Guarding Your Privacy
- Tips to Prevent Identity Theft
What is Personal Information and Identity Theft?
The Personal Information Trade
When we wonder or worry about who might be snooping in our private affairs, we often think about the government, “Big Brother,” watching our homes, telephone calls, or travels; however, today there is another threat to our privacy—the network of commercial data brokers that collect and sell personal information about each one of us.
The sale, collection, and integration of personal information about consumers is a big industry in the information age. There are thousands of private companies keeping comprehensive databases about individual consumers, including retailers, advertisers, and Internet companies, to name a few. According to a study commissioned by the Direct Marketing Association, in 2012 corporations spent $7 billion for access to lists and databases with information on consumers.
These companies do not engage in the “mass marketing” of products or the researching of general demographic groups. Rather, they focus on gathering as much information as possible about specific people to engage in what is sometimes called “profiling” or “personal marketing.” Technology allows these businesses to cheaply gather information online and offline about consumers through a variety of means, including purchase data, financial records, motor vehicle records, credit card transactions, store savings cards, and public records. The businesses then sort and categorize the data, sometimes called “data mining,” to create comprehensive profiles on specific people for “target marketing” purposes.
The information possessed by these companies goes far beyond mere demographic data. For example, a privacy lawsuit against a marketing company revealed the types of information contained in its database. Its computer files contained more than 900 tidbits of information on individual consumers dating back more than a decade. One individual’s file was reportedly 25 single-spaced pages and contained information such as her income, marital status, hobbies, medical ailments, her preferred brand of antacid tablets, whether she had dentures, and how often she had used room deodorizers, sleeping aids, and hemorrhoid remedies.
The array of information available is limited only by the technology itself. Each electronically recorded transaction—from your use of credit, debit, or ATM cards to your payment of mortgage or student loans—provides a glimpse into your private life. When layered on top of one another, these pieces of information create a complete picture of you as an individual.
Here are a few examples of the personal information trade:
- One company maintains a database that gathers and processes information on more than 98% of American households. For a price, it will sort information based on more than 1,000 elements from “basic demographics” to “sophisticated psychographics.”
- Another company offers over 40 lists that include the name and address of people with particular medical conditions, such as asthma, diabetes, and clinical depression. It also sells lists of people with Alzheimer’s Disease, Multiple Sclerosis, Parkinson’s Disease, and cancer.
- A nonprofit organization offers the names of high school students according to GPA, religion, ethnicity, SAT range, and potential major.
- A medical-record company that has information on 100 million patients provides its software to clinics free of charge and then charges pharmaceutical companies a fee to send reminders to doctors that particular patients need vaccinations or that a test or treatment may be necessary.
No information appears to be too personal for companies to collect or too insignificant to sell. For instance, one company sells lists of “married moms,” “holiday car buyers,” consumers who plan to give candy for Valentine’s Day, and those likely to spend their tax refund on a vacation. Personal data is merged into a consumer tracking and information system that becomes larger every day and it is sold to whomever may be interested in buying. Each piece of information gathered, stored, and sorted by these large databases represents an erosion of your right to privacy.
The personal information trade also enables a special kind of telemarketing called “pre-acquired account telemarketing.” Pre-acquired account telemarketing occurs when a telemarketer calls you with the ability to charge your credit card or bank account already in their hand. Unlike most telemarketers, these companies have acquired the ability to charge your account for the product that they are selling before they call you. A typical telemarketing sale not involving pre-acquired accounts requires that you provide a credit card or other account number to the telemarketer, send a check, or sign a contract in a later transaction. Providing a signature or an account number—like paying cash—is a readily recognizable way for you, as the buyer, to give your consent or assent to a deal.
Pre-acquired account telemarketing removes these short-hand methods for you to control when you have agreed to a purchase. Instead, the telemarketer controls the method by which you provide “consent” to the transaction, making the determination whether you have actually consented to the deal. This puts the telemarketer in a privileged position, such that he or she can charge your bank account or credit card in situations where you would never have voluntarily provided your account number to the caller.
Identity theft occurs in a variety of ways and has different labels. Two key variations are commonly referred to by law enforcement as “true name” or “true party” frauds and “account takeover” frauds.
“True Name” or “True Party” Fraud
With “true name” or “true party” fraud, the thief pretends to be you. The thief uses pieces of your identity to obtain new credit cards from banks and retailers, open checking and savings accounts, apply for loans, establish accounts with utility companies, or rent an apartment. The thief can ultimately ring up a tab worth thousands of dollars—all in your name.
“Account Takeover” Fraud
In an “account takeover” fraud, the thief steals your money and/ or assets. The thief obtains enough personal information about you to gain access to existing credit or bank accounts. Thieves impersonating you contact creditors and banks to order additional cards on the account and have the cards sent to their address instead of yours. The thief may also file a change of address with the postal service to divert any newly ordered credit cards or checks into his or her hands.
Identity theft is usually more complex than an ordinary case of credit card fraud. Armed with just one or two pieces of identifying information, such as your birth date or address, a thief can assume your financial identity, access your existing accounts, and obtain a wide range of services and benefits in your name.
Interviews with victims of identity theft and experts have revealed a wide range of thief profiles. Identity thieves may be friends, relatives, co-workers, employees at companies or organizations with personal information about you in their databases, and, worst of all, total strangers who gain access to your personal information through any number of means.
Victims of Identity Theft
Creditworthy consumers with high incomes are the preferred prey of identity thieves, but almost anyone is a potential victim. It is impossible for you to totally eliminate the possibility of falling prey to identity fraud. To lessen the chance of becoming a victim, keep a tight rein on your personal information, get off telemarketing lists, stop businesses from sharing your private information, dispose of sensitive documents safely, and closely monitor your finances.
Legal Protections Against Identity Theft
Under Minnesota and federal law, a person who knowingly transfers, possesses, or uses an identity that is not the person’s own, with the intent to commit, aid, or abet any unlawful activity, is guilty of felony identity theft. In Minnesota, the maximum prison term and/or fine for violating the identity theft statute varies depending on the number and type of victims and amount of money stolen. Though laws exist to help prosecute identity theft, prevention is better. The following are some of the laws that provide protection against identity theft:
The Federal Fair Credit Reporting Act establishes procedures for correcting mistakes on your credit report and requires that your record only be provided for legitimate business purposes.
The Fair Credit Billing Act establishes procedures for resolving billing errors on your credit card accounts. The act provides the most important protection for victims of identity theft. If you notify your card issuer at the address given for “billing inquiries” within 60 days after you receive a bill with an error, the act allows you to dispute the erroneous charge.
The Truth in Lending Act limits your liability for unauthorized credit card charges on lost or stolen cards to $50 per account. If you notify your card issuer before the thief’s unauthorized use, your liability will be $0. Therefore, if a company tries to sell you a credit card “protection” against unauthorized charges, you don’t need it. The federal law already protects you from significant monetary liability.
The Electronic Funds Transfer Act provides protection for all transactions using your debit card or many other electronic means to debit or credit a bank account. It also limits your liability to $500 for unauthorized electronic fund transfers.
The Identity Theft and Assumption Deterrence Act was enacted to address identity theft. Specifically, the statute makes it a federal crime when a person “knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person with the intent to commit or to aid or abet or in connection with any unlawful activity that constitutes a violation of federal law or that constitutes a felony under any applicable state or local law.” Similarly, Minnesota Statutes section 609.527 makes identity theft a crime.
Your Personal Information Is Not As Safe As You Think
Today, personal financial information is widely accessible through a variety of sources. Identity thieves legally obtain much of the information they need to commit identity theft. Often, additional information is obtained illegally but at low risk and low cost.
The three major credit bureaus—Experian, Equifax, and TransUnion—and other credit reporting agencies, produce hundreds of millions of credit reports each year. The reports include a wealth of personal information about you, including your date of birth, addresses, Social Security number, credit account information, public records, and employment data.
Credit reports are easy for unauthorized people to get. All a thief needs is your name, Social Security number, and a current or previous address. Credit bureaus, to their credit, only send reports to the current address displayed on the report. However, thieves anticipate this move by sending a creditor a pre-approved credit offer using your name and the thief’s address. The credit reporting system is designed to automatically update your file, so the report is sent to the thief instead of you. The thief then has all the information he needs to steal your identity.
Easy Access to Credit
In the United States today, credit is easier to obtain than ever. We expect quick loans, which enable us to grab a surprise bargain or finance an emergency. Easy credit makes for easy crime. The credit approval process often amounts to little more than matching two bits of information on an application—a name and a Social Security number—with a credit report.
Social Security Numbers as Universal Identifiers
When Social Security numbers were first issued in 1936, the federal government assured the public that use of the numbers would be limited to Social Security programs. Today, however, the Social Security number is the most frequently used recordkeeping number in the United States. Social Security numbers are used for employee files, medical records, health insurance accounts, credit and banking accounts, university ID cards, and many other purposes. In fact, a Social Security number is now required for dependents over one year of age.
Computer records have replaced paper filing systems in most organizations. Since more than one person may share the same name, accurate retrieval of information works best if each file is assigned a unique number. Many businesses and governmental agencies believe the Social Security number is tailor-made for this purpose. Because your Social Security number is frequently used as your identification number in business and government computer databases, information about you in one database is easily linked to other databases that contain different types of private information. Using your Social Security number as a universal identifier makes it possible for identity thieves to gain a more complete picture of your financial records and personal information.
Private Information Check List
What Is a Credit Bureau?
A credit bureau is a clearinghouse for credit history information. Creditors provide the bureaus with information about how their customers pay their bills. The bureaus assemble this information, along with public record information obtained from courthouses around the country, and turn this data into a “file” on each consumer. In return, creditors can obtain credit reports about consumers who wish to open accounts with their business or organization.
There are more than 400 local and regional credit bureaus throughout the United States. Most credit bureaus are either owned by, or are under contract with, one of the nation’s three major credit bureaus—Experian, TransUnion, and Equifax. These national agencies each maintain centralized databases containing the credit records of more than 200 million Americans. Credit bureaus generate more than 3 billion reports per year.
What Is in a Credit Report?
Credit reports are a gold mine of information about you. Your credit report is based on information supplied over time by creditors, including:
Identification and Employment Data. Your name, address, birth date, Social Security number, employer, and spouse’s name are commonly listed. The credit bureau may also include additional information, such as your employment history, home ownership, income, and previous addresses.
Credit History. Your current and previous accounts are listed, along with your credit limits, balances, payment history, and how long the accounts have been open.
Inquiries. The credit bureaus maintain a record of all creditors who have requested your credit report within the last six months.
Public Records. Public information that relates to your creditworthiness (bankruptcies or tax liens) are listed.
Federal and state laws restrict who has access to your sensitive information and how it can be used. Anyone with a “legitimate business purpose” can gain access to your credit history, including: those considering granting you credit, landlords, insurance companies, employers and potential employers, and companies with which you have a credit account.
Certain pieces of information cannot be included in your credit report:
- Medical information (unless you give your consent);
- Negative information, including a bankruptcy that is more than 10 years old;
- Debts that are more than 7 years old; and
- Information about your gender, race, religion, or political affiliation.
How Do I Get My Free Annual Credit Report?
Experts recommend looking at your credit report every year and before making a major purchase. Every year, consumers can get a free credit report from each of the credit agencies—Equifax, TransUnion, and Experian. The credit bureaus have created a centralized website, toll-free telephone number, and mailing address for consumers to order their reports. Annual reports may be requested the following ways:
- Logging on to www.AnnualCreditReport.com
- Calling 1-877-322-8228
- Writing to: Annual Credit Report Request Service P.O. Box 105281, Atlanta, GA 30348-5281
Although consumers can only receive their Free Annual Credit Report once per year, consumers may still request additional reports. Minnesota law allows you to purchase another credit report once a year for $3 from each of the credit bureaus, separately. You are also entitled to one free copy of your report each year if:
- you’re unemployed and plan to look for a job within 60 days,
- you’re on welfare, or
- your report is inaccurate because of fraud.
In addition, there is no charge for the report if a company takes adverse action against you, such as denying your application for credit, insurance, or employment, and you request your report within 60 days of receiving notice of the action. To order your credit report, contact one or more of the three national credit bureaus:
Beware of “Look-alike” Websites
Be alert for websites that claim to offer free credit reports, when their real purpose is to sign you up for a paid service. For example, some websites offer “free” credit reports but also enroll people in paid services, which, if not cancelled, will incur a recurring monthly fee. The official website for ordering your free credit report is www.AnnualCreditReport.com. There is no other official website for ordering your free credit report.
Dispute Errors in Your Credit Reports
Many credit reports contain mistakes, ranging from misspelled names to accounts that the consumer never opened. You should dispute such errors in writing with the company and the credit bureaus. Under the Fair Credit Reporting Act, the credit bureaus must investigate disputes within 60 days and must remove all inaccurate information. If you disagree with the results of the investigation, you may send a written statement explaining your side to the credit bureau, which will be included in future credit reports at your request.
What Is Your Social Security Statement?
Your Social Security statement provides a statement of past earnings and an estimate of future benefits you will receive from Social Security. The statement shows how much you’ve paid into Social Security over your working years. The statement also shows how much you can expect to receive when you retire or if you become disabled. You can also determine from the statement how much your family is entitled to receive if you die. The Social Security Administration recommends that you check your Social Security earnings at least once every three years. After that it becomes more difficult to trace the earnings. A Social Security statement is available upon request. To get a statement, call the Social Security Administration’s toll-free number at 1-800-772-1213 (TTY 1-800-325-0778).
What Is on My Driving Record?
The Minnesota Department of Public Safety’s (“DPS”) Driver and Vehicle Services division keeps records on drivers (such as driver’s license and driver history information) and about vehicles (such as ownership information). Information stored about you includes your name, address, Social Security number, physical description (height, weight, eye color), date of birth, status of your driver’s license, whether corrective lenses are needed for driving, and if you are an organ donor. In addition, a record is kept of any moving violations that you are convicted of and whether you have medical conditions that may affect driving.
Who Can Get the Information in My Driving Record?
DPS restricts access to your driving record unless you expressly consent or federal law authorizes such access. You may allow entities, including businesses, to access your driving record by checking a box on your driver’s license or vehicle registration application. If you do not check the box, only those entities authorized by federal law may access your record.
Your driver’s license photograph, Social Security number, and medical and disability information receive heightened protection. Without your consent, that information can be released only for use by government agencies (such as law enforcers), for use by insurers to investigate claims or fraud, for use by an employer to verify that you have a commercial driver’s license, or for use in legal proceedings.
Most of the remaining data in your driving record is less protected. That data can be released without your consent not only to government agencies, insurers, employers, and in legal proceedings for the purposes above, but also to:
- Auto manufacturers, for uses related to auto safety, theft, emissions, alterations, recalls, advisories, market research, and performance monitoring;
- Legitimate businesses, but only in the normal course of business to verify the accuracy of personal information you submitted so as to prevent fraud or recover a debt;
- Researchers, to publish statistical reports that do not identify individuals;
- Towing companies, to notify owners of towed or impounded autos;
- Toll companies, to operate private toll transportation facilities (if Minnesota had such facilities);
- Licensed private investigators or security services, for any of these purposes; or
- Any person who has obtained your written consent.
However, if a person or business requests your driving record for a purpose other than one permitted above (by federal law), then DPS will not release your driving record unless you have expressly consented by checking a box on your license or ownership application renewal. Thus, without your consent, no commercial or business firms can access your record to add your name to direct-mail, telemarketing, or survey lists.
What Is in My Medical Information Report?
Medical records are created when you receive treatment from a health professional, such as a physician, nurse, dentist, chiropractor, or psychiatrist. Records may include your medical history, details about your lifestyle (such as smoking or involvement in high-risk sports), and family medical history. In addition, your records contain laboratory test results, medications prescribed, and the results of surgery and other medical procedures.
A wide range of people, in and out of the health care industry, may access your medical information. Generally, access to your records is obtained when you agree to let others see them. You probably signed a blanket waiver or general consent form at some point when you obtained medical care. When you sign such a waiver, you allow the health care provider to release your medical information to insurance companies, government agencies, and others.
MIB Group, Inc. (“MIB”) is an organization that compiles a central database of medical information. Approximately 18 million Americans and Canadians are on file in MIB’s computers. More than 400 insurance firms use the services of MIB, primarily to obtain information about life insurance and individual health insurance policy applicants. You are entitled to a free medical record disclosure once a year. You can get a copy by calling the Medical Information Bureau toll-free at (866) 692-6901 or online at www.mib.com. For other questions or to correct your report, write to:
MIB Group, Inc.
50 Braintree Hill Park, Suite 400
Braintree, MA 02184-8734
Sale of Personal Information by State and Local Governments
Public records containing personal information such as homeowners’ documents, police and court records, utility records, and marriage and divorce records have always been available for sale in paper form. With the growing use of computer databases and the Internet, however, it is easier than ever to obtain these records for fraudulent use without leaving behind a paper trail. Public databases can now be accessed directly from many government computers and through commercial database vendors.
Businesses and Other Organizations with Information About You
It is not just the government or creditors that collect and distribute information about you and your buying practices. Banks, insurance companies, charities, and others have personal information about you that you may not want other people to know. You should compile a list of the businesses and organizations that have information about you. When forming new relationships with an organization or company, ask what will be done with your information and who will have access to it. Information is power in our society. Knowing who has what information about you allows you some control over how that information is used. Don’t hesitate to let companies and organizations know you expect them to respect your privacy.