent form at some point when you obtained medical care. When you sign such a waiver, you allow the health care provider to release your medical information to insurance companies, government agencies and others.
The Medical Information Bureau (MIB) is an organization that compiles a central database of medical information. Approximately 15 million Americans and Canadians are on file in the MIBs computers. More than 750 insurance firms use the services of the MIB, primarily to obtain information about life insurance and individual health insurance policy applicants. You are entitled to a free medical record disclosure once a year. You can get a copy by calling the Medical Information Bureau toll-free at: 1-866-692-6901. For other questions or to correct your report, write to:
Medical Information Bureau
P.O. Box 105
Boston, MA 02112
Businesses and Other Organizations With Information About You
It is not just the government or creditors that collect and distribute information about you and your buying practices. Banks, insurance companies, charities and others have personal information about you that you may not want other people to know. You should compile a list of the businesses and organizations that have information about you. When forming new relationships with an organization or company, ask what will be done with your information and who will have access to it. Information is power in our society. Knowing who has what information about you allows you some control over how that information is used. Don’t hesitate to let companies and organizations know you expect them to respect your privacy.
Sale of Personal Information by State and Local Governments
Public records containing personal information such as homeowners’ documents, police and court records, utility records, and marriage and divorce records have always been available for sale in paper form. With the growing use of computer databases and the Internet, however, it is easier than ever to obtain these records for fraudulent use without leaving behind a paper trail. Public databases can now be accessed directly from many government computers and through commercial database vendors.
Identity thieves range from old-fashioned pickpockets to sophisticated theft rings with equipment that can re-encode the magnetic strip on the back of counterfeit or stolen credit cards. In an effort to compile personal information, identity theft rings sometimes enlist cleaning people (who retrieve data from office wastebaskets), corrupt merchants (who sell credit card sales receipts), and employees of financial institutions and brokerage firms who process financial transactions.