The Difficulty of Protecting One’s Data
It is becoming increasingly difficult to protect one’s personal data these days. The threat, of course, is that the more complete a profile someone has on you, the greater chance that the information can be used against you for everything from unwanted solicitations to identity theft. Computers are very good at combining information from multiple sources to build up a profile. In fact, this is the business model of the credit bureaus. Every time you give out a bit of information about yourself to anyone, there’s some risk that it could find its way into your “global profile” and be used against you.
Even if you trust the entity with which you share your information, things can and do go wrong. The March 20, 2006, issue of InformationWeek magazine has an article, The High Cost Of Data Loss, which describes incidents of customer data-loss affecting millions of people. This cover caught my eye as it had a picture of Princeton computer science graduate student Alex Halderman; the article states:
J. Alex Halderman, a doctoral candidate in computer science at Princeton University, about a year ago received a letter from the University of California, Berkeley, where he had been accepted as a graduate student in 2003, advising him that his personal data had been compromised. A university computer had been stolen that contained files with names and Social Security numbers of applicants and others at the university.
Berkeley warned people affected by the breach to be on the lookout for scam artists who might try to contact them under the pretense of being affiliated with the school. Halderman was shocked that two years after he applied to UC Berkeley, the application remained susceptible to a data breach. “It’s amazing that data can be on file for years, even when you think you’re finished with it,” he says. “There’s no way to take it back.”
You can’t always “un-share” data
Alex’s experience illustrates that once information has been shared it is generally not possible to “un-share” it. I recently met with a representative of a company that holds some of my retirement funds to discuss my allocations. During the course of the conversation, the representative asked some questions about salary and retirement plans which was noted on a yellow pad of paper. Additionally, I answered a short questionnaire to assess my risk tolerance which was entered into an untethered laptop computer. The meeting went well but I was never told that the salary information was going any farther than the yellow pad. My mistake was not to make my wishes known that the information I provided was not to be kept on file. Sure enough, a week or so later I received a “confirmation letter” with all the information listed. It was clearly a form letter generated at the corporate office from data in a big database. I immediately returned the confirmation letter with a note asking that my profile be removed. A week or so later, I received a phone call from a customer service manager to discuss my request. The conversation was cordial and long but only partially effective. It turns out that once the data exists in the system, there is no way to remove it. The best he could offer was to set the values to obviously bogus values (like an annual salary of $1). The manager was surprised that I was sensitive about this — after all, (1) they take special measure to protect the data and (2) if I met with a different planner in the future they would need to have the information. My counter to this was (1) data gets lost/stolen/misused anyway (USA Today just reported that a Fidelity Investments laptop computer containing sensitive data on 196,000 retirement-account customers was just stolen) and (2) I could easily bring the information to each face-to-face meeting.
Other options
In addition to carefully considering whether to share personal information, you can also push back and see if the requester really needs it or if there is a way for you to get the goods or service without providing the information. Recently I renewed my family’s membership to a local swimming pool club. The application stated that proving the full birthday for all members was mandatory. After several e-mail messages I learned that the insurance company required that the club have this information on hand in the event of an emergency. In this case, I reluctantly decided that this was OK. In another case, I made a purchase at a nationwide home improvement store where my receipt indicated that I won a $10 gift certificate and could claim it by either visiting a website or by calling a phone number. I went to the website and saw that one of the required fields on the web form was birth date. Rather than using a bogus birth date, I tried the phone number. Interestingly, I was able to claim my prize without giving out this information — the system never even asked.
What to do?
Does this mean one should never share personal information? No, but it does mean that each time you do, you should think about the associated risks and benefits. What makes this trade-off tricky is that the benefits are often obvious and immediate and the risks are more nebulous. An interesting example of an unexpected use of seemingly benign information involved Farrell’s Ice Cream Parlor Restaurant customers who signed up for free ice cream on their birthday. The obvious benefit of sharing this information is that they would get free ice cream. However, in 1983, the U.S. Selective Service purchased a list of names and birthdays of boys turning 18 that year so that they could be reminded to register. Food for thought.
