12 tips for managing your information footprint

When it comes to managing personal information online, most people are their own worst enemies. Many of us fail to adequately protect our personal data before it gets online, but once information makes its way to the Internet, it can be quickly replicated and is often difficult, if not impossible, to remove.

For example, in four weeks of on-and-off reporting and online searches using publicly available online records and tools, I was able to find my current and past addresses and phone numbers, date of birth, Social Security number, employment history, identifying photographs, a digital image of my signature and much more. See "What the Web knows about you" for all the gory details.

You can take an active role in managing data about you, whether it resides in marketing lists, government databases, telephone directories or credit reports. Here are some tips.

1. Think before you disclose personal information about yourself online on business networking sites such as LinkedIn, job listing sites such as Monster.com, and social networking sites such as MySpace and Twitter.

How much do you want to disclose about your employment history, likes and dislikes, and where you are at any given time? Do you really want everyone to know when you're not at home, how long you'll be out and when you'll be back?

2. Don't give out your Social Security number -- anywhere -- unless absolutely required.

3. Don't use real information about yourself for authentication, recommends private investigator Steve Rambam. Instead, he suggests making up answers to commonly asked security questions such as a mother's maiden name.

4. Know what's out there about you. Do a search online using search engines, government Web sites and other resources cited in "What the Web knows about you" to get an idea of what information about you is available online today. If your Social Security number appears in a public records database, ask the agency in charge of the database if they will redact it from the record on your behalf. You can also ask Web site owners to have sensitive information redacted and any potentially damaging inaccuracies corrected.

5. Keep up with new data about you as it is published on the Web. Alert services such as Google Alerts are designed to continuously search the Web to track topics you're interested in, but you can also use them to find out what information about you is being published on the Web. Configure the service to search the Web for instances of personally identifying information such as your name, address, phone number, Social Security number, and so on. When Google finds matches, it will send you an e-mail with links.

6. Consider requesting a fraud alert from one of the three major credit reporting agencies (Experian fraud alert, TransUnion fraud alert or Equifax fraud alert) if you discover sensitive data such as your Social Security number on a public Web site or service. If you request a fraud alert with any of the three agencies, it will notify the others on your behalf.

7. Also consider requesting a security freeze, which takes a fraud alert one step further. It means that no one can access your credit report without your explicit consent, which makes it difficult for fraudsters to open up new accounts in your name.

This is a new option that has only become broadly available in the past year. A freeze must be placed with each of the three major credit reporting agencies, and you must unlock access to your credit report (for a fee) when a lender, insurance company or other party requests the information.

True, it's inconvenient. You pay a small fee to freeze your credit report at each of the three reporting agencies. Then you pay another fee each time you unlock it. But you'll have the security of knowing exactly who is trying to access your credit report -- and for what reasons -- every time.

8. Request a copy of your credit report at AnnualCreditReport.com and review it for errors.

Ignore the sales pitches for credit monitoring products. Identity fraud monitoring services, including those sold by the three credit reporting agencies and others, can provide peace of mind, but they're pricey for what you get and most tell you only after someone has compromised your identity.

See this Privacy Rights Clearinghouse report on credit monitoring services for details.

9. Opt out of the marketing databases at the big data aggregators such as ChoicePoint and Acxiom. Unfortunately, the companies usually won't take requests from third-party services like Reputation Defender, which attempt to do this on your behalf; you have to contact each one yourself. You can also ask to see the profile they have of you and ask for changes if the data is incorrect. They won't, however, pull information about you that's used for "risk purposes," such as for insurance underwriting or litigation.

While you can opt out of Web people search and background checking services such as Intelius and US Search, there are simply too many to contact. Intelius will honor your request, but Ed Petersen, co-founder and executive vice president, says it's not worth the effort. "You're tilting at windmills. I'm not the original source of the data, [and] there's a lot of companies like Intelius out there." This is one reason why it's so important not to let these data bits get out there in the first place.

10. Protect your cell phone number. If you don't want it in public database records, don't give it out for business transactions. "If you never put it down anywhere, then it is not going to be in the public records," says Petersen.

Using an unlisted phone number reduces, but does not eliminate, the number of places where your telephone number will appear online. Every time you give out the number, as may be requested for purchases, registrations and other business transactions, it goes into databases that may be sold to aggregators.

11. Don't participate in surveys or fill our product registration cards. It's not required for warranty service (all you need is your receipt), and the information you submit goes right into marketing databases.

12. Think twice before signing up for retail store loyalty cards -- and read the privacy policy. Are the incentives worth it if the business is tracking your every purchase? In many cases, the business will keep that information for its own use. In other cases, some or all of that data may be shared with business partners, marketing companies or data aggregators.

For more privacy tips, read the Privacy Rights Clearinghouse's Privacy Basics and Opt-Out Strategies page.

This story, "12 tips for managing your information footprint" was originally published by Computerworld.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

IT Salary Survey: The results are in