Continuing from last week’s Backspin Gibbs relates some user feedback and discovers that your data (and his) is available to pretty much anyone who wants to look at it.
Last week I discussed how debt collectors operate, how much data they have access to and just how exposed our personal information is.
Unfortunately this is very much an IT issue because it is the quest to store and manage corporate data that has made it possible to aggregate and mine huge amounts of personal data. As much as this aggregation makes it easier to buy cars and houses and get credit, the downside is data becomes exposed and vulnerable because there’s not much in the way of control in how it is used.
Reader Don Dickerson (Houston, Texas) had some interesting background on the scale of the problem: “As IT director for a medium-sized collection agency, I can tell you that there are indeed many large databases out there that we use for ‘skip tracing’. . . [and] anybody posing as a business can get access to them.”
Don writes that getting access to this data simply requires that you fill out an application and pay the fees – there’s no background check and few other controls. “Some will do limited screening, but you can’t screen a business like you can a person.”
As if that weren’t enough, Don says various data vendors often offer additional information covering things such as “prison records and such. If it’s considered ‘public’ info, you can get it. Even if you are a 10 times convicted felon [or even if you have been] convicted of stealing personal info!”
So what information can be acquired? Don says Social Security numbers, known accounts (but not account numbers), known aliases, all of present and past addresses, the names of people living near the debtor (known as "nearbys"), people in the same town with the same last name (known as "possibles" as they might be related to the debtor), companies having made recent queries against the debtor’s credit and recent employers. “I’m willing to bet your caller was working a list of nearbys or possibles when they called for your wife.”
Don says that when he joined the debt-collection business he was “floored when I realized how much damage someone in my position could do if they were dishonest. But the numbers of collectors, across the country, sitting in front of all that data, [makes this] a very large time bomb. As IT people, we control an awful lot of data, that data really is not being guarded, and people really need to know just how much privacy they don’t have.”
If that doesn’t wipe the smile off your face consider this -- it is not just the credit-reporting and debt-collection companies that have created the problem. There’s an enormous government drive to aggregate data, and the rationale seems reasonable – it reduces duplication, speeds up processes and increases efficiency. The trouble is that there’s an enormous downside in terms of how poorly controlled and easily abused that data will become, and there’s no doubt that will be the case. Every IT person with any experience knows that it is not a question of the cat getting out of the bag; the cat and the bag will never even be in the same room.
One of my big concerns has always been over medical records. Once there’s a common format and your data can be passed around electronically I think you can pretty much kiss the privacy of your medical history goodbye – it will be out partying with any organization that has enough political clout to gain access to it, which means the medical insurance industry will be up in your business before you can say “claim denied.”
Don concluded: “There is no way off the grid . . . unless you just want to be a hermit and live in a hole somewhere. Computers were released to the world, the Internet tied them together, [now] Pandora’s box is wide open and the data has already hit the rotary oscillator.”
Don is right: Getting off the grid is, as a practical matter, not possible, but you can insulate yourself. . . . We’ll talk about that next week.