Fact Sheet 1:
Privacy Survival Guide:
Take Control of Your Personal Information


Send to PrinterSend to Printer

Copyright © 1994-2009
Privacy Rights Clearinghouse / UCAN
Posted October 1994
Revised March 2009

Every day most of us give away information about ourselves -- sometimes knowingly and other times when we do not even realize it. You are your best privacy protector. It pays to:

* Be Aware * Be Assertive * Be an Advocate

Be aware of how and when you give out personal information. Find out what information about you is stored in major industry and government data bases.

1. Find out what is in your credit report . It can determine if you get a loan, an apartment, a job, or insurance coverage. It is available to credit grantors, employers, landlords and insurers -- anyone with a "legitimate business need." The crime of identity theft is rampant. Order your credit report at least once a year. Make sure it is accurate and check for fraud.

Thanks to a new federal law, consumers can get a free copy of their credit reports annually. To order your free reports from the three credit bureaus, go to www.annualcreditreport.com where you can order your reports directly or download the Annual Credit Report Request form to mail in your request. You can also call (877) 322-8228.

For more information, see the Federal Trade Commission's Facts for Consumers at http://www.ftc.gov/freereports. The PRC’s guide on credit reporting is another source of useful information, www.privacyrights.org/fs/fs6-crdt.htm.

We recommend that you stagger your reports from the three bureaus: Equifax, Experian, and TransUnion. Order one every four months to enable you to monitor your credit history throughout the year. But order all three at once if you are in the market for credit or are applying for a job.

State laws in seven states enable individuals to obtain free credit reports annually in addition to the reports you can obtain under the federal law. If you live in the following states, take advantage of your ability to get an additional set of free reports each year: CO, GA, ME, MA, MD, NJ, and VT. Further, you may receive a free copy if you have recently been denied credit, are a victim of fraud, are unemployed, or receive welfare benefits.

 1a. In addition to getting a free copy of your credit report, you can also order free annual copies of other "specialty" reports. We advise that you order your insurance claims history report regularly, especially if you are in the market for insurance products. And request your bank account history, especially if you are shopping for a new financial company or have had problems with your checking account. 

  • CLUE (insurance claims & loss history on auto and property insurance)   Call (866) 312-8076. Online: www.choicetrust.com
  • ChexSystems (bank account history)   Call (800) 428-9623. Online: www.consumerdebit.com

The commercial data broker ChoicePoint offers free access to one's public records report. For more information, visit its web site at www.choicetrust.com

Read the PRC's Fact Sheet 6(b), The "Other" Consumer Reports: What You Should Know about "Specialty" Reports at www.privacyrights.org/fs/fs6b-SpecReports.htm.

2. To limit calls from telemarketers to your home phone or cell phone, sign up for the national "Do Not Call" registry (DNC). Call the toll-free phone number (888) 382-1222 (TTY (866) 290-4236) or register online at www.donotcall.gov. Your phone number will stay on the registry for five years, or until you ask for your number to be removed, or your phone number changes. You can renew every five years. Both inter- and intra-state telemarketers must update their lists each quarter with those who enroll in the registry. To learn more about telemarketing and the DNC, read the PRC’s guide, www.privacyrights.org/fs/fs5-tmkt.htm.

It is not necessary to register cell phone numbers on the registry to be protected from most telemarketing calls to cell phones because Federal Communications Commission (FCC) regulations prohibit telemarketers from using automated dialers to call cell phone numbers. Automated dialers are standard in the industry, so most telemarketers are barred from calling consumers on their cell phones. However, the registry does accept registrations from cell phones. To play it safe, you will want to register your cell phone number on the DNC list.

Look for the opt-out instructions on “junk” faxes and tell faxers to no longer send them to you.

3. To get your name off mailing lists for pre-approved offers of credit, notify the credit bureaus at the following number: (888) 5OPTOUT or (888) 567-8688. Your one call is shared with all three. You can also opt out online at www.optoutprescreen.com.

4. To protect your financial privacy, tell you financial companies that they may not sell or share your customer data with other companies. Federal law requires banks, credit card companies, insurance companies, and brokerage firms to send you a privacy notice each year. Companies that sell customer data to unaffiliated third parties must enable you to "opt out." The privacy notice, mailed to you each year, will provide either a form to fill out or a toll-free telephone number to call. If you do not remember receiving a privacy notice, ask your financial company(ies) to mail the form to you. Read the PRC’s financial privacy guide, www.privacyrights.org/fs/fs24-finpriv.htm.

5. Look for ways to "opt out" of mailing lists to reduce "junk" mail. Many mail order firms, magazines and credit card companies now provide a box to check if you do not want your name, address, and shopping habits sold to or shared with other companies.

Participate in the Direct Marketing Association's Mail Preference Service and click on "personalized public record search." (MPS). When you send your name and address to MPS, you are added to a list of people who do not want to receive mail from the major nationwide catalog and marketing companies. The MPS does not stop all junk mail. For other types of unwanted mail, deal with each mailer directly.

In general, be aware that when you provide your name, address, phone number and other personal information, your name could end up on mailing lists. The following activities often result in "junk" mail and telemarketing calls:

  • Filling out warranty and product registration cards. Give only your name, address and information about the product you purchased. Leave the rest blank.
  • Joining or donating money to clubs, organizations, charities. Tell them in writing not to sell or exchange your name with other groups.
  • Subscribing to magazines, book clubs and music/CD clubs. Tell them not to sell your name.
  • Listing your phone number & address in the phone book. Omit your address. Or be unlisted.

Learn more about reducing unwanted mail solicitations, www.privacyrights.org/fs/fs4-junk.htm.

5a. Abacus compiles a cooperative data base of catalog and publishing companies' customers. To opt-out of the Abacus files:

  • By mail: Abacus, Opt-Out, P.O. Box 1478, Broomfield, CO 80038
  • By email: Write to abacusoptout@epsilon.com. Give full name and current address (and previous address if you recently moved).

5b. The information broker Acxiom sells lists of consumers’ names and addresses for marketing, fundraising, survey research, and other uses. To opt out of Acxiom’s marketing and directory products:

6. Avoid entering sweepstakes and other contests if you want to stay off mailing and telemarketing lists aimed at "opportunity seekers," often called "sucker lists." The purpose of contests is to compile names and addresses that can be sold to marketers for other solicitations, such as fundraising or catalog offers. Some contests and special offers are scams, especially those that ask you for money up front or which offer get-rich-quick schemes.

7. If you are an Internet user, do not send sensitive personal information (phone number, password, address, credit card number, SSN) by chat lines, e-mail, instant messages, forum postings, or in your online profile. Assume your messages are not private unless encrypted.

  • Opt-out of the sharing of online cookie data with advertisers by contacting the Network Advertising Initiative. Web: www.networkadvertising.org.

The PRC’s Fact Sheet 18 offers many more tips, www.privacyrights.org/fs/fs18-cyb.htm

8. Wipe your computer’s hard drive before you donate, sell, or trash it. To be sure no trace of your personal and business data remains, the hard drive must be either physically destroyed or scrubbed by a utilities program designed for this purpose. Hitting the delete button is not enough as anyone with minimum skills can easily retrieve the data.

Utilities programs for wiping hard drives are readily available for purchase. Others, such as Eraser 5.7, www.heidi.ie/node/6, and Kill Disk, www.killdisk.com, are free downloads. Internet sites also offer a wealth of information on how to physically destroy a hard drive, although caution is advised to avoid exposure to harmful chemicals. A professional destruction company may be a reasonable alternative. The National Association for Information Destruction (NAID), www.naidonline.org/members.html, offers a listing of member companies in all areas of the country.

The method you use to wipe your hard drive depends on whether you intend the hard drive to be reused. But no matter what your intent is, the hard drive should be completely clean before it leaves your hands. An example of the worst that can happen is found in a February 2009 survey conducted by Kessler International, a forensics accounting firm, which found that 40% of hard drives sold on E-Bay contained sensitive personal and business data. To read Kessler’s survey, visit the company’s Web site at: www.investigation.com/articles/library/2008articles/articles19.htm.

Another study published in 2003 by then-MIT graduate students found similar results:
"Remembrance of Data Passed: A Study of Disk Sanitization Practices, " by Simson L. Garfinkel and Abhi Shelat, Massachusetts Institute of Technology, www.usenix.org/events/lisa04/tech/talks/garfinkel.pdf (summary of paper).

9. Be very protective of your Social Security number (SSN). Only provide it when you know it is required (tax forms, employment records, most banking, stock and property transactions). If the SSN is requested by a government agency, look for the Privacy Act notice. This tells you if your SSN is required, what will be done with it, and what happens if you refuse to provide it.

There is no law that prevents businesses from requesting your SSN. Unfortunately, your credit report, bank account and other financial records are linked to your SSN. If your SSN falls into the hands of the wrong person, you could be the victim of credit or banking fraud. Ask if you can use an alternate number such as your driver's license number. You may need to be assertive and persistent.

Do not have your SSN printed on your checks. It is too easily available to persons who may want to fraudulently gain access to your bank and credit card accounts. Do not carry your Social Security card in your wallet, except on those days when you need to show it to authorities or to your employer. Remove other cards that contain your SSN. For more information on protecting your SSN, read www.privacyrights.org/fs/fs10-ssn.htm.

9a. Pay attention to your Social Security Statement of Earnings and Benefits. The Social Security Administration mails your Statement each year about three months before your birthday. Your Statement contains a record of your earnings history and an estimate of how much you and your employer paid in Social Security taxes. It also includes estimates of benefits you (and your family) may be eligible for now and in the future. If you need to order your Statement at another time, call (800) 772-1213 for instructions. Web: www.socialsecurity.gov.

10. Find out if information about your medical history is stored in the insurance industry data base, the Medical Information Bureau (MIB). You may receive a free copy of your MIB report one a year:

The report is also free if you have received a letter from an insurance company stating they used MIB information to make a negative decision about you. For more on medical privacy, read the PRC’s guide, www.privacyrights.org/fs/fs8-med.htm

10a. Request a copy of your medical file from your healthcare providers. As of April 2003, the federal privacy rule HIPAA gives individuals in all 50 states the right to access their medical records. Be sure to read your healthcare providers' privacy notices, now required by HIPAA. This law pertains to healthcare providers, health plans and healthcare clearinghouse. Providers include medical doctors, dentists, chiropractors pharmacists, and many others that provide medical, dental, and mental health care or treatment. In short, a provider is almost anyone in the business of providing health care who is licensed or regulated by the states. Read the PRC’s HIPAA guide, www.privacyrights.org/fs/fs8a-hipaa.htm.

11. Be aware of information-gathering at the checkstand. California law and laws in some other states limit what can be requested when you pay by check and credit card. In California, merchants cannot write your credit card number on your check. When you pay by credit card, merchants cannot record personal information like address and phone number, unless the information is needed for situations like delivering the product to your home.

Think twice before joining a "loyalty club" and using the club card when paying for groceries. When the card is scanned at the checkstand, your name and address can be linked to your purchases. If you do not want a profile compiled of your shopping habits, you can sign up under a generic name ("grocery shopper") with no address. Or you can decide not to use club cards where they are offered. Better yet, vote with your dollars and shop at stores that do not use loyalty cards.

12. Avoid calling 800, 866, 877, 888, and 900 numbers unless you already have a relationship with the company (like your favorite catalog company). When calling these numbers, your phone number can be recorded by a system called Automatic Number Identification (ANI) and then sold to marketers for mail and phone solicitations. (The Federal Communications Commission requires companies to get your consent before selling your phone number.)

13. Be careful what you say on cordless and cellular telephones, especially older-models that are not digital. When you talk on a wireless phone, you are transmitting a radio signal. Even though it is illegal, your conversations can be picked up on radio scanners. Newer model digital phones are less vulnerable to eavesdropping. When you are in public places, do not reveal sensitive information like credit card numbers within earshot of others. The PRC’s wireless guide offers additional information, www.privacyrights.org/fs/fs2-wire.htm.

14. For Caller ID, order Per Line Blocking from your local phone service provider to automatically prevent your phone number from being transmitted on every call you make (called Complete Blocking in California). If you have Per Call Blocking (called Selective Blocking in California), remember to use *67 to block your number when you do not want to reveal it to the person or company you are calling. But *67 does not block your number from being transmitted to toll-free numbers (see number 11 above). Read more about Caller ID at www.privacyrights.org/fs/fs19-cid.htm.

15. If you are concerned about releasing your home address, rent a post office box or a commercial mailbox. For telephone privacy, get an unlisted number. The PRC offers tips for those concerned about stalking, www.privacyrights.org/fs/fs14-stk.htm.

16. Shield your hand when you use a bank ATM machine or make a long distance call at a public phone. Don't let others see your PIN numbers. Memorize your PIN numbers so you do not carry them in your wallet. Avoid using common PIN numbers like Social Security number, birthdate, and family members' names.

17. For a copy of your driving record, visit the nearest office of the California Department of Motor Vehicles. Bring your driver's license or California ID card. . Fees vary by state. Web site, www.shgresources.com/agencies/dmv/ (no endorsement implied). In general, you have a right to most government records about you. Some of your personal information held by government agencies may be public record and accessible to anyone.

18. Read the fine print on applications and order forms. You may be given additional privacy protection or have it taken away in almost unreadable text.

19. Watch out for vishing.  Vishing is a technique for stealing from consumers using the telephone.  Vishing comes from combining "voice" with "phishing," which are online scams that get people to give up personal information.  Typically fraudsters use “caller ID spoofing” to make it appear that calls are coming from a legitimate phone number.  It’s very easy to spoof a number using VOIP (voice over internet phone) technology. With VOIP, the phone number showing up in caller ID is assigned by the caller.  There are also commercial services that allow an individual to spoof their number.  Finally, PBX (private branch exchange system) phone systems allow users to pick any phone number that they wish for caller ID.  Consumers should be suspicious when receiving calls asking for credit card, bank account, Social Security or PIN numbers.  Rather than providing any information, contact company directly to verify the need for the requested information.  Use a known legitimate number such as the one on your statement or credit card.

Be assertive when asked for information you do not feel is necessary.

1. Tell businesses and organizations that have access to your name, address and phone number and email address that you do not want your information shared, rented or otherwise released. Be sure to tell charities, magazines to which you subscribe, mail order companies, credit card companies, credit bureaus, banks, churches and clubs. Legally, most businesses do not have to keep your information confidential, but many will be willing to honor your request.

2. When you are told you must provide information, be sure to verify the request, especially if you are asked to release sensitive information like your Social Security number.

  • Ask if the information is required or voluntary. Give only minimum information.
  • Question the need and purpose for the information. Ask how it will be used.
  • Ask if there is a written policy regarding the request for information. Ask to see it.
  • Find out who has access to the information and how it will be protected from unauthorized access. Ask if the information will be available to third parties.
  • Ask when and how the records will be discarded once they are no longer needed.
  • If you are not satisfied with how your information is handled, take your business elsewhere.
  • If you are concerned about a government agency's use of your personal information, contact your city councilmember, state legislator or Congressperson to voice your concern.

Be an advocate for your privacy rights.

Computers systems and the Internet have brought consumers many conveniences. But advanced technologies pose serious threats to privacy. Many people believe privacy protection in the United States is inadequate. Recent surveys show that over 90% of Americans are concerned about threats to personal privacy.

If you want your views known, you must join the debate.

  • Take advantage of the opt-out opportunities described in this guide.
  • Tell companies you do business with that you want strong privacy protection for your personal information.
  • Write to your local, state and federal legislators and let them know that you want more control over the use of your personal information.
  • In short, be an advocate.


For a synopsis of the opt-out advice contained in this fact sheet, see our Fact Sheet 1(a): Privacy Basics and Opt-Out Strategies at www.privacyrights.org/fs/fs1a-basics.htm.

Tags:
Copyright © Privacy Rights Clearinghouse/UCAN. This copyrighted document may be copied and distributed for nonprofit, educational purposes only. For distribution, see our copyright and reprint guidelines. The text of this document may not be altered without express authorization of the Privacy Rights Clearinghouse.