Guard your ID: Shredding's a start
Turning financial paperwork into confetti won't solve the whole problem. For that, laws need to change.
This post comes from MSN Money's Liz Pulliam Weston.
Shredding is good. I'm all for shredding. But shredding isn't enough.
But safely destroying old financial records alone isn't enough to protect your identity. Neither is buying a locking mailbox, safeguarding your Social Security card, monitoring your accounts online, using anti-virus and anti-spyware software or being careful what you post on Facebook.
- Credit quiz: Estimate your credit score range
All of these steps can help, of course, but some of the biggest threats to your identity lie beyond your control -- in the big databases of your personal financial information that companies gather, sell and often fail to protect.
Just take a look at the Privacy Rights Clearinghouse's chronology of database breaches, which examines the 1,770 incursions that have been made public since 2005. More than 500 million personal records have been exposed that included data that would be useful to identity thieves, the clearinghouse estimates, and the trend has yet to peak.
- Bing: Protect yourself online
"The number of breaches (doesn't) seem to be subsiding," said Beth Givens, the clearinghouse's founder and director. "It really shows the need to secure sensitive personal information."
Lest you think these incursions are no big deal, understand that victims of database breaches face a risk of fraud that's four times greater than normal, according to Javelin Strategies and Research.
Here's what needs to happen on a national level to protect your financial privacy:
Social Security numbers should not be all-purpose identifiers. In Europe, Social Security numbers are used only to track and pay retirement benefits -- nothing else. As a result, identity theft isn't much of a concern.
But in the U.S., we've let these digits become identifiers for credit bureaus, driver's licenses, health insurance benefits and much, much more. A huge chunk of identity theft would disappear if this nine-digit number were no longer the key to unlocking your whole financial life.
At the very least, we should make sure it appears in far fewer places.
"We support legislation that Sen. Dianne Feinstein (D-Calif.) has filed to prohibit Social Security numbers from appearing on checks from government agencies, and we'd also like to see them barred from use on things like Medicare and private insurance cards and other types of documents," said Susan Grant, the director of consumer protection for the Consumer Federation of America. "There is no reason why this information should be exposed to potential theft and misuse, especially when it is really unnecessary to include it."
Replace opt-out financial privacy laws with opt-in. "Opt out" is a joke. The financial-privacy notices companies started sending us in 2001 are designed to be ignored, so those companies can continue sharing and selling our private financial data. Let's replace it with the approach privacy and consumer advocates have long preferred: opt in, where a company is barred from selling, trading or sharing your data unless you give your OK.
Furthermore, companies should be prohibited from sharing Social Security numbers and financial account numbers, no matter what. "It's amazing that this is currently legal, and it's an invitation to fraud and abuse," Grant said.
Regulate data brokers. Another reason Europe has less of an identity theft problem is that massive databases of people's private, personal information simply aren't allowed. The European Union restricts even the aggregation of public records.
"These companies amass vast troves of individuals' personal information but are not necessarily regulated by and accountable to anyone for who has access to it, how it can be used and what happens if there is a breach or misuse," Grant said.
Force lenders to be more careful about granting credit. The Federal Trade Commission has repeatedly extended the enforcement deadline for the so-called Red Flags Rule, which was supposed to go into effect in 2008. The rule requires companies to, in the FTC's words, "develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities -- known as 'red flags' -- that could indicate identity theft."
Some of these red flags would be pretty simple to detect, such as an application listing a Social Security number that:
- Belongs to a dead person.
- Hasn't been issued yet.
- Is attached to a person whose name or address doesn't match the application.
Yet many lenders' automated systems don't yet cross-check applications with readily available databases that provide this information.
"The credit issuers need to do a much better job of evaluating applications for credit, looking for obvious signs of fraud," Givens said.
Provide better disclosure when databases are breached. The pioneering 2003 California law that required companies to report database breaches has been followed by similar laws in more than 40 other states, according to the Privacy Rights Clearinghouse.
But companies vary widely in how much they disclose about the breaches, which can make it difficult for people affected to determine their risk of becoming identity theft victims, said Evan Hendricks, the editor of Privacy Times and the author of "Credit Scores & Credit Reports: How the System Really Works, What You Can Do."
Someone whose encrypted data was in a box that fell off a truck might not need to take the same precautions, such as freezing credit reports, as someone whose data was sold by an insider to an identity theft ring.
"There needs to be disclosure," Hendricks said, "so people can really assess what's going on."
Liz Pulliam Weston is the Web's most-read personal-finance writer. She is the author of several books, most recently "The 10 Commandments of Money: Survive and Thrive in the New Economy." Weston's award-winning columns appear every Monday and Thursday, exclusively on MSN Money. She also helps middle-class families cope at Building a Brighter Future.
Copyright © 2013 Microsoft. All rights reserved.
Quotes are real-time for NASDAQ, NYSE and AMEX. See delay times for other exchanges.
Fundamental company data and historical chart data provided by Thomson Reuters (click for restrictions). Real-time quotes provided by BATS Exchange. Real-time index quotes and delayed quotes supplied by Interactive Data Real-Time Services. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by SIX Financial Information.