Search This Blog

Tuesday, June 28, 2005

Re-clarification Of the Basic Issues In the Control Of Your Name and Personal Data

Recently, it came to my attention that there was some much needed clarification of my concept that you should have 100% control over your name and personal data. The idea is really not as complex as it might seem and this post is a follow-up to simplify, at least, the basics.

First, let’s backtrack and cover the foundations of the idea. It is my judgment, based on thirty-five years of selling your name in the junk mail industry, and ten years researching the concept, that you should be given 100% control over your name and personal data. You should receive that right through federal legislation, which is the goal of my grass roots efforts. There are at least five major points in favor of passing this law:

1.You will have complete control over how your name and private information are used in the marketplace.

2.You will be assigned a unique ID which will completely replace the Social Security number for purposes of identification.

3.You will be able to opt-in, not have to opt-out, in receiving any junk mail offers.

4.You will be able to literally eliminate all identity theft.

5.The JACKPOT: You will share in the proceeds of the sale of your name and personal data.

As an added benefit, you would be given the option to act as your own watch-dog to approve any credit-related transactions in your name. This simplified and sophisticated system of notification would stop ID theft in its tracks but would require your immediate reaction to an e-mail or telephone call. Even if you decide not to participate in the individual oversight, which would nip it in the bud, you would still be covered by the current guarantees for limits on liability.

Personally, I cannot understand why anyone would not want to maintain a tight fist over all aspects of their privacy. So there’s a little inconvenience to replying to an e-mail or telephone call, but look at the rewards. For the first time, and backed by law, you get to decide about what remains private about you and your family.

Okay, there must be some exceptions, and there are: the primary one being Homeland Security. This does not mean that government has the right to access your name and private information for any reason it chooses. But, if it is truly a high level security situation, the feds must have that right. Others may exist to accommodate data needed by business where you have officially opted-in, as well as certain requirements in the medical and financial fields. However, Congressional oversight would have to be established for any of these intrusions.

We’re still working on the final plan, so make your opinions known by leaving me your comments. Remember, the 2006 elections are just over the horizon, and we could make some headway with Congressional leaders sympathetic to consumer causes and maybe elect a few new ones that will vote our way.

Thursday, June 23, 2005

No Matter Where You Look, Identity Theft Is Rampant

On June 18, I posted on off-shore warehousing of your name and personal data and sent you to a site well worth your time. It was Bloggerradio.com, and, just in case you missed it, the title is: Advance Warning: Lobbyists Don’t Want Us To Own Our Own Identities, and are moving data offshore to avoid regulation. DA, the site’s able master, is convinced, and I agree, that the lobbyists in Congress from the data broker industry have a new goal: move all our personal data overseas to avoid U.S. laws and regulation.

Just this morning I received an e-mail from Mac Haque, my Bangladesh connection, calling attention to an article in The Register: The Sun exposes UK ID theft racket at Indian call centre. It reports on the sale of thousands of UK banking records, including credit card numbers, etc., all of which can be used for identity theft. The Register journalist actually bought 1,000 private records from a “crooked” call centre worker. Along the same lines, Mac, himself, had a very interesting post on the subject, which I referenced on June 15: Identity Theft: Each one, Reach one, Teach one.

Stealing names and personal data is not new. I was in the junk mail business selling names for thirty-five years and experienced it first-hand. While sitting in a client’s office during my second year in the business, we were interrupted by his assistant who said she had an emergency. The short version is that some hustler had stolen the names and private information of several thousand buyers of a major encyclopedia company and wanted to sell them. It was an inside job and they caught the perpetrator as a result of my client’s cooperation. Just one of thousands of incidents you never heard about.

Bob Sullivan, technology correspondent for MSNBC, has the latest information on ID theft from Gartner, Inc., a research and survey firm. They found that one-third of the population are “‘very concerned’ about being victims of identity theft…” Sullivan’s article, ID theft concerns grow, tools lacking, just shows the inadequacy of this Congress to act on such an important problem. It also points out some anxiety from recent identity theft incidents over the effect it is having on e-commerce. As usual, it takes a hit on big business to accomplish anything for us poor consumer slobs.

Folks, won’t you agree that the current Washington gang, at least the side of the aisle that unanimously favors the needs of big business, will probably oppose any legislation that would give you the means to really protect yourself against identity theft? Passing state laws would be a legal and logistical nightmare. There’s only one solution. We all have to get together in a grass roots effort to pass a federal law that will give us 100% control over our name and personal data.

Discuss it with your friends. Send op-ed articles to your local newspaper. Contact talk radio shows and tell them how you feel. Call, write, or e-mail your Congressional representatives. Give me your comments on my blog, which I will pass along to members of Congress. In general, get active over this subject so, together, we can get the job done.

Saturday, June 18, 2005

Identity Theft: Off-Shore Warehousing, Outsourcing, Off-Site Storage. This Just Means Your Name and Personal Data Are All Over the Map

It may already be necessary to include an amendment to my proposed federal legislation that gives consumers 100% control over their name and personal data. Although identity theft from the loss of your private information has reached epic proportions in the U.S., it could now be traveling overseas. The amendment would be written to include all personal data outsourced by American companies in foreign countries.

But the problems abroad are covered more than adequately in BloggerRadio.com’s latest entry: Advance Warning: Lobbyists Don’t Want Us To Own Our Own Identities, and are moving data offshore to avoid regulation. Read it. The piece makes an excellent point. Most of us are too busy with our jobs and personal life to take the time to explore what is going on in the marketplace with our private information. Folks, it is everywhere, ripe for identity theft. And you had better get behind this grass roots effort or risk living through a commercialized, Orwellian 1984.

Today, I want to talk about just how wide a presence your name and personal data have among the thousands of junk mailers and their affiliated off-site repositories. First, let me identify the players. You have the seller of merchandise or services: catalogs, insurance companies, etc. Next comes the computer facility where your name and private information are stored. Following is another computer workplace where the seller will send its list of names to match against all the millions of your names it has purchased to mail, with the intention of eliminating the duplicates. It’s called a merge/purge.

To complete the cycle, you have the hucksters of your name and personal data: the List Manager, the one who promotes mailing list names, and the List Broker, my former occupation, the one who actually sells your name and data. That’s the team, but as an aside, it is interesting to note that list brokers are considered the prostitutes of the industry. (Remember, I was one myself) Like the “ladies of the evening” on Lexington Avenue in New York, they would do anything to make the sale.

Now let’s review. Your name and personal data (the list file, it’s called) are housed with the seller, of course. The computer facility that maintains the seller’s list has a complete copy. The other computer workplace doing the merge/purge also has the file. And, even the list manager or list broker could have a duplicate of the list file. In every case, except for the merge/purge location, there is also an off-site copy of all names and personal data. That’s a total of seven.

When you multiply this by several thousand junk mailers, and then compound that by the delivery companies that are necessary to transfer the list files between facilities, you can understand how easy it might be to steal or lose the data. The perfect formula for identity theft. UPS has taken the blame for losing 3.9 million CitiFinancial customer records. The financial giant has just announced it is dropping backup on computer tapes and is sending everything to credit bureaus electronically, after encryption.

Because of the cost of the technology involved in electronic encryption, and the fact that some companies have not yet squarely faced the consumer privacy issue, the junk mail industry as a whole is not likely to embrace this move. In my thirty-five years as a name hawker, I never felt we got out of first gear, even with incident after incident of compromised data. Even today with identity theft the number one consumer complaint, many of those old junk mail entrepreneurs are just burying their heads in the sand, hoping it will go away.

And, if pirating your name for financial gain weren’t enough, at least 98 pieces of junk mail out of 100 end up in the city dump. If you’re an environmentalist, try and equate that to what you receive. According to a report from the Alliance for Environmental Innovation, catalogs alone utilized over 17 billion names in 1999 to reach their destinations. This organization is concerned about the loss of 3.35 million tons of paper to produce those catalogs. Anyway, what kind of business would tolerate a return rate on its advertising of less than 2%, from its infancy to present time?

So let’s get back to basics. Join my grass roots effort to pass federal legislation that will give you 100% control over your name and personal data. The above incidents may still occur, but with my system of checks and balances, you will not be the one to suffer. And as you can find in earlier posts, you would also share in the wealth of the sale of your name and private information.

Let me know what you think. I want to hear your comments!

Wednesday, June 15, 2005

Junk Mail 101: Identity Theft, Your Name and Personal Data, and the Direct Marketing Association(DMA)

According to the Federal Trade Commission (FTC), identity theft is the number one consumer complaint at 39%. It is followed by internet auction, a distant second at only 16%. If it weren’t for the California "Shine the Light Law, SB27, introduced by California Senator, Liz Figueroa, and passed into law on January 1, 2005, ID theft may well have doubled this year.

Personal data loss by brokers of mailing list names and private information has reached the millions of records and, with the recent CitiFinancial incident (3.9 million names and personal data), shows no signs of ending. On an earlier issue, the Ohio Attorney General filed a complaint against DSW Inc., a shoe retailer, for compromising 1.4 million credit card numbers. At least someone is paying attention. The junk mail industry is running scared and has hired three major PR firms and advertising agencies to improve their image.

I went to the Direct Marketing Association’s (DMA) web site to see what their position on identity theft was. It’s a terse, one-page statement, issued on February 24, 2005, as an answer to Senator Charles Schumer’s (D, NY) press conference on the same day. There’s the typical agreement with Schumer on the identity theft problem with continuing elaboration on what the junk mailers are “supposed” to do to protect your name and personal data against ID theft. Nothing about the central problem of who should be in control.

Steven Levy, technology writer for Newsweek, just posted his answer on MSNBC. "Lost My Secrets? Pay Up, Buddy!” is Levy’s remedy for the recent outbreaks of private information loss. The article puts forth the premise that, if the data brokers compromise our data, they should be made to pay for the damages. He also makes an excellent point which I hope will convince you to click on the title and read his story. You, the victim, could be faced with years, and I cannot emphasize enough the word “years,” of financial vulnerability. The reason is that lost data is still out there for the taking.

You also might want to get a feel for the international outlook on identity theft. Go to Macs BLOG to see how they view this problem on the other side of the world. Mac Haque, who has a jazz-rock fusion band, is in Dhaka, Bangladesh, and he writes about how identity theft is at best a minimum problem today in his country. He continues with pointers on how to stop it, obviously taken from the mistakes we have made in the U.S. It makes very interesting reading with an added benefit that you can listen to top artists such as Billy Joel, Christopher Cross, Dionne Warwick, Dizzy Gillespie, Miles Davis, the Rolling Stones and more.

So, what’s the solution? I have an idea. The DMA sells their list of 5,200+ junk mail member companies and contacts. We can all band together and buy these names for around $23,000 and send each one a letter telling them we want our name and personal data back. Or, we could just ask the DMA to donate the list to our grass roots movement. Whether or not you believe this is a good idea, it is something to think about. Right?

Saturday, June 11, 2005

BLOG Bulletin: Super Market and Drug Chain Albertsons/Osco Wants Your Personal Data. The Question is: WHY?

We’ve been shopping at the Albertsons/Osco store in Scottsdale, AZ, since it first opened several years ago. Even joined their “Preferred Savings Card” plan for store discounts. I should know better but the call of the bargain never fails. We also purchase all our prescriptions from Osco for my wife, her father and myself. A lot of money is spent each week in this store by the Dunning family.

I tell you this as the prelude to an unbelievable series of anti-consumer policies that this major grocery and drug retailer has initiated. From our family’s point of view it started a few years ago when a pharmaceutical clerk asked me for my Social Security number. He said Albertsons new policy was to have this on file but he didn’t know why. I said there was no way this was going to happen and a heated argument ensued. At this point the pharmacy manager stepped in and agreed to use a substitute number.

It was about the same time that we began to receive mailings, supposedly from Osco, with a reminder for prescription renewals. This contained the name of the drug, Rx#, refill due-date, and the address and telephone number of the store location. To date, we have received forty-seven mailings and there is no indication they will ever stop. However, if Privacy Rights Clearinghouse (PRC), one of the nation’s largest privacy organizations has their way, there will come a halt soon.

PRC filed suit against Albertsons and its Osco/SavOn pharmacies in September 2004, charging them with improperly using and disclosing your private and confidential medical information. The action also asks restitution for amounts paid Albertsons for this data. It has been alleged for some time now that drug chains across the country were selling these records to the pharmaceutical companies. In my earlier posts, I told you how the junk mailers were amassing a fortune selling your name and personal data for $4 billion each year. If the figures were known, the sale of your medical information could very well top that.

Not satisfied, Albertsons recently implemented their latest jab at the consumer. They are requiring you to present your driver license and provide your telephone number to cash checks. Normally that’s OK, except, they input both the license number and telephone number into their computer. At the airport, TSA requires the same picture ID to get on a plane but they don’t whisk it away to their computer. I don’t mind showing it but react postally to Albertsons saving it in a database. Thus, the original question: why do they want your personal data?

I asked the store manager but he didn’t know. He said he would contact Albertsons corporate and get back to me in a couple of days. That was over a week ago…and nothing. Interestingly, a checkout clerk who disagrees with the new policy said management told them they would be required to ask for the ID’s ten times for each person. Yep, each time keying it in to the computer. The same clerk said they heard it was because Albertsons was changing check authorization companies to save money.

I am curious if anyone out there in the blogosphere has experienced the same treatment. If you have, your comments would be welcomed on this post. Also, you might want to contact Albertsons and tell them how you feel about their privacy policies. One at a time…we’ll let all the “Albertsons” know that they cannot compromise our names and personal data.

Thursday, June 09, 2005

Junk Mail 101: My Solution for Personal Data Loss

CitiFinancial, division of Citigroup, Inc., lost 3.9 million private account records this week. They are quick to say that no reports of unauthorized activity have been received. Heartwarming, but if you are a CitiFinancial customer, your personal data is out there somewhere for the hijacking. Read the story at MSNBC.com.

There are also a couple of other blogs on this subject I just discovered. They are BloggerRadio.com, and NETALOID. My kind of mavericks and they're worth your time.

The question is, just how much personal data loss is it going to take before the people in charge come up with an answer? This isn’t something we can keep putting off while the federal government figures out what’s going on. I know what’s wrong and how to fix it.

Pass federal legislation to give each junk mail shopper 100% control over the use of their name and private information. Create a system of checks and balances where you make the decisions while also shouldering the burden of responsibility. Although simplified here, the mechanics would go something like this:

Junk mail customers would register once and be assigned a unique ID similar to a Social Security number in its originality. You would use this ID in every junk mail transaction. Financial institutions would be required to reference the ID with all activity involving credit. Particularly, unsolicited credit card offers.

Each time your name is used, a flag would activate the ID (let’s give it a name right now) “NPD-ID,” short for name and personal data, which would place in motion a series of events…

First, you would be notified by e-mail or telephone that your name and personal data had been utilized.

Second, if it is a legitimate transaction, you need do nothing.

Third, if not, or if it is an unsolicited credit card offer, any reply to that transaction raises flags, and you would be notified again by e-mail or telephone.

If there is a problem, there would be an emergency, toll-free telephone number or e-mail address to contact.

Sure, there are kinks to work out and business will tell us that the process is impossible to implement without costing a fortune, which would, of course, be passed along to the customer. Not so!

If the junk mailers can develop a process that reads fifty million names in a matter of hours, purging the duplicates, selecting only those that purchased $100+ in the last 30 days, extract your telephone number and/or e-mail address, confirm that you are a homeowner, and verify your age, income and education, they can implement my plan at minimum cost.

Now, that covers approximately 55% of the population. What about the rest who aren’t junk mail shoppers? They will also want to register for the NPD-ID. The reason? Any business dealing with the use of your name and private information will be required to access the NPD-ID file to assure compliance with its regulations of consumer notification. That would include unsolicited credit card solicitations to non-junk mail shoppers.

And here’s a huge plus. The almost complete elimination of identity theft. The credit card offers are duck-soup to stop. When the ID thief tries to open an account in your name, you get notified, respond, and they nail him. Or, if financial data is stolen, or is lost in mainstream business, you follow the same procedure as with the ID thief. The NPD-ID won’t stop ID thieves from trying, but it stops them in their tracks from completing the theft.

Simple, practical, and doable. You can pass all the laws you want to for mass-notification—like in the cases of CitiFinancial, ChoicePoint, LexisNexis, Bank of America, etc.—and there are obvious advantages. Awareness wakes up the population but we soon doze off again. The only guaranteed solution is to pass federal legislation to give the consumer 100% control over their name and personal data. And, I believe NPD-ID is a good start. What do you think?

Monday, June 06, 2005

Supplement social Security With Junk Mail?

Guess what? Social Security’s dilemma can be solved using junk mail. It’s time the Bush administration gave my idea some consideration. Just pass federal legislation giving consumers 100% control over the use of their name and personal data. Then, they exert their legal rights to be paid when this is sold by junk mailers. An idea that is bold, original, even outrageous…but workable.

The legislation would establish a system for documenting the commercial sale of individuals’ names and private data. Primary targets would be junk mail companies who reap in excess of $4 billion annually selling names. These proceeds come from approximately 61 million households nationwide shopping by junk mail. The goal is just how to get to this gold mine.

John Thune, new Republican Senator from South Dakota, was asked recently by ABC TV’s George Stephanopoulos how he would come up with $2 trillion for the President’s plan to privatize Social Security. He replied: “My view would be that you set up some off-budget account and you finance it that way.” To which James Carville, maverick Democrat, remarked on CNN: “Why didn’t we think of this before? It shows you how stupid the Washington elites are. They thought you would actually have to come up with the money.”

Almost everyone agrees that something must be done about Social Security. President Bush wants to overhaul the program, creating individual investment accounts, but has shown opposition to raising payroll taxes. The American Association of Retired People (AARP) is against outside investments and some in the workforce have even voiced their willingness to pay higher taxes. Will any Social Security be there for you? The Commissioner of Social Security, Kenneth S. Apfel, attempts to answer this in his article: The Future of Social Security.

So how do we tap the mother lode? Based on today’s figure of about $4 billion in annual sales of names by junk mailers—and it increases each year—let’s allocate one-half of that to the name-holder. Fair enough, since without you, nothing happens. Put that in a simple interest-bearing account and let it cook until 2018, the first perceived crisis year. There will be almost $27 billion that can go right into the Social Security fund. By 2042, the next believed crisis period, almost $1 trillion would be available. My plan could be the answer to those 62.3 million age fifty-five plus, who would realize the maximum benefits.

Now, that question of legal rights to the money arises. It will probably take a congressional statesman dedicated to consumer civil liberties to write the legislation. Winston Churchill broadly covered the topic once when entertaining Charlie Chaplin at Chartwell, his country home in Kent. He asked Chaplin what his next role would be, to which the famous actor responded, “Jesus Christ.” Churchill quickly reacted: “Have you cleared the rights yet?”

The legal profession’s Black’s Law Dictionary has a listing, “legal name,” as applying to the individual. The connotation is that there is something officially legitimate about a person’s name. Continuing, the reference work says: “It is the distinctive characterization in words by which one is known and distinguished from others…” The conclusion one might reach here is that your name, particularly when attached to a unique address and personal data, is sacrosanct.

You and I can’t access Black’s Law online—it’s an attorney thing—but you can go to Findlaw.com’s Dictionary and you will find the legal definition for property: “something (as an interest, money, or land) that is owned or possessed.” The key word here is possessed.

There has been a movement on for the last few years focusing on who should control all the personal data out there, including coverage by 60 Minutes II and Consumer Reports magazine. Even Proctor & Gamble was quoted in the December 1, 2000, issue of Direct, a junk mail industry publication, as believing the consumer “owns his or her name.” But Beth Givens, founder of Privacy Rights Clearinghouse in San Diego, told me that she feels there are too many scam artists that would take advantage of consumers who had ownership of their name and personal data. The correct approach is legal control that could be afforded to each individual through federal legislation.

And there you have it. What is needed is a massive wake-up call from all you junk mail shoppers to recognize your rights attendant to the sale of your name and private information. Write or email your representative in Congress and tell them your thoughts about this concept. As Harry Truman said to delegates from the United Nations in a 1945 speech, “In your hands rests our future.”

Thursday, June 02, 2005

Junk Mail 101: The Tragic Omnipresence of Your Name and Personal Data

If you think all you have to worry about is ChoicePoint and LexisNexis, when it comes to large, data brokers warehousing your name and personal data…well, think again. I’m about to spill the beans on the “big five” in junk mail that compile names and private information from multiple sources and cryptically unite this data in the storehouses of their technological jungles.

These collectors of information are the scavengers of junk mail. Their cornucopias of endless data transform your daily life into an open book. They are creatures of habit, seizing every opportunity to corral every morsel of your existence. They are: Abacus Catalog Alliance, Acxiom, Equifax, Experian and TransUnion. The latter three are also credit bureaus who supply your financial information to businesses and individuals.

What do the “big five” know about you? What personal data of yours do they sell to the junk mail community? How secure is your private information within these knowledge-based giants? I’m glad you asked, but, first, a recent news item that will set the stage for this journey.

It’s about a guy named Jeremy MacKinney who received a letter recently from LexisNexis advising him that some of his personal data might be on the loose. You can read the story on MSNBC.com, but Jeremy’s initial low level of worry escalated quickly when he found out what the lost information was.

Yep, there it was, the Social Security number, his current employer, each of his moves for the past twelve years, including a stint in a California monastery. There were past roommates and family, along with their demographics, and, yep, even their Social Security numbers.

The article, “Hacker’s assaults may prod reforms,” is worth your time and makes several good points, among them the fact that these companies have tons of information on consumers and they sell it everywhere without your permission. So, exactly who are they?

The Abacus Catalog Alliance is a breeding colossus, with over 90-million households stocked with your intimate purchasing facts, including when and how many times you purchase, how much you paid, what you bought and your credit card numbers. Over 1,500 of the top catalogs you shop from funnel this information into Abacus, where they maintain precise data on some 4.4 billion buying transactions from your purchases.

Acxiom’s InfoBase can best be described as a “monster.” Over 200 items of your most private data—total value vehicles owned, available home equity and market value, date of birth, gambling and drinking habits, your politics, etc.—from 176 million individuals in 114 million households. That’s pretty much all of us, isn’t it? Acxiom, like ChoicePoint, has Homeland Security contracts, garnered with the help of retired General and former presidential candidate, Wesley Clark, who is an Acxiom-paid board member; $300,000 in 2002.

Equifax, another behemoth rears its head. In addition to their treasure-trove of credit data, the company has two lists that, again, seem to assemble all of us into a huge, neat package. Over 107 million households with 31 different sources of data, divided into more than 150 personalized characteristics. Add to that 47 million households with 500 personal lifestyle habits including credit cards used, products purchased through specific channels, ie., books or for children, if you are dieting or a gambler, frequent travelers, your online service, long distance carrier, average LD bill and if you make international calls.

And then there’s Experian, another credit provider with two lists very similar to Equifax. Because these similarities are so pronounced, there is another story I’d like to tell you about Experian’s predecessor, Metromail Corp. Before the latter was acquired by Experian, it decided to save money by using prisoners to capture personal information from surveys. Now you have an individual in the slammer for who knows what and that person is in control of your most intimate data.

Well, the obvious happened. The info was used to intimidate a woman by sending her mail from a convicted rapist and burglar. The woman filed legal action against Metromail, a class-action suit resulted, and the company is no longer allowed to use prisoners to process their surveys. The irony here is that Metromail thought they had breached no privacy.

Finally, there’s TransUnion, the third credit provider that is also instrumental in all those junk mail offers you receive for auto insurance. In a scoring system based on your credit worthiness, they provide casualty insurers names of those they deem qualified. They also sell lists of millions of names from selective titles such as “Outer Limits.” That’s households with a premium credit card, department store card, upscale card, a bank card, either a finance loan or jewelry buyers or home furnishings buyers. I tell you this because it takes some extreme analysis of your personal data to justify putting a list of this nature on the market.

However, TransUnion’s claim to fame is when they were turned down by the U.S. Supreme Court for their efforts to sell your name along with your highly sensitive data. They had been a persistent litigator for years to sell your private information their way, including a ten-year battle with the Federal Trade Commission, which they also lost.

Some of the above data is compiled from public records, some from surveys you willingly complete to receive free products. The balance is from a multitude of private sources, a subject that is in itself worth a separate post in the future.

If you’re interested, click on the above sites and marvel over how your name is being sold. If you’re a mind to, use the “contact” button on each site, except for TransUnion, to tell these companies what you think about what they are doing with your name and personal data. Contact TU at: TransUnion, P.O. Box 2000, Chester, PA 19022.