You've heard it all before. Shred or burn your privacy documents. Jealously guard your credit card numbers. Only do business with people you trust. Don't give out your Social Security number to anyone.
Those tips are a bit like cotton candy. They look good, but when you bite in, there's not much substance.
The truth is, most privacy tips are at best, a little silly, and at worst, give you a false sense of the security. The situation seems helpless, but because people feel compelled to give advice, the same tired old tips keep getting trotted out. But there is hope; both for better tips, and your privacy. Chris Hoofnagle of the Electronic Privacy Information Center has been thinking about the trite advice problem for some time, and just recently posted a top 10 list of ways to enhance your personal privacy. It's a great list, but knowing how busy y'all are, I've prioritized his list for you: Things you can and should do right now; things you can do over the next several weeks; and things you should do before the year is over. Then I've sprinkled a few bonus tips of my own on top. Taken together, they form a great list of digital-age New Year's resolutions.
Do it now; do it quick
1. Get your free credit report. You really, really should do this right now. It's free! Plus it's fun, kind of like pulling out an old high school yearbook. Well, for some it might be a bit like pulling out an old yearbook and seeing pictures of old girlfriends you'd rather not bump into any more. But memory lane is memory lane. Visit: https://www.annualcreditreport.com or call 1-877-322-8228.
2. Do Not Call. Don't be the last person in America on the list. Call 1-888-382-1222 or visit DoNotCall.gov. It just feels good. And it does work.
3. Credit card offers. They clutter your mailbox, and they are identity theft ticking time bombs. You can opt out of those by calling 1-888-567-8688. You'll have to provide your Social Security number. You can also do so at https://www.optoutprescreen.com/, but the site makes many visitors nervous, because it looks so much like a fraudulent attempt to steal personal information. Ironic.
Things to do in the next few weeks
4. Supermarket loyalty cards. You have to have them; it's too expensive not to. Instead, screw with them. Swap cards with friends to wreck the database. Use fake personal information. Really, it's OK.
5. Ignore or annoy the mail marketers. Don't answer sweepstakes entries or fill out warranty cards. They are just bait for your personal information, and in some cases, for scam artists building a "sucker's list." A lot of folks have fun mailing back unsolicited credit card offers and other items stuffed with junk mail or other unpleasant things. I don't recommend that, but it can make for some funny stories, like the bank that recently that issued a credit card in the name of "Never Waste Tree."
6. Password protection. Believe it or not, people might pretend to be you and call up companies to trick them into divulging your personal information. So the next time you talk to any customer support folks from utility companies, phone companies, etc., ask them to add a password to your account. Most will happily do it.
Longer-term projects
Criminals aren't the only ones taking and giving away your personal information. Companies do it too! That's why most of the longer-term projects involve opting-out of legal (but vexing) information sharing by corporate America. You'll have to get the right address on your own -- you'll often have luck addressing the letter to the company's "chief privacy officer."
7. Phone records. Call and ask out of "CPNI" sharing. Your cell phone or landline company may sell your calling records, (known as Customer Proprietary Network Information) to other companies. Your consent is required, but there is disagreement over what consent means. Better to write your provider and tell them you want out of CPNI.
8. Banking records. Your bank can sell your information unless you tell it not to. And even when you do, your bank can still sell your information to affiliated companies. Lucky Californians, however, can even opt out of that second layer.
9. School records. Yup, your children's schools can sell information on your kids. Write to the school board and principal and tell 'em not to.
And finally…
10. Protect that SSN. The truth is, you're going to have to give it up at times. But don't do so without a fight. And playing dumb can be an effective strategy. Just say "I don't use that," and hold your ground. Or even better -- how about, "I don't know it?"
An extra word on revealing your SSN
This last point deserves a little extra consideration. Protecting your SSN is much easier said than done. The other day, Hoofnagle signed up for satellite TV, and the firm he used asked for his SSN, because he was going to be leasing their decoder box -- for $5 a month. After a few days bickering, and even an offer of a $100 deposit, Hoofnagle was forced to give in and fork over his SSN. After all, he'd already climbed on his roof and installed the dish.
If it can happen to the experts, it can happen to you. But the more companies are hassled by consumers, the more likely they will come up with alternative means to identify us.
In the meantime, it's a good idea to ask questions when SSN is required, such as: Who will have access to it? When will it be destroyed? What will it be used for? How will you secure it? And most important, do I have to? Companies never have the right to force you to divulge the SSN, but they do have the right to refuse to do business with you.
Bonus tips for the advanced class
A complete reading of Hoofnagle's "Consumer Privacy Top 10" is highly recommended. Meanwhile, there are a few things I'd like to add:
1. Get all your credit reports: There are a host of other companies, like credit bureaus, that keep track of your life. Many are required to tell you what they know about you. Grab all those old yearbooks off the shelf. This is explained in the story, What are these companies saying about you. But for quick reference, here's some links to the important sources for:
- Auto insurance claims
- Homeowners insurance claims
- Pre-employment screening
- Tenant history
- Medical history
- Bounced check database
2. Freeze your credit. The best ID theft protection is to make it impossible for someone to get credit in your name. Some state laws allow you to freeze your credit; two years ago, only two states had freeze laws. Now, about a dozen do, with more scheduled to take effect next year. To see if you are eligible, click over to Consumers Union
3. The Web is your friend, not your foe. Sign up for online banking and online statements. That will keep dangerous mail out of your mailbox. It will also let you keep one eye on your accounts to check for signs of fraud. And the best way to stop ID theft is to catch it early.
4. Quiz customer service reps. Does the screen they're looking at give away too much information about you? Ask simple, annoying questions like: "How do you know my credit card number?" It might be convenient, but it's also a risk. Feel free to ask any company to destroy the number after you are charged. If you trust the company, and you think it saves time, let them keep it – but do so judiciously.
5. Finally, complain. Don't give your phone number to checkout clerks. Hassle firms that hassle you for extra data. The more inconvenient this is for companies – the more money it costs them – the quicker they will find another solution. And while you are at it, complain to your state and federal officials that you want more privacy. The reigning federal legislation in the area, the 1974 Privacy Act, is getting a little stale.
Do it now; do it quick
1. Get your free credit report. You really, really should do this right now. It's free! Plus it's fun, kind of like pulling out an old high school yearbook. Well, for some it might be a bit like pulling out an old yearbook and seeing pictures of old girlfriends you'd rather not bump into any more. But memory lane is memory lane. Visit: https://www.annualcreditreport.com or call 1-877-322-8228.
2. Do Not Call. Don't be the last person in America on the list. Call 1-888-382-1222 or visit DoNotCall.gov. It just feels good. And it does work.
3. Credit card offers. They clutter your mailbox, and they are identity theft ticking time bombs. You can opt out of those by calling 1-888-567-8688. You'll have to provide your Social Security number. You can also do so at https://www.optoutprescreen.com/, but the site makes many visitors nervous, because it looks so much like a fraudulent attempt to steal personal information. Ironic.
Things to do in the next few weeks
4. Supermarket loyalty cards. You have to have them; it's too expensive not to. Instead, screw with them. Swap cards with friends to wreck the database. Use fake personal information. Really, it's OK.
5. Ignore or annoy the mail marketers. Don't answer sweepstakes entries or fill out warranty cards. They are just bait for your personal information, and in some cases, for scam artists building a "sucker's list." A lot of folks have fun mailing back unsolicited credit card offers and other items stuffed with junk mail or other unpleasant things. I don't recommend that, but it can make for some funny stories, like the bank that recently that issued a credit card in the name of "Never Waste Tree."
6. Password protection. Believe it or not, people might pretend to be you and call up companies to trick them into divulging your personal information. So the next time you talk to any customer support folks from utility companies, phone companies, etc., ask them to add a password to your account. Most will happily do it.
Longer-term projects
Criminals aren't the only ones taking and giving away your personal information. Companies do it too! That's why most of the longer-term projects involve opting-out of legal (but vexing) information sharing by corporate America. You'll have to get the right address on your own -- you'll often have luck addressing the letter to the company's "chief privacy officer."
7. Phone records. Call and ask out of "CPNI" sharing. Your cell phone or landline company may sell your calling records, (known as Customer Proprietary Network Information) to other companies. Your consent is required, but there is disagreement over what consent means. Better to write your provider and tell them you want out of CPNI.
8. Banking records. Your bank can sell your information unless you tell it not to. And even when you do, your bank can still sell your information to affiliated companies. Lucky Californians, however, can even opt out of that second layer.
9. School records. Yup, your children's schools can sell information on your kids. Write to the school board and principal and tell 'em not to.
And finally…
10. Protect that SSN. The truth is, you're going to have to give it up at times. But don't do so without a fight. And playing dumb can be an effective strategy. Just say "I don't use that," and hold your ground. Or even better -- how about, "I don't know it?"
An extra word on revealing your SSN
This last point deserves a little extra consideration. Protecting your SSN is much easier said than done. The other day, Hoofnagle signed up for satellite TV, and the firm he used asked for his SSN, because he was going to be leasing their decoder box -- for $5 a month. After a few days bickering, and even an offer of a $100 deposit, Hoofnagle was forced to give in and fork over his SSN. After all, he'd already climbed on his roof and installed the dish.
If it can happen to the experts, it can happen to you. But the more companies are hassled by consumers, the more likely they will come up with alternative means to identify us.
In the meantime, it's a good idea to ask questions when SSN is required, such as: Who will have access to it? When will it be destroyed? What will it be used for? How will you secure it? And most important, do I have to? Companies never have the right to force you to divulge the SSN, but they do have the right to refuse to do business with you.
Bonus tips for the advanced class
A complete reading of Hoofnagle's "Consumer Privacy Top 10" is highly recommended. Meanwhile, there are a few things I'd like to add:
1.) Get all your credit reports: There are a host of other companies, like credit bureaus, that keep track of your life. Many are required to tell you what they know about you. Grab all those old yearbooks off the shelf. This is explained in the story, What are these companies saying about you. But for quick reference, here's some links to the important sources for:
- Auto insurance claims
- Homeowners insurance claims
- Pre-employment screening
- Tenant history
- Medical history
- Bounced check database
2.) Freeze your credit. The best ID theft protection is to make it impossible for someone to get credit in your name. Some state laws allow you to freeze your credit; two years ago, only two states had freeze laws. Now, about a dozen do, with more scheduled to take effect next year. To see if you are eligible, click over to Consumers Union
3.) The Web is your friend, not your foe. Sign up for online banking and online statements. That will keep dangerous mail out of your mailbox. It will also let you keep one eye on your accounts to check for signs of fraud. And the best way to stop ID theft is to catch it early.
4.) Quiz customer service reps. Does the screen they're looking at give away too much information about you? Ask simple, annoying questions like: "How do you know my credit card number?" It might be convenient, but it's also a risk. Feel free to ask any company to destroy the number after you are charged. If you trust the company, and you think it saves time, let them keep it – but do so judiciously.
5. Finally, complain. Don't give your phone number to checkout clerks. Hassle firms that hassle you for extra data. The more inconvenient this is for companies – the more money it costs them – the quicker they will find another solution. And while you are at it, complain to your state and federal officials that you want more privacy. The reigning federal legislation in the area, the 1974 Privacy Act Privacy Act, is getting a little stale.