PRC's Privacy Update No. 2, Iss. 5

In this issue . . .
[1] Want to Remove Your Information from Genealogy Vendor We Want to Hear about Your Experiences.

Though genealogy sites provide a wealth of information to those who are tracing their family lineage, they often post personal information such as date of birth and mother's maiden name. And for living persons, these pieces of data could be misused by identity thieves. Many people object to having their personal information so readily accessible on the Internet. is just such a genealogy site. It hosts several similar web sites that provide ways to locate lost relatives including and Though it's understandable to want to trace a family history of those who have passed on, what about those of us who are still living whose personal information is posted on such sites?

We recommend that genealogists do not include the information of living persons on family trees that are posted online. We are pleased that the privacy policy of states that they will remove or block information about living persons upon request. But do they practice what they preach?

Recently, the PRC was contacted by an individual whose personal information was posted to the genealogy site. She contacted at the address provided and requested removal. But her information was not removed within the promised 30 days. She in fact made her request several times over many months. We followed up on her behalf and sent a letter to bring the situation to their attention. They were responsive to our request and blocked her information from disclosure. However, we're wondering if any of our readers have had a similar experience with MyFamily not removing their information when requested in writing.

Also, we are interested in hearing from those of you who decide now to contact them to request removal of your information, to learn if they indeed comply with your request within 30 days. The address for requests to remove or block information is:, Inc., 360 W 4800 N., Provo, UT 84604.

You must include your first name, middle initial, last name, street address, city, state, zip code, area code, phone number, and date of birth in your written request.

You may report any problems you encounter to our inquiry form [Jan. 2007: The PRC's online inquiry form is now inactive].


[2] Fact Sheet 25a: Avoiding Online Job Scams: Critical Tips for Job Seekers

The PRC has posted a new Fact Sheet to our web site on online job scams in collaboration with Pam Dixon of the World Privacy Forum (WPF According to a new report by Dixon, consumers nationwide are falling for bogus online employment opportunities known as payment transfer scams. Applicants are often inadvertently drawn in to a complex money-laundering scheme. Some are even facing criminal charges for their role. Further, by providing financial account data and Social Security numbers, applicants could become victims of identity theft.

Here’s how it works. A payment transfer scam usually asks the new “employee” to put a large sum of money into their bank account, sending a portion to a specific contact oversees and keeping a percentage for themselves. Those who comply will often receive a check that they deposit into their account, wiring the specified dollar amount to the contact before realizing that the check they deposited is counterfeit.

The World Privacy Forum has collaborated with the PRC in developing the newest addition to our ever-growing list of consumer guides. Fact Sheet 25a tells you how to discern between a legitimate job offer and a bogus job scam. It describes known “red flags” that indicate when an online job posting is likely to be a payment- forwarding scam, such as:

-- The “employer” asks for your personal bank account, PayPal account, Social Security number and/or credit card numbers.

– You must agree to have funds or paychecks direct-deposited without first meeting the employer or having an interview.

– You are required to forward, transfer, or "wire" money to an employer, and you are asked to retain a portion for payment.

– You should be skeptical of a job where the contact’s email address is not a primary domain -- for example, an employer calling itself "Omega Inc." with a Yahoo! email address.

-- Watch for misspellings and grammatical mistakes in the job ad.

-- lists descriptive words in job postings that are tip-offs to fraud. Their list includes "package-forwarding," "money transfers," "wiring funds," "eBay," and "PayPal." The terms "Foreign Agent Agreement" may also appear in bogus contracts and emails sent to job seekers.

Legitimate employers do not usually need your bank account number. While direct deposit of a paycheck is a convenience, if that is the only option an employer offers, then you should be wary of accepting the job. A legitimate employer will give you the option of direct deposit, but not demand that it be used. You should wait until you have met the employer in person before agreeing to a direct deposit option.

Regarding payment transfers, while some jobs may require an employee to make transfers for employers, legitimate employers making this request will go to extraordinary efforts to check the job seeker prior to making the hire. This would involve meeting the applicant in person and conducting a rigorous interview. This kind of job hire would not be made via email, over the telephone or a single meeting. And a legitimate employer would typically ask you to make transfers from their business accounts, not yours. You need to draw a line and understand that transferring money for employers from your personal bank account or personal PayPal account is off-limits, period.

Fact sheet 25a: Avoiding Online Job Scams: Critical Tips for Job Seekers is now available on the PRC’s web site at

The World Privacy Forum has a full report on job scams including examples and responses from online job sites:

[3] The Work Number's Employment Database May Contain Inaccurate Information Reported by Employers

These days many if not most job seekers will be subject to a background check. Often, the employer will contract with a third party to check your credit report and your references to make sure your resume shows an accurate history of your work experience. They will also see if you have an arrest or conviction record. If the investigative report contains inaccurate information that results in your being denied the job, you have the right under the Fair Credit Reporting Act to dispute the erroneous information and have it investigated.

But what if you’re a past employee of one of the many large corporations that contracts with a clearinghouse called The Work Number to keep track of the salary, job titles, and employment dates of current and former employees? The Work Number enables employers who are checking the references of job applicants to access its database to obtain automated employment and income verification. Currently, nearly 80 million current and prior employees are on file with The Work Number -- covering 1,000 participating employers such as American Airlines, Boeing, Cisco, FedEx, General Electric, Hewlett Packard, K Mart, Lockheed, Marriott, Microsoft, Nokia, Pepsi, Sony, Visa and Westinghouse. The Work Number ( is a division of TALX (, a publicly traded company.

The Privacy Rights Clearinghouse (PRC) has received complaints from several individuals noting that their job title and other details of their employment are inaccurate. The job title of one individual was significantly lower in rank than her actual job. Another individual was noted as “terminated” when in fact his job had been eliminated.

Such inaccurate information is likely to disadvantage individuals who seek jobs from companies that access The Work Number’s records because they appear to be providing inaccurate information on the job application.

Though the company does not believe it is formally a credit reporting agency (CRA) under the Fair Credit Reporting Act (FCRA), The Work Number notes that it does comply with the provisions of this law. However, based on the situations reported to the PRC regarding The Work Number, correcting the inaccurate information can be extraordinarily difficult. This is primarily due to difficulties in getting the employer to correct the data posted in The Work Number’s database.

The PRC asks individuals who believe their record with The Work Number may not be accurately reported by their current or previous employer to contact us through our inquiry form at

For more information about the FCRA and employee background checks, see our Fact Sheet 16 at

[4] Californians' Financial Privacy Reaffirmed: SB 1 Upheld by U.S. Court Decision

A long battle over financial privacy was decided earlier this month. A U.S. District Court ruled that California's Senate Bill (SB) 1 legislation, known as the California Financial Information Privacy Act, is not pre-empted by weaker, Federal standards. The law affects how financial institutions such as banks, insurers, and brokerages sell and share customers' information.

Years in the making, California consumer groups, industry, and legislators hammered out a compromise with SB 1 in 2003 that even the financial industry said was "reasonable and workable." The law enables consumers to have more control over how their financial information such as account balance, account type, name, address, phone number, and Social Security number are shared with third parties and affiliates. Before coming to a compromise, a ballot initiative spearheaded by E-Loan's Chris Larsen easily obtained enough signatures to put the issue to a vote.

The California Financial Information Privacy Act allows consumers' financial information to be shared with third parties only if the customer gives express consent (opt-in). It also says consumers can indicate that they do not want their financial information shared with certain affiliates of their financial institution (opt-out).

Though the law was slated to come into effect July 1, 2004, amendments to the Federal Fair Credit Reporting Act (FCRA) enacted in December 2003, were targeted to pre-empt California's tougher financial privacy law. The financial industry filed a lawsuit to ensure that portions of SB 1 would not go into effect.

The landmark decision states that California Financial Information Privacy Act is not pre-empted by the FCRA amendments because the financial information maintained by banks is not considered "consumer reports" and therefore does not fall under the FCRA.

The financial industry, as expected, is appealing the decision. What can you do to send a message to financial companies that you want them to protect customer privacy? The Consumer Federation of California’s (CFC) web site provides an easy-to-use message generator that enables you to reach the largest such financial companies:

The CFC believes that banks will keep fighting the law to trample on consumer privacy – unless they get a clear message from consumers. The organization’s web site enables anyone, whether living in California or not, to notify the biggest banks -- Bank of America, Wells Fargo and CitiGroup -- that it’s time to stop fighting the new privacy law.

Here’s something else you can do if you live in California. SB1 requires financial companies to give their customers a notice that enables them to prevent their personal information from being shared with most company affiliates. Some companies have several thousand affiliates. Be sure to watch for the notice in your monthly statement and take advantage of the opt-out opportunity. That, too, sends a message that you value your privacy. Companies are required to file their notices with the California Office of Privacy Protection at:

For more information about California's battle for financial privacy, SB 1, and Federal updates to the FCRA:

The full court decision is available at



  To subscribe to our free email newsletter, go to