Last week I discussed how debt collectors operate, how much data they have access to and just how exposed our personal information is.

Unfortunately this is very much an IT issue because it is the quest to store and manage corporate data that has made it possible to aggregate and mine huge amounts of personal data. As much as this aggregation makes it easier to buy cars and houses and get credit, the downside is data becomes exposed and vulnerable because there’s not much in the way of control in how it is used.

Reader Don Dickerson (Houston, Texas) had some interesting background on the scale of the problem: “As IT director for a medium-sized collection agency, I can tell you that there are indeed many large databases out there that we use for ‘skip tracing’. . . [and] anybody posing as a business can get access to them.”

Don writes that getting access to this data simply requires that you fill out an application and pay the fees – there’s no background check and few other controls. “Some will do limited screening, but you can’t screen a business like you can a person.”

As if that weren’t enough, Don says various data vendors often offer additional information covering things such as “prison records and such. If it’s considered ‘public’ info, you can get it. Even if you are a 10 times convicted felon [or even if you have been] convicted of stealing personal info!”

So what information can be acquired? Don says Social Security numbers, known accounts (but not account numbers), known aliases, all of present and past addresses, the names of people living near the debtor (known as "nearbys"), people in the same town with the same last name (known as "possibles" as they might be related to the debtor), companies having made recent queries against the debtor’s credit and recent employers. “I’m willing to bet your caller was working a list of nearbys or possibles when they called for your wife.”

Don says that when he joined the debt-collection business he was “floored when I realized how much damage someone in my position could do if they were dishonest. But the numbers of collectors, across the country, sitting in front of all that data, [makes this] a very large time bomb. As IT people, we control an awful lot of data, that data really is not being guarded, and people really need to know just how much privacy they don’t have.”