You're working in your office. The phone rings. The caller is attempting to sell you on the benefits of making certain types of investments. Agitated, you tell the salesperson you're not interested and hang up.
You can't put the call out of your mind. How did the caller know how you invest? What else is available to telemarketers and others?
Personal data is becoming a valuable commodity to marketers. Technology grants the ability to capture vast amounts of information--from the purchases you charge to the groceries you buy.
"Whenever you use a grocery card, for example, that is such valuable information," says Ruth Hughes, a consultant with the Small Business Development Center at Wilkes University. "They are gathering tremendous amounts of people's spending habits and their lifestyles. There's been huge boom in that sector--lifestyle analysis."
Price Chopper, a regional grocery store chain, for example, offers a club card called "AdvantEdge." Price Chopper customers can use the card for electronic discounts, check cashing, video rental and for the company's "Rewards" program, says Barbara Page, a spokesperson for the Schenactady, N.Y.-based grocery chain.
According to Page, when applying for the card, information needed on the membership form includes name, address, telephone number and signature. A driver's license or non-driver's license identification is needed for check cashing and video rental services, she adds.
According to Page, Price Chopper also requests employer information. "Sometimes they provide it and sometimes they don't," she says.
"With the (AdvantEdge) card, we know how frequently they shop, how much they spend on each shopping trip and their check cashing history" says Joanne Gage of Price Chopper's consumer and marketing department.
Page says Price Chopper does not provide this information to outside parties. "I feel it's proprietary information," she says.
"Without Permissable Means"
Price Chopper considers its information proprietary. But other gatherers of information may not take the same stance. Some claim vagueness in privacy laws is allowing savvy or unscrupulous parties to obtain and use data for their benefit.
Records on credit status, bank accounts, and medical history, for example, are supposed to be confidential. But Social Security identification numbers and other personal information can be obtained and manipulated to gain access to this information.
"Ninety-five percent of information that anyone would want on an individual or corporation is out there," says Patrick Collard, a licensed private and corporate investigator based near Milwaukee, Wis. "The trick is knowing where to find it. The remaining 5 percent is if you wanted to engage in subterfuge."
William Russel Robinson, D-Allegheny County, is sponsor of H.B. 2114, which would make a criminal offense for people to obtain, or seek to obtain, credit or personal identification information without authorization.
This proposed legislation, he says, is aimed at wiping out the growing trend of credit fraud and identity theft. It also seeks to make credit card issuers and retailers "more accountable" when they issue credit, notes Robinson.
H.B. 2114 differs from existing federal law in that, "It would give jurisdiction to the state attorney general, instead of... the Federal Trade Commission," Robinson explains.
Technology Advancing Fraud
Credit fraud and identity theft hurts businesses. "Businesses have the same kinds of costs (associated with) shoplifting notes E. Barry Creany, senior deputy attorney general with the state Attorney General's Bureau of Consumer Protection. "There is just so much misuse by parties who use fake IDs, which results in a form of higher fees for banks and retailers."
Creamy says it's "easy" for a thief to create a false identity. Social Security numbers are the keys to unlocking personal information.
"Some credit unions, health benefit groups and investment groups use the Social Security number as a membership number," notes Creany. "So, if a thief wants to create an identity, they could create an identity under your . . . name, address and Social Security number. I can then go to the county courthouse to check to see if your birth records are here . . . and you are part way there. It's not that difficult to construct an identity," says Creany.
According to John Trollinger, deputy press secretary of the Social Security Administration in Baltimore, the agency provides Social Security numbers to outside organizations. He did not specify which organizations receive Social Security numbers.
Everton Publishers Inc. of Logan, Utah, provides an Internet-accessible database of Social Security numbers of deceased individuals through its Web site called Everton's "On-Line Search - SS Master DeathIndex."
The database's information is purchased from "a branch of the U.S. government," says Lee Everton, president of the company. He could not recall specifically from which government branch the data was purchased. A Social Security Administration spokesperson says Everton's Web site is not affiliated with the agency.
"We are by no means the only company that has this," Everton says. He describes his company as being a "small company dealing in geneology.... People use us for a single purpose . . .to find family members."
Collard says databases such as Everton's could be used to commit fraud.
When asked about the potential fraud that could be committed with the use of his company's Web site, Everton hesitantly responds, "Well ... I guess anything is possible."
Trollinger says credit fraud scams using Social Security numbers of deceased individuals are not out of the question.
"There are problems in that our death records are not always verifiable," Trollinger says. "We give organizations (credit bureaus, information brokers) those records saying, 'here are our reports and they are not necessarily verifiable.'"
In some instances, Trollinger explains, there is "no reason" to verify a death. "If you were to die, and you were single, with no dependents . . . no benefits will be paid, so there will be no need (by the SSA) to request a death certificate," he says.
Trollinger stresses that when the SSA's records are updated, however, credit bureaus receive that information.
"We update our records periodically and advise them to do the same," notes Trollinger. "But, sometimes the brokers don't buy the updated information."
The Internet makes information gathering more possible. And, companies are taking advantage of the vast amounts of data available to create market niches.
Information Brokers' Network
One coalition of 14 information broker companies from across the country has secured a market by dealing in Social Security numbers. Known as the Individual Reference Service Group, or IRSG, its members sell Social Security numbers and other information to users such as investigators, the insurance industry, attorneys, law enforcement, and adoption agencies.
Ed Mierzwinski is the director of the Public Interest Research Group (PIRG), a privacy advocacy group with offices located throughout the United States. He says IRSG members obtain information from credit bureaus who, in turn, sell information such as a person's name, Social Security number, address, prior address, place of employment, former place of employment, and telephone number.
The three major credit reporting companies in the United States--Equifax, Experion, and Trans Union--are three of the 14 IRSG companies, says Norm Magnuson, vice president of Associated Credit Bureaus, the Washington, D.C.-based trade association which represents more than 600 credit bureaus nationwide.
Credit bureaus are regulated under the federal Fair Credit Reporting Act (FCRA), which regulates the dissemination of personal credit information.
"We can acquire and sell the information to individuals who are involved in credit transactions," Magnuson explains. "Once you sell or give credit data to a third party, by definition, you are a consumer reporting agency (CRA). So, you have to abide by the rules of the FCRA."
Lisa Rosenthal, an attorney with the Federal Trade Commission in Washington, D.C., says the FCRA governs consumer credit reports, which contain information on one's credit worthiness, such as employment history and financial information.
IRSG members, Rosenthal explains, sell "identity information," such as date of birth or the maiden name of one's mother. "That information doesn't say anything about you," Rosenthal says. As such, this information is not covered by the FCRA.
"They (IRSG members) are not allowed to sell Social Security numbers, dates of birth, and mothers' maiden names to the general public, or on the Internet," Rosenthal says. "Second, they only make information available to qualified users. Also, they are subject to an annual compliance audit by a third party (such as a certified public accountant), so they are subject to public scrutiny."
But Collard, the private investigator, says information brokers may not be able to verify if a user is authorized to acquire the data. "With the vast number of clients they are dealing with, how can they possibly corroborate the individual who is calling them?"
Rosenthal responds. "The (IRSG) companies have asserted they will take the necessary precautions to ensure that use are who they say they are and make sure they have a legitimate purpose to have it," she notes.
Two IRSG member companies contacted for this story declined to comment.
Mierzwinski accuses the Federal Trade Commission of "incompetence" for allowing IRSG members to self-regulate. "The FTC embraced voluntary regulation, because these companies said they would 'police' themselves," he says.
Collard offers these tips to protect against infringements of your privacy:
* Do not give personal information to someone who is trying to sell you something or solicit a donation.
* When asked for information you don't feel is appropriate, always determine why it's necessary to give out the requested details and don't feel you have to comply with that request. You don't have to reveal your Social Security number, for example, unless there is a federal requirement to do so.
* About 80 percent of all the databases out there utilize the three major credit bureaus as well as the records of insurance and real estate companies, and state driver's license and motor vehicle agencies," says Collard. "You have the right to see your record and the right to change or correct anything there."
* If you want information kept confidential, Collard advises transferring it to a different individual or corporate name, depending on the circumstances, or using a post office box or an unlisted phone number.
Elaine Tweedy, director of the Small Business Development Center at the University of Scranton, says her center advises clients not to use their personal Social Security number. "Get a federal EIN (employer identification number)," she says. "Do not run your business on your social security number."
An EIN can be obtained through the Internal Revenue Service The Philadelphia Service Center number is (215) 516-6999, which will provide instructions on how to obtain form SS4, the application to obtain an EIN number.
Protecting Business Privacy
Businesses are not immune to privacy invasions, states John J. McGonagle Jr., managing partner of The Helicon Group. McGonagle's Bethlehem-based company helps clients gather information on competitors, known as "competitive intelligence. "
He defines the term as being the "legal and ethical use of public information to develop intelligence on your competitors." He is co-author of "Protecting Your Company Against Competitive Intelligence," released last month .
Many owners don't realize how much information about their business becomes public record, he says. "Think of all the ways you do business," he says. "Companies talk to customers, advertise, obtain permits, licenses, sign contracts . . . and get proposals to customers and from suppliers, etc."
He offers tips to limit or delay information from seeping out about your company.
"Identify key areas in your business you want to keep private for as long as possible," McGonagle says. "This will prevent the competitor from getting a jump on you."
He cites as an example a pharmaceutical company. "You just hired a research scientist from Oxford. Don't send out a press release on it." McGonagle notes the scientist's presence in the company will eventually be discovered once he applies for a grant or files a patent.
"Also, try to control the flow of information," he notes. "Whenever a business applies for any type of permit, they tend to over-file and put too much information out there."
He illustrates by saying one of his clients, a chemical company, was filing for an environmental discharge permit. "They explained what their product was and who it was being made for. That is too much detail. The fear (companies have) is that it will come back and delay the (filing) process.
"You're better off saying, 'If you need something else, ask us. Don't make it a part of the public record,'" he advises.
Комментариев нет:
Отправить комментарий