ChexSystems: Another Lurking Database

If you buy your checks from Deluxe Corporation, the largest of the check printers, there are some facts you should know about this company. CardReport.com, a site packed with good information for your credit needs and woes, provides insight into ChexSystems, a Deluxe subsidiary that maintains negative information on your checking and savings account habits.

These include accounts closed for reasons of insufficient funds (bounced checks) or ATM overdrafts. Deluxe claims 80 percent of all banks will contact ChexSystems re. new checking and savings accounts, according to CardReport. The database comprises some 19 million old accounts listed as “Closed For Cause” by the bank. And there you have that dirty word again…database.

Personal data incorporated into this database includes your name, address, Social Security number, driver’s license number, and more. Deluxe also owns Shared Check Authorization Network (S.C.A.N.), which verifies checks for over 77,000 retail locations nationwide. And not to be denied the junk mailer’s devious craft of selling your name and private information for a profit, they have another company by the name of Deluxe Data Resources, which sells detailed consumer demographic data on 100 million households.

Bankrate.com, one of the most comprehensive sites for credit info I’ve run across, confirms that 80 percent of U.S. banks do belong to the ChexSystems network. They also recount grass-roots efforts against ChexSystems by Web sites such as PassChecking.com, set up entirely to help consumers fight the system. Later in this post, I will show you other sites that either report on ChexSystems or are activists against the company.

Bankrate questions why a few overdrafts should place you on the blacklist for five years and goes on to note that it is the bank that actually causes that to happen. ChexSystems merely provides the database—there’s that dirty word again—that allows the bank to act. If you end up on its list through error, ChexSystems professes to help correct this both within their company and with the participating banks.

Let me say that I don’t believe most consumers would condone the flakes that regularly write bad checks or hit the ATM for cash that is not in their account. I know I don’t. It is dealing with these individuals, compared with those innocent souls that found their way on to this list erroneously, that bothers me. That and the resulting monstrous database. ChexSystems is regulated by the Fair Credit Reporting Act, so, at least, you do have the right to a free report.

If you Google ChexSystems, you come up with a site named Consumer Debt Resource, which apparently is the company, minus the bad-press name. In all fairness, there is an abundance of consumer credit information available, but you won’t find any details on the personal data that is compiled by ChexSystems, or its parent, Deluxe Corporation.

You won’t see another Deluxe company on the site: Checks Unlimited, formerly known as Current Checks. Checks Unlimited is a junk mail supplier of checks, with 8.3 million customers whose names are sold along with their lifestyles—forty-three, based on their check purchases—from book readers to pet owners to gardeners, environmentally conscious, investors, Republican prospects, to young children and teens. That’s database number four for Deluxe, with individual household, private information.

And now on to the Web sites I promised earlier that attempt to deal with ChexSystems (CS), each in its own way. First, ChexSystems Bites! places the company in its HALL OF SHAME for “developing and profiting from the terribly flawed system known as the ChexSystems Network.” The National Check Fraud Center provides a running commentary about CS, of benefit to anyone on their list. Carreon and Associates’ Better Credit-Better Life site has an in-depth report titled, “Getting Around ChexSystems,” which seems to speak for itself.

Yahoo! has a page listing other sites that deal with CS, one of which is “Fight Back Against ChexSystems.” Consumeraffairs.com has a short blurb called Chex Imbalances that compares CS with ChoicePoint and Bank of America, exposing CS’s freedom from public oversight, although its “practices have spawned a Web-based subculture of horror stories…”

Finally, there’s the “Mother” of all anti-ChexSystems sites: ChexVictims. You have to sign up to get the best information and participate, but it’s FREE and takes only a couple of minutes. From finding the 20 percent of banks that do not cooperate with CS, to joining in on discussions and telling your personal story, this site means business. ChexVictims even gets into general credit problems that can result from being a CS victim.

With all the animosity toward ChexSystems, it makes you wonder where all this momentum comes from, and I think I have the answer. That’s right, the dirty word…database. Just another collection of your names and personal data that is probably ripe for the picking and somewhere on the priority list of ID thieves. Well, consumers are dead-tired of this and they aren’t going to take it much longer!

Colleges & Universities: Another Break in the Social Security Dike

I found an article on MSNBC recently about a stolen laptop computer with personal information on more than 98,000 California university students and applicants. “Stolen Berkeley laptop recovered; arrest made,” reported by Reuters, states that the university is “uncertain whether the information had been tapped…” Berkeley officials also confirmed a man was arrested and charged with possession of stolen property, which was allegedly bought over the Internet.

There’s more, but my first question would be, what is this sensitive data doing on a laptop? The second question is, why does the California university system require Social Security numbers for identification?

I searched for over a half-hour for Berkeley’s Privacy Policy with no success. I was able to find something from Long Beach, a part of the California university system, stating that CA Code (Section 41201, Title 5) and the Internal Revenue Code (Section 6109) “require you to provide the university with your correct Social Security number.” The Long Beach policy states further, “The university uses your Social Security number to identify your academic records and to collect any debts you may owe to (the school) CSULB.”

I am not familiar with the California Code, but I did check the IRS Code 6109 on the Department of the Treasury site, and in its summary it clearly states that the “regulations affect individual preparers who elect to identify themselves using a number other than their SSN.” It appears to be concerned with tax refunds more than anything else and almost always refers to the “preparer” as the subject of attention.

It’s hard to understand the state of California, one that is probably the most consumer-oriented in the nation, still requiring Social Security numbers in their universities for identification. The state of Arizona, certainly not a leader in consumer rights, enacted law in 2002 prohibiting universities and colleges from using Social Security numbers to identify students or faculty. This was the result of an earlier data breach at the University of Arizona in Tucson. It also refutes California’s IRS requirement.

There is also another site, “Social Security Numbers and Student Privacy,” that debates the issue of protecting students from the fraudulent use of Social Security numbers. It discusses the increasing number of students that are revolting against using this information for identification, with students knowing full-well that their personal data is already plastered throughout databases all over the country. The feedback is interesting and worth your time if you are a college student or his/her parents.

And, once again, Privacy Rights Clearinghouse provides the best information for students and faculty in protecting their personal data. Their page, “My Social Security Number: How Secure Is It?” is a huge aggregation of pointers about the nine digits and how to keep them safe. It includes a section, “How Can a School Use My Social Security Number,” that explains compliance with the Family Education Rights and Privacy Act, which “requires written consent for the release of educational records or personally identifiable information…”

On another page, “A Chronology of Data Breaches Reported Since the ChoicePoint Incident,” details thirty-nine colleges and universities, and one high school, that have experienced personal data breaches in the amount of 1.7 million individuals. ALL IN THE YEAR 2005. And one, Georgia Southern University, not included in this number, reported “tens of thousands.” Most were the result of hacking, some stolen laptops, and one “dishonest insider.”

Folks, we’re talking about this country’s largest and most prestigious schools of higher learning, and even one high school. Institutions like Berkeley, Boston College, Northwestern, Carnegie Mellon, Michigan State, Oklahoma State, Purdue, Stanford, Duke, U. of Connecticut, Ohio State, USC, U. of Colorado and the U. of Florida, to name only a few.

According to the National Center for Education Statistics, there are approximately 16.7 million students attending college in 2005. Based on the Privacy Rights Clearinghouse figures, above, over ten percent of the students have had a breach of their personal data. The students also represent over three percent of the total data breaches since ChoicePoint. A small figure to some, perhaps, but still yet another tragic statistic that needs immediate attention.

DMA Protects Deceased Families...AT a Price

The Direct Marketing Association (DMA) has just started its new Deceased Do Not Contact List. With the success of the telemarketing Do Not Call list, now almost numbering 100 million households, and the numerous calls from grieving families, the DMA felt it necessary to give another ultimatum to its 5,200 members. According to the DMA, they are “required to eliminate these individuals from their prospecting campaigns.”

You will, however, have to pay $1 for this right, giving the DMA your credit card number, name, relationship to the deceased, and e-mail address; the deceased’s, full name and address, all telephone numbers, their e-mail address, and month and year of death. They claim the buck is a verification fee, and I quote here, “to make sure we have a permanent record of the credit card information of those who did the registering; and to help prevent misuse of, or fraud against, this system.”

This is patently ludicrous. How does $1 stop misuse or fraud? Are they going to report violators to the FTC Death Squad or send you harassing e-mails because you were a bad boy or girl? “CTO” from the VoIP Blog has the right idea. He considered using each of his thirteen credit cards to add all members of his family to the list. Stopping their junk mail, he felt, would be the best Christmas gift he could give.

As if the total absurdity of the idea wasn’t enough, the DMA is quietly collecting another database with personal information—including your credit card number—flying in the face of so many recent data breaches from junk mail companies, data brokers and banks. What makes them think they can keep their data secure with the recent announcement that ChoicePoint has had another breach of 5,103 customers, as reported in the Atlanta Journal-Constitution?

The number isn’t as important as the fact that this is yet another trespass on private information, added to the one last February, which was reported only because of a 2003 California law requiring notification. COMPUTERWORLD stated in an April article by Grant Gross that ChoicePoint discovered 45 to 50 more data breaches that hadn’t been reported. But if you are counting, that’s over 150,000 customer records revealed by ChoicePoint.

There are some in the industry that aren’t completely sure of the effectiveness of the Deceased list. Geoffrey W. Peters, Pro Bono General Counsel to American Charities for Reasonable Fundraising Regulation in Vienna, VA, likes the DMA’s effort but harbors some skepticism. In an article by Dan McNamara in The NonProfit Times, Peters recounts an incident a few years ago where he inadvertently mailed a suppression list and got a 6 percent response from supposedly dead people. His point is that all those included in the Deceased list might not be deceased.

I can go one better. I am personally acquainted with the actual mailing—not suppression—of the Direct Marketing Association’s Mail Preference List by a couple of supposed junk mail professionals. That’s the list you get on when you contact the DMA telling them you don’t want any more junk mail.

The two culprits, a junk mail computer facility owner and a catalog entrepreneur, got together on a lark to test how the response to the list would be, and were pleasantly surprised with the results. Yes, folks, they really did mail to the list that is supposed to be used to eliminate people who do not want junk mail.

Although this was several years ago, it shows a certain arrogance, and the clear disregard for rules and ethics, for some in this industry.

Identity Theft, Junk Mail and Your Mailbox

An advertisement ran in major print media last June stating that, “…the majority of identity theft still takes place in low-tech ways—stolen purses, wallets and stolen mail…” There was a large picture of the rural type mailbox, front open, with the word “Database” pointing to the inside. A headline exclaimed: “Most identity thieves don’t gather their data from a computer.” The implication, of course, is that ID thieves rely on this source most often to steal your name and personal data.

In a response to the ad by the U.S. Postal Service, reported by DM News, leading junk mail industry publication, their position was that the ad was not true. They quoted an FTC report that found that stolen mail only accounted for 4% of identity theft in the U.S. Further, that 53% of identity theft is from online activities.

The ad in question was run by a group called Your Credit Card Companies, identifying the following financial institutions: Citibank, MasterCard, MBNA, Discover Card and Chase. If you go to their site, YourCreditCardCompanies.com and click on Media Center/Materials, then click on Advertising, and finally, on the ad headline, “Most identity thieves don’t gather their data from a computer,” you’ll find they’ve changed the picture from a mailbox to two garbage cans. The basic ad stays the same. Oh, the power of the U.S. Postal Service.

But when you analyze the total problem, and where the easiest link to your name and personal data is, I think the mailbox, and the garbage can, do rank right up there at the top. Here’s why.

According to Synovate, a research company that is part of the Aegis Group, US households received an estimated 5.23 million credit card offers in 2004, up 22% over 2003. Percentage of homes receiving a credit card offer was 71% with an average per month of 5.7. The financial junk mailers are blanketing almost three-quarters of the country and hitting on these households almost six times per month—which is, in itself, enough to become alarmed over—but they still wonder why ID theft is rampant…?

Tell the truth. How many of you shred the info page of credit card offers, and I don’t mean just tearing it into even small pieces? Our household does, and, knock on wood, we’ve never had an incident. We were getting well over 5.7 mailings a month, enough to stack two feet high in a short period of time when I measured it. So get on the band wagon and get yourself a shredder and at least you have done all you can.

Let me leave you with some startling facts. Eighteen percent of the population has been victim to identity theft. That’s almost one in five…52 million consumers. Eleven percent, or, almost 32 million senior citizens, those most vulnerable, are in that figure, representing over 61% of the total. You can go to the Experian-Gallup Personal Credit Index and see all the data.

There are two sites and the second, headlined, “21 percent of victims say theft of personal or financial information was done by someone they knew,” is a shocker, but, once again, confirms my belief that identity theft can be stopped only by giving consumers 100% control over their names and personal data.

Kids, Guns and Junk Mail

I just read an article from MSNBC titled, “1.7 million kids live in homes with loaded guns” and over 42,000 of those households reported having loaded, unlocked firearms around their children. Alabama had the highest proportion with 7.3%, Alaska next with 6.6%, followed by Arkansas, Montana and Idaho with similar figures. I’m sorry, but this sounds to me like either the parents are morons or unconscious beyond help.

After the assassination of President John F. Kennedy, who was killed by a mail order gun owned by Lee Harvey Oswald, they passed the Gun Control Act of 1968. The major force in this act was the prohibition of mail order sales of rifles and shotguns. In 1999, Senator Charles Schumer of New York introduced the Internet Gun Trafficking Act, which attempted to restrict the sale of firearms on the Internet. As far as I can tell, it is still in the Judiciary committee, or worse…forgotten.

I tried placing an online order for a gun on the Internet and the requirement is that any firearms must be delivered through a licensed dealer, subject to the gun laws of your state. Even if we don’t have an Internet law in place, certain procedures seem to dictate that firearms are not readily available to just anyone on the Internet. Of interest to me was the fact that when I Googled “mail order guns,” 6.6 million sites came up. With “Internet guns,” the number was 12.4 million.

A report was done by the Department of Health Behavior and Health Education from the University of North Carolina to evaluate just how much Internet firearms vendors encourage purchasers to conform to firearms laws. The study, “Ready, aim..click: An exploration of firearms sales practices on the Internet,” concludes that online selling of guns is extremely aggressive and easily accessible but fails in its obligation to encourage buyers to abide by firearms laws. One of the findings was a shock to me: none of the sites posted a warning on its homepage about not selling guns to juveniles. Click on the study, above, for more startling facts.

An excellent site for information on gun laws relating to juveniles is CNN.com, “State by State Look at Gun Laws in the U.S.” You can search by state with documentation of laws relating to children plus general information such as permits, registrations, etc. As we know, Alabama is on the bottom, but my state, Arizona, falls short in its lack of the Child Access Prevention law which requires adults to use a gun-locking device or store guns in a secure location. Washington, DC, and New York seem to rate highest.

There are fifteen mail order lists on the market, according to Standard Rate & Data, the bible of the list industry. They range from magazine subscriptions to hunters to parts & accessories catalogs. I tried Googling “gun parts & accessories catalogs and came up with 2.5 million sites. One of them, Numrich Gun Parts Corporation, states that they can …”supply everything from pins & springs to barrels and stocks.” Their inventory features over 180 thousand individual items from an inventory of over 650 million parts and accessories. They even supply schematics with the parts layout of firearms.

I don’t know much about guns, but I do know that general parts and accessories are not covered in the normal firearms protection laws. However, the 1968 Gun Control Act does prohibit the sale of parts or “conversion kits” used to make semiautomatic firearms fully automatic. You can get unlimited information on this subject at the Brady Campaign To Prevent Gun Violence site, and I recommend a visit there when you have time to spend.

So, we are left with a lot of facts, some protective measures, but still one major problem: kids with access to firearms. I can’t do anything about those parents who are too numb to keep their guns out of the reach of their children. And, I know it’s far-fetched but they are also likely to be the same households where a kid would order the parts and assemble a rifle or handgun. It’s the inherent mentality that worries me, and I feel we should stop this potential threat before it becomes a reality…again.

Please give me your COMMENTS on this.

The Mysterious Provision in the Highway Bill

They’re at it again. Spending our money needlessly and skirting the real issue of protecting our names and personal data. It’s the new Federal-Aid Highways law that took effect May 17. It was passed, “To authorize funds for Federal-aid highways, highway safety programs, and transit programs, and for other purposes.” It’s the “…and for other purposes” that worries me.

An obscure provision (Section 7139), will force state motor vehicle departments to use the very data brokers that have had recent breaches, and who we now know to have inaccuracies in their records, for the authentication of commercial driver’s licenses. You can read the complete article, “Highway bill has identity check provision” by Shaun Waterman on Monsters and Critics.com. The question arises, are we trying to prop these companies up now after their fall from grace?

Two immediate reasons for Section 7139 come to mind: one, to get the monkey off the back of Congress so if something else does go wrong they can say they tried. Two, another gift to big business by this administration, which, apparently, the Democrats fell in line with.

The provision is very expensive for the states, and all but promises that the imperfections in data being used will produce unlimited problems. Situations like wrongful license denials and abuse by illegal immigrants, possibly terrorists. But, as the article points out, “…a huge windfall for the databrokers…” and further, “…a cost that would have to be borne by state authorities, or passed on to applicants.”

And, of course, the data brokers had their eye on the new information that would be produced as a result of the state queries, which they could re-sell as a new commodity. Anything to add to that $4 billion that the junk mail industry is reaping annually from the sale of our names and personal data. However, a Democrat, Senator Russ Feingold from Wisconsin, stepped in with an amendment to disallow the sale of this new, private information. At least that, and, perhaps, a forecast of more restrictions on the sale of private information in the future.

Waterman points out in his article that the REAL ID Act passed earlier this year supposedly provides the authenticity that Section 7139 requires in the new bill. He goes on to cover another method of confirmation that has existed since 1992, using the applicant’s Social Security number and date of birth. With all these restraints already in place, the mystery of Section 7139 just gets deeper. This is an excellent article and a must read for anyone sick of Congressional incompetence and favoritism.

I did a piece on the REAL ID card back in May: BLOG Bulletin : National ID Card Promises to Expose Largest Amount of Personal Data, Ever, In One Location. There are two major points in that post: one, by linking all state databases, this provides one-stop shopping for identity thieves. And two, in keeping with the latter, skepticism that the Homeland Security Department could keep the data secure, with four scores of “F” in a row from the Federal Information Security Management Act (FISMA). Of course, we now have experienced HSD’s performance in the wake of Katrina.

It’s all very discouraging and just seems to be getting worse, with no improvement in sight. Unless…the American public takes a stand on the issues they feel are important to themselves and this country. This is not a partisan thing, and we just may be in the throes of spawning a new independent political party that will provide those solutions.

Katrina and Potential Identity Theft

We stayed quiet this past week in the aftermath of Katrina. I felt it was time to take a backseat to this natural disaster of epic proportions and let the bloggers who could, provide online aid and assistance. We’re back now, and the emphasis is on the numerous ways your personal data can be breached and you could fall victim to identity theft from the storm.

This is directed not only to residents of the New Orleans area, although one might wonder if they are even connected to the Internet, or if they care about cyberspace at this point, but to anyone doing business with a firm located in the disaster area. We’ll start with…what kind of personal information is in their files relating to your household?

As an example, you could have just moved to Arizona, selling your home in New Orleans. Local mortgage offices are one of the largest repositories of personal data in the country with everything from your IRS returns to your complete credit report. There are also records in the realtor’s office that sold your home. Most of these records are on paper and could have been strewn anywhere in the disaster zone. And then you might live in Vermont and have your life insured by a New Orleans company or have your auto insurance with a large firm that has regional offices in the area.

Of course, the banks have a carload of personal information if you bank and do financial investments in one location. Hopefully, most of this data is computerized—although there is always the paper trail used for input—but this isn’t even secure from determined looters and ID thieves.

If one is able to break into the Tucson, AZ, CardSystems Solutions computers and access 40 million debit and credit-card accounts, they are probably qualified to mount an assault on unmanned equipment, possibly unsecured, definitely not protected, and physically steal the data, no matter what form it is in. Folks, this is just how organized identity theft is, and my perception is that the planning phase began about the time Katrina passed over Florida into the Gulf and began to gain strength heading toward the Big Easy.

The last collection facility I can think of right now that could be effected in the disaster area is the smaller, local credit bureaus used regularly by the realtors and mortgage companies. A treasure trove of private information is here just like it is in the big three: Equifax, Experian and TransUnion. If the mortgage company pulls your credit report, it is probably produced at least once on paper.

Just where is all this paper or other structures of data now? The obvious answer is, I do not know, but suspect that at least some of it is in the hands of some pretty sophisticated data thieves. If I am wrong, I apologize for being the alarmist, but doubt if this is an inaccurate assumption. Some may think it is farfetched but so did we, when the bad guys were getting our private information from ChoicePoint, LexisNexis, TimeWarner, Bank of America, and the list goes on.

So what do we do about it? In Louisiana and Texas, you can freeze your credit report so that no transactions can take place without your knowledge. Go to Bankrate.com for instructions on how to follow this procedure, and all the states where it is available. It is not offered in Mississippi or Alabama. Louisiana allows you to do this without any breach of your personal data; Texas requires that you be an identity theft victim already. My gut feeling is there will be some waiving of the latter with the credit reporting agencies in response to Katrina’s havoc.

Otherwise, systematically check your credit report in stages that will thwart the ID thieves, starting with your FREE report. They are available in all states now. Request the first report within the next couple of weeks. Get the second, which you will have to pay for, thirty days later. Wait another thirty days for the third. This is only if you are affected in some way as mentioned above. Go to AnnualCreditReport.com for instructions and each paid report will cost $9.50, regardless of the credit bureau you use.

You can also call a toll-free number: 1-877-322-8228 for the report.

The local, state or federal authorities do not have the time or resources now to help in this matter. You must bear the burden to protect yourself from identity theft. If you haven’t already accessed your free credit report, your investment is only $19.00, an amount well-worth spending to prevent thousands in legal fees to get your personal identity back.

Ethnic Profiling In Junk Mail II

In an October 2001, article titled, “Ethnic Profiling: A Rational and Moral Framework,” by Robert A. Levy, Senior Fellow in Constitutional Studies for the Cato Institute, he reports on a then Gallup poll which revealed that 60% of Americans wanted Arabs to be subjected to more intensive screening at airports. Of course, this was less than a month after 9/11. He quickly raises the question of whether any ethnic or racial profiling should ever be justified.

And then in August of this year, Ralph Hostetter’s piece, “Ethnic Profiling,” on CNSNEWS.COM, takes the ACLU to task for attempting to organize the Far Left, ultra liberals, against such targeted, ethnic profiling. The ACLU objects because terrorist acts such as Oklahoma City, the Atlanta Olympics, even a Taliban insurgent, were all Anglo-Christian Americans. But Hostetter apparently still feels this weakens the U.S. fight against terrorism and puts our citizens in jeopardy.

Levy believes, …”we must defeat without abandoning the liberties that set us apart from every other country in the world.” He goes on to call for “logic, not emotion,” “evidence, not rumor,” and …”a structured approach that weighs the competing interests rationally and morally.”

On the other hand, Hostetter states, “It is politically stupid for Americans who are so easily identified on an ethnic basis not to use ethnic profiling against our sworn enemies in the interests of our own protection.” He goes on, “Ethnic profiling works. If ethnic profiling is but one viable tool in the war against international terrorism, it must be used to the utmost.”

Two somewhat opposing views, but each with a certain degree of substance. We must defend America but we must not take away or infringe upon the civil rights of the people. And, under no circumstances should we be allowed to invade the privacy of any home or individual without confirmed provocation.

Keeping both of these positions in mind, let’s continue where we left off in my last post with the parade of ethnic lists that prevail in the junk mail industry.

Ethnic Lists & Marketing, LLC of Scottsdale, AZ, has a list called “Arab-American/Muslim-American Doctors.” There are 6,431 nationwide. Here’s one from Ethnic Technologies, LLC of South Hackensack, NJ, “Arabic Prime Prospects.” They also have “Turkish Speaking Households.” Three more from ClientLogic: “Ethnic Clubs & Organizations,” Islamic Households by Occupation,” and “Islamic Lifestyle Index” which identifies Islamic homes with guns and ammunition.

There’s an ethnic database of e-mail addresses from List Services Direct in Leonia, NY, and a huge ethnic masterfile of millions of names with added personal data from Focus USA, Hackensack, NJ. All of the smaller lists have some personal data available. Items include age of adults and children, telephone number, income, occupation, credit card usage, length of residence, language spoken, investments, education, vehicle information, frequent travelers, and, my favorite, “people interested in Middle East politics and the Arab-Israeli conflict.”

Some of the major magazines are also very aggressive in this area. Entrepreneur, U.S. News & World Report, Newsweek, the Time Inc. Group, Hearst Magazines (Cosmopolitan, Esquire, Good Housekeeping, Harper’s Bazaar, Popular Mechanics and Redbook, to name a few), and Meredith Magazines including Better Homes & Gardens and Ladies Home Journal. All have ethnic selections on lists that range in size from 500 thousand to over 30 million, the latter being the Time Inc. Group.

But the “mother” of all ethnic lists comes from Experian, also one of the three credit report providers, covering 43 different ethnic origins, and including 84 million individuals. That’s 28% of the total population. In addition to age, income, occupation, education, etc., here’s what Experian also knows about these households: whether they are business owners; number of children and their gender; wealth rating; and their summarized credit statistics.

As I indicated in my last post on “Ethnic Profiling In Junk Mail,” the real purpose of amassing all this data into lists and databases is to make more money from the sale of the names and personal information. Which is OK, if the name-holders were getting their fair share. Ethnic names range in price from 7 cents to 16 cents, the high side being just over the average of 15 cents.

As a part of the $4 billion made annually from the sale of consumers’ names and personal data, ethnic lists probably don’t represent a major contribution…yet. But considering the federal government’s recent habits of using data brokers as major investigative tools, can that time for typical overspending in this field by the feds, accompanied by humongous privacy abuses, be far away?

Read all about this in Rebecca Carr’s article, “Government employing brokers as data posse,” taken from the Palm Beach Post-Cox News Service. She reports that federal agencies still use companies like ChoicePoint and Seisint Inc. (LexisNexis) despite activist and lawmaker concerns over their recent data breaches and about this potential invasion of our privacy. You can only assume from this that we do not ever learn from our mistakes.

Ethnic Profiling In Junk Mail

There are over 1,500 ethnic mailing lists being sold today by the junk mail industry. Compare that with the number of apparel lists being sold: just under 600. What is the fascination of such lists? A recent Web article, Marketers seek Jewish data, by Ted Siefer, points out that junk mailers are becoming more “savvy” in targeting certain groups, and that is “cause for alarm,” considering the surge of identity theft.

As Al Jolson used to say, “You ain’t heard nothin’ yet.” Most every ethnicity is covered in the 1,541 lists, with some religions also identified: Catholic, Protestant, Jewish, Buddhist, Muslim, etc. One list, “Jewish Households By Lifestyle Interest,” available through the ClientLogic company in Fairlawn, NJ, sells Jewish families that gamble, travel overseas and drink. They also sell a similar list for Islamic households, minus the gambling and drinking. Syrian households are available from the TMA List Brokerage & Management company in Reston, VA.

The Christian Science Monitor has an interesting article on their Web site, “Profiling’s Limits,” that states “the ethnic or religious identity of a person may be one factor, preferably not the only one, leading to heightened scrutiny of some passengers, truck drivers, and so forth. But that scrutiny should be handled with care and respect”

Any ethnic list sold under that category is blatantly designed to separate out a group of people and place them in a neat category. It’s all a part of the junk mail frenzy to create another database that will outperform the one before it. The approach used to be to target households of younger females that buy expensive apparel. Today, the latter applies, but the junk mailer also wants to know her age, income, occupation, education, whether she has children and what age, whether she’s married, her investments, travel plans, and, of course her ethnicity, and the list goes on and on. The question is, exactly what is all this data used for?

Ted Seifer’s article quotes one list professional as mandating that the whole process of selling these names is safe. It is not. Yes, the list owner requires samples of what is to be mailed for approval, but the bad guys have been known to submit fraudulent samples, which were approved. Once in their hands, the crooks can do with the names as they please. Or, computer tapes are lost, as was the case with Bank of America. With the large number of transactions and times these names change hands, there are endless chances for a data breach.

So, once again, what is the real purpose of amassing all this data? The short answer the junk mail industry would have us believe is to best identify households so they can be sold only those products and services they want. This becomes laughable when you understand that 98 out of 100 pieces of mail that goes to these households ends up in the trash. The honest answer is that the ethnic craze is just the latest excuse to acquire more data on U.S. households and store it in a multitude of junk mailer computers for sale.

The exception is that in today’s hostile environment due to the terrorist threat, it does not bode well for some ethnic groups that may be sitting targets. And, we’ll dig deeper into this problem in my next post.

Moving Ahead With Privacy In Junk Mail

In my last post, “A Brief History of Privacy in Junk Mail,” I made some points which I felt established the fact that our rights to privacy concerning our name and personal data prevail over any rights the 1st Amendment gives junk mailers. We progressed through The Privacy Act of 1974 and a 1997 Privacy Protection Study Commission that issued its report: “Personal Privacy In An Information Society.”

This Commission recommended that junk mailers should inform consumers in advance of selling their name and personal data, specifically how it would be sold. Also, that the consumer should have the right to decide “if” it is to be sold. Just short of my concept that we should have 100% control, but a good start. It isn’t clear what it cost to form this Commission, but, obviously, it was at least partially a waste of money.

The most that came out of it was the junk mail industry’s resolve to put a sometimes barely readable message in most catalogs and other offers that said the customer could opt-out of having their name sold. No mention was ever made anywhere of the zillions of bits of private information that were being collected on the individual and compiled in huge databases.

Now, fast-forward to the year 2005, twenty-eight years later. Did we learn anything? Apparently not, considering the period of time that has elapsed with nothing else being done.

So after all the breaches by the data brokers, financial institutions and large companies, Congress has decided to take another shot at privacy. That would be the Personal Data Privacy And Security Act Of 2005, sponsored by Senators Specter and Leahy. It’s the one that requires notification of a breach after it has already happened. The Act is riddled with shortcomings for the consumer, and I am really disappointed with Senator Leahy, a Democrat, for not seeing this.

The first drawback, pointed out above, is notification “after” the fact. Second, setting a minimum (10,000 individuals) on databases that have to comply is ridiculous. What’s the magic of the number 10,000? But this one takes the prize for irony: prohibiting the sale of Social Security numbers. I can see crooked information brokers looking at this section of the Act and scampering off to their computers to steal all the SS #’s they can before the legislation is enacted.

Think, Congress! The only way to curb the problem of breaches of our private information and the resulting identity theft is federal legislation that will give consumers 100% control over their name and personal data. Like I said in an earlier post, “bite the bullet” and do it right this time.

In the meantime, if you want a really happy constituency, pave the way for the junk mail shopper to share in the $4 billion annually from the sale of names and personal data. I have made a case for using this money to supplement our Social Security, and, if acted on soon, could be in place for the alarm periods of 2018 and 2042.

And to cap it all off, junk mailers recently held something called “List Vision 2005” in New York. They are worried about list-regulation legislation that is being considered by Congress and feel self-regulation is the best defense against extensive legislative restrictions. They’re talking about alleviating consumer fears. Where were these people from 1974 to 2005?

You’d think the industry would wake up and realize that the meat of their existence, the junk mail customer, deserves better treatment. Give them what is rightfully theirs: 100% control over their name and personal data. Share with them the proceeds of that $4 billion each year.

The most-attended discussion panel at List Vision 2005 was “Suicide Prevention: Let’s Not Kill the List Industry.” The 1980”s “Me” generation has taken up residence in 2005. The major concern of the list hucksters is their own well-being, and, as a former broker of mailing list names, I don’t think that will ever change.

A Brief History of Privacy in Junk Mail

In the case of our name and personal data, I believe that the laws of privacy prevail. I also believe that individuals have the right to decide whether or not this private information should be sold on the open market, and, if it is, to maintain 100% control. That said, what officially—or even legally—backs my theory, when opponents repeatedly cite the 1st Amendment as their right to send unrestrained junk mail?

Paraphrased, the 1st Amendment states that Congress shall make no law prohibiting free speech. Just click on the highlighted portion and you can research the Amendment at FindLaw. My question is, where does the junk mailer’s right to free speech end and my privacy begin?

The Constitution does not specifically mention a right to privacy, but Supreme Court decisions over the years have established privacy as a basic human right. The 9th Amendment states that, although certain rights are specified by the Constitution, just because something is not specifically designated, it should not mean that it isn’t a right of the people. Again, available on FindLaw.

In the Bill of Rights, 4th Amendment, the people are given the right “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures…” It’s not likely the architects of the Constitution could have even imagined the era of computers and personal databases. They were busy putting a new country together. However, it seems clear to me that, at least in the spirit of the law, we are supposed to enjoy a certain level of privacy.

Apparently, privacy wasn’t much of a real issue until The Privacy Act of 1974, when government agencies were restricted in what they could do with citizens’ personal data. It was enacted, in part, because the people do not have the same alternatives in dealing with the federal government as they do with private business. The major concern was assuring the public that their private information would not be abused by federal agencies or bureaucrats. Even then, they couldn’t have envisioned The Patriot Act.

Three years after The Privacy Act of 1974, a Privacy Protection Study Commission was formed and it issued its report: “Personal Privacy In An Information Society,” July 1977. Click on the highlighted area and then click on “Mailing Lists.” This report has been in my hands since its original publication, another confirmation of the number of years I have been concerned over the potential problems of selling names and personal data.

One of the recommendations made by the Commission was that organizations selling customer names and personal data “…should adopt a procedure whereby each customer, member, or donor is informed of the organization’s practice in that respect, including a description of the selection criteria that might be used in selling, renting or exchanging lists, such as ZIP codes, interest, buying patterns, and level of activity, and, in addition, is given an opportunity to indicate to the organization that he does not wish to have his address, or name and address, made available for such purposes.”

Interpretation: selling our name and personal data should be an opt-in arrangement, meaning the junk mailers shouldn’t make a move without our prior approval. Folks, this was 28 years ago. The commission had the vision to predict that certain selection criteria like our “buying habits” could be tantamount to a major invasion of our privacy. They were defining “personal data” before we really knew what it meant.

In another important move, the Commission recommended against companies selling or sharing data with their affiliates, a problem that still exists today. If you trust the parent company, why not the subsidiaries? Simply put, loss of control. And, if security is lax at the top, ie. ChoicePoint, LexisNexis, Bank of America, Time Warner, what’s it like in the companies’ smaller affiliates?

In my next post on this subject, we’ll talk about what’s happening today in personal data privacy and the mounting war against identity theft.

More On Personal Data Protection and Identity Theft Prevention in the UK

In my last post, we had just been introduced to Graham Sadd’s theory that the responsibility for a person’s data should be returned to the individual. Sadd is the CEO of PAOGA Ltd. of Maidenhead, Berkshire, England, and his company is the creator of the concept of the Personal Data Vault. Simply put, the PDV gives the consumer 100% control over their name and personal data.

He makes a good analogy of the “data available everywhere” syndrome…“like trying to recognize someone from a photograph of someone’s face made up to from 100 different photographs taken in color and black and white throughout their lifetime.” It’s not likely to look like them today. Neither will all the combined databases—compiled for years from numerous sources, containing your name and personal data—accurately reflect your true, current profile. And why is that bad?

The reason given by the junk mail industry for amassing all this private information is that the junk mailers can better target what you want to buy. So if it’s wrong or out of date, what’s the use? I’ll tell you why. Right or wrong, they can sell it for a fortune. I’m not saying they would do this on purpose, and most junk mail companies wouldn’t. As a former broker of mailing lists, I sold what was available in the marketplace, most of which, by the way, was represented as recently updated.

My point is that unless the data comes right from a legal document—like a driver’s license, voter registration, public deeds, etc.—the accuracy is questionable. Questionnaires are a farce. The person is most likely to answer the questions in relation to what free products they want. Huge lifestyle databases are built from the latter and sold for astronomical prices. Surveys may be the most truthful of the two, due to the fact that a majority are taken live, either in person or over the phone. Guess we can’t fudge on the truth when it’s so up-close.

Another major problem is the “insider’s” approach to stealing our data. If it’s an inside job, there’s not much anyone can do about it, despite the controls the data brokers and junk mailers claim they are putting in place. I’ve witnessed personally the after effects of such an incident, and there was no way it could have been stopped. In the earlier article, “Growing Concern Over Identity Cloning…”, from Devonshire Marketing, the following AOL incident was mentioned.

In mid-2004, a former AOL employee was charged with stealing the Internet company’s subscriber list of over 30 million customers, and selling it to a spammer. You can read the whole story, “AOL customer list stolen, sold to spammer”, by Bob Sullivan, technology correspondent for MSNBC. I mention this to emphasize the apparent ease with which the crooks pull it off, even with one of the top Internet providers. And, there will always be another dishonest employee lurking nearby.

So why don’t we just dump these archaic methods and go for the gold? Give the consumer 100% control over their name and personal data and make them responsible for keeping it correct. Let them decide when and where to opt-in and be able to keep out all the bad guys. And, for each time their name and data are sold, they are compensated from the $4 billion that junk mailers gross annually by selling mailing lists.

Personal Data Vaults. They’re beginning to sound like the wave of the future.

Another one of Devonshire Marketing’s Vanessa Land articles, “Retailers To Become Loyal To Consumers – Personal Knowledge Banks Will Override Loyalty Cards Over Time,” covers a topic that has become a very sore spot with some American consumers: the supermarket loyalty card that tracks virtually every item you buy from booze to prescription medications.

Her piece makes the point that Personal Knowledge Banks, just another way of saying Personal Data Vaults, if controlled by the individual, could be updated by the person to eliminate any undesired information. They could also set restrictions on who sees the data, giving permission on an as-needed basis, and with selective access, if desired.

The more I read of what is being done, or at least planned by the Brits, the more I realize just how far the U.S. is behind. Don’t get me wrong, this is a great country and we do great things. But we do tend to put business ahead of the consumer, and this has become the rule with the current administration. As I have said before, our names and personal data should be sacrosanct, and it is time for Congressional leaders to realize this and take action.

The Brits are Whipping Us in the Protection of Personal Data and Identity Theft

The Data Protection Act (DPA) of the United Kingdom, passed in 1998, seeks to strike a balance between the rights of individuals and the sometimes competing interests of business. That’s a good idea for the U.S., even after it has become obvious that American companies like LexisNexis, ChoicePoint, Bank of America, (and the list goes on and on) have done a lousy job of protecting our personal data.

The UK DPA fact sheet goes on to say that…”Anyone processing personal information must notify the Information Commissioner’s Office (ICO) that they are doing so, unless their processing is exempt.” In this case the Brits have taken control over consumers’ names and personal data with the requirement that business must inform the ICO of their use. Yes, there are exemptions, but this is the “balance” mentioned in paragraph one that we must achieve.

If you really want to dig deeper, go to the UK Data Protection Act 1998 for the complete version, which is far better than what we have—which is almost nothing—but still doesn’t go far enough. And no, I won’t be satisfied until every American consumer has 100% control over their name and personal data and is compensated for its use.

U.S. Senate Bill 1408, sponsored by Gordon H. Smith of Oregon, appears to be a lame, Republican attempt to appease the electorate, while leaving the responsibility for safeguarding our private information with the very companies that have proved they can’t do it. Even two prominent Democrats are co-sponsors of the bill: Senators Hillary Rodham Clinton of New York, and Bill Nelson of Florida.

The bill—whose description states it is supposed to strengthen data protection and safeguards, require data breach notification, and further prevent identity theft—talks about restraining the sale of Social Security numbers. What possible difference could that make when it would take me no more than around $50 and five minutes to get one on the Internet? They are already available everywhere and you will never stop the black-market trade in such a valuable means to achieving identity theft. The only answer is a unique ID with an opt-in only for the use of our name and personal data.

So where is Senate Bill 1408, the Identity Theft Protection Act, going? Probably nowhere, unless there is an outcry from the American people for Congress to get off their butt and do something. It was last worked on July 28, Congress is now going into its August recess, and who knows what will happen in September? With this kind of Congressional apathy, the timing for my grass-roots movement to give consumers 100% control over their name and personal data couldn’t be better.

I ran into another very interesting site from the UK. Deavonshire Marketing’s Vanessa Land is writing on the protection of our name and personal data and the identity theft problem. Her article, “Growing Concern Over Identity Cloning, Theft and Fraud Is Forcing Companies To Take Greater Precautions To Safeguard Consumer Privacy” is a must read. She quotes Graham Sadd, CEO, PAOGA Ltd., personal records management specialists, as confirming what we all know: the fact that consumers are very concerned over identity theft.

Sadd makes another significant statement: “Data loss and identity theft doesn’t just happen at the individual level. Unscrupulous criminals are also targeting groups.” Precisely why the individual should have 100% control and be the only one with the data button. He goes on in the article to cover important topics that should catapult any lawmaking body that is supposed to protect its constituency into reality and action.

Topics like the fact that we don’t have a clue as to where all this private information is, therefore, how can we expect anyone other than ourselves to control it? Considering all the data output forced on the consumer each year, both required and willingly given, government and private, think of the number of new databases being created annually. And then Graham Sadd wraps it all up in the neatest bundle. Based on his theory that legal responsibility for a person’s data should be returned to the individual, you create a Personal Data Vault to secure this information. He does it at PAOGA using the vast resources of the Internet.

I have to tell you that I am blown away by this whole concept because it is exactly what I have been proposing for the last ten years, except for one clarification. With the number of scam artists in this country, legal ownership is probably not advised. The answer is federal legislation to give consumers 100% control. Otherwise, Mr. Sadd has the whole program in place and the U.S. junk mail industry and members of Congress should take note and get more information, which is exactly what I am going to do.

More on PAOGA and this exciting issue in my next post.

Supplement Social Security With Junk Mail? II

Social Security is back in the news again. The administration is grinding the same ax and the Democrats have come up with a luke-warm alternative. Bush, of course, is still pushing individual investment accounts and now the Democrats have unveiled “AmeriSave,” designed, they say, to supplement Social Security. It’s supposed to guarantee benefits, according to House Minority Leader Nancy Pelosi, D-California.

We already know the drawbacks and the projected costs for individual retirement accounts. Now “AmeriSave,” which touts matching dollar-for-dollar for the first $1,000 a worker contributes to an IRA, 401(k) or similar plan, is introduced with no estimate of the cost. If only half of those people turning age 65 this year (approximately 1 million) took advantage of this, the fed’s outlay would be $1 trillion. My figures may not be perfect, but you get the idea.

I have been trying to sell my plan to the Democrats since March of this year when I wrote to Howard Dean, Democratic National Committee Chairman. No response. Zilch. You would think that at least a lowly staffer would eventually get back to me and either say my idea is do-do or we’re thinking about it, or just get lost. My latest attempt is to the Governor of Arizona, Janet Napolitano, who is also a Democrat. We’ll see.

To get back to the current discussions over Social Security, my concept uses the revenue from the sale of your name and personal data to supplement social security. I covered this in an earlier post: Junk Mail 101: My Solution for Personal Data Loss. Scroll down to the second post. Here’s a review.

Federal legislation would give each junk mail shopper 100% control over the use of their name and private information. We create a system of checks and balances where you make the decisions while also shouldering some of the burden of responsibility. A unique ID similar to a Social Security number in its originality would be assigned. This ID would be used in every junk mail transaction, including unsolicited credit card offers.

The mechanics are in the earlier post, but the point I want to make here is that it should cost the feds and the taxpayers nothing. Nada. Let the junk mailers develop the system and pay for the administrative costs. The selling of your name has been going on for over 50 years with profits in the billions.

In this business, I have personally witnessed advances in technology that, if applied in another direction, could put your name and personal data on the moon, and in a precise location. The junk mail industry can certainly develop a procedure that will process payments of $2 billion a year (from the total take of $4 billion for your name and personal data) and organize it in a way that pays individuals on a sliding scale, similar to Social Security. In other words, you reap in proportion to what you put in.

And now the numbers you’ve all been waiting for. Let’s look at an age 55 retirement first. Start at age 18 with contributions in a simple interest-bearing account (3%) for 38 years until you are fifty-five. The average minimum supplement payment expected is around $265. Some more, some less, of course, based on a sliding scale. Next, retirement at age 65, starting again at age 18 with the same interest rate, but for 48 years. The average minimum payout is $607, more or less.

I say, “average minimum,” above, because it is always best to be conservative with someone else’s money. These figures are based on paying out only that amount each year equal to the amount taken in (the $2 billion plus interest over 38 and 48 years). We are not dipping into the total available, which is $6.4 billion for those age 55 and $8.6 billion for age 65. It also does not consider the fact that we could achieve better results with a higher interest rate (probably around 6%) if the funds were invested with a secure strategy.

So, what’s wrong with this concept? Tell me if you know something I don’t. The numbers are all done in an Excel spreadsheet formula that gives the future value on an investment, based on the input of specific figures. Try it and see if you don’t come up with the same results.

And, I do realize there are several different ways we might go about achieving the same results. As an example, based on the amount of the surplus, payouts could begin as early as 2018, the first projected crisis period for Social Security.

If you agree, help me get the word out and please let me know what you think.

Protecting Your Name and Personal Data in Seattle

I just returned from Seattle where I ran into some great talk radio: the Dave Ross Show on KIRO. Looking for some commentary on junk mail, breaches of personal data or identity theft, I finally landed at 710 on the dial, right in the middle of a discussion on Seattle’s road building and general transportation problems. Now, being from Arizona, you would think I would just keep on surfing, but I didn’t. Dave’s handling of the subject and the quality of responses convinced me to hang around his spot for the nine-day stay.

I was there with my wife, Barbara, who was attending classes in Auburn, for Linda Tellington’s T-TOUCH. This is a form of animal training, involving a method of light touches, administered to address certain issues of the animal, thus, improving behavior and quality of life. It works! Barb is having great success here in Arizona, and plans to complete the first phase of her companion animal training in Auburn, this November.

After returning to Arizona, I decided to e-mail Dave Ross and see how he felt about the concept of consumers having 100% control over their name and personal data. He wrote me back and said he was very interested in the idea of the individual being paid for the use of his or her name and private information. Tina Nole, his Producer, coordinated the rest and we were on-the-air last Wednesday, July 20, at 3 PM.

Following discussions between Dave and me, which covered everything from the necessary exceptions in the federal legislation I am proposing (homeland security, some medical and financial situations), to how the concept is affected by the 1st Amendment (non issue in my book, because consumers should rightfully be able to control something that is this private), Dave then took calls from listeners.

The first was a fellow who worked at the Post Office, worried that this idea would eliminate his job. I explained that the attraction of the royalty to be made from the sale of a person’s name and personal data would no doubt lure some of the 45% of the population that does not yet shop by junk mail and probably serve to retain most of the 55% that does.

Dave asked about what could be expected in a year as payment for selling your name and personal data, which amounts to about $60. The rest of the callers were adamant in their dislike of junk mail and not real sure money would quell this position. I countered with the fact that my concept is a long-range plan, based on sharing one-half of the annual take by junk mailers for selling names and private information in the amount of $4 billion. It could be a supplement to Social Security with $2 billion each year invested for the long haul.

The outcome was good. Seattle got an idea of what is possible, if they join my grass roots effort. Dave Ross told me, on the air, that he felt I have an up-hill battle, and I do. There aren’t many causes that affect so many consumers, as well as the business community, that don’t have a tough fight. I’ve always been a maverick, especially when I know I am right, and this is an issue in which my research also tells me I am right.

I just want to thank Dave Ross and his KIRO staff for realizing the importance of this issue and giving me the time on his top-rated talk show to voice my opinions. LISTEN! Seattle: KIRO Radio, 710 on the dial, the Dave Ross Show, Monday through Friday, 3 to 6 PM.

Junk Mail 101: Warranty Cards, Surveys and Your Personal Data

There have been warnings in recent years about giving too much information to companies on product registration cards—commonly called warranty cards—and consumer surveys. Still, data marches on, and currently there are over 700 junk mail lists on the market covering these two subjects. In the meantime, the poor consumer muddles through what’s legit and what isn’t and ends up becoming just another record in the junk mailers’ databanks.

Re. the warranty cards, we’ve been told we don’t really have to provide all the extras like age, income, children, etc; only your name, address and the serial and model number of the product. By law, we don’t even need to return it because we are covered automatically. For the surveys, our name, address and hundreds of personal facts about ourselves are necessary to receive cents-off coupons or product samples.

The fact that companies are more interested in our private data than protecting us should raise flags and peak our suspicion, but some of us go ahead and supply the information anyway. Well, don’t. And, I’ll tell you why.

But first, you must wonder how I know that so many of us have given up this detailed info. The answer comes from my 35 years’ experience as a mailing list broker. Two junk mail companies alone, have over 90-million individuals’ records on file. They are BehaviorBank, a division of Experian, one of the top three credit reporting companies. The other is Lifestyle Selector, a part of Equifax, also in the top three providing credit reports.

Links above are provided to their sites, but you won’t get information from Behaviorbank about numbers of names, personal data, etc. Only a telephone number. It seems they are not willing to lay out for the consumer what they know about them. However, the Lifestyle Selector site provides a wealth of facts, most of which is compatible with the Behaviorbank list. Trust me. A visit there will blow your mind over exactly what private information we’ve readily given up.

Each processes the data from product registrations and/or surveys into a neat, humongous database that reflects hundreds of personal identification characteristics about how you live each day. Then, they match this with what they already know about you from their demographics and lifestyle databases. The result is 91 million households whose most intimate details read like an open book.

There is one more large company selling product registration information, by the name of WARRANTY IT! Product Registrants. With some 7.2 million of your names, they also sell your age and income. Even Rodale, publishers of Prevention magazine sells its list of warranty card registrants. Their company representative stated they have access to this purchase info from the buyers of products advertised in the magazine.

Read the article from Privacy Rights Clearinghouse covering the California law, passed in 2004, requiring warranty cards to be “up front” with customers. It also confirms my earlier statements on how all this information ends up for sale in the marketplace. The Electronic Privacy Information Center has an excellent report on the profiling of individuals through capturing all their private information and daily lifestyle habits. You can find a piece specific to warranty cards about halfway down the site. This is a must read.

Aside from these companies ignoring our privacy and opening our life to the public and potential identity thieves, we’ve given them carte blanche to sell the treasures of our personal existence. Do you want your health problems, including the prescription drugs you take, available for open review? How about your dress or pants size and the diet you are on? And then there is the frequent traveler who gambles and is also a smoker. Your political views, reading habits, the music you listen to and your investment practices. It’s all out there, ready to be plucked, and sold for astronomical prices.

There is one person who not only agrees with my concept that we should have 100% control over our names and personal data, but he also has his own solution for the problem. Another must read is Kevin Bedell’s blog, Where do Intellectual Property and Personal Information Intersect? He makes some very good points and, although dated back to 2002, it just shows that we’ve been thinking about the nature of this beast for some time. In my case, over ten years.

Let me pose some particularly relevant questions now:

1. Do you have any idea how much of your private data is warehoused by junk mailers?
2. Do you have the slightest concept of the sizeable number of sources available to these companies where they can whisk away your personal information at the drop of a few bucks?
3. Do you know that the junk mailers are taking in $4 billion each and every year on your name and personal data?
4. Should you be more than slightly suspicious over the way junk mailers manipulate your name and storehouse of confidential knowledge and sell it on the open market?
5. Does it make good sense that you should share in the $4 billion made annually from the sale of your name and private information?

I’ll be covering these and hundreds more questions in future blogs.

Finally, in the whole warranty card and consumer survey fiasco, the data gatherers are obviously nervous over the loss of your personal data, especially exact age, which is considered a key factor in some junk mail offers. It is also a prime tool in the committing of identity theft. But, with their circuitous ingenuity, I can assure you the junk mailers will not give up the search for new sources until every public and private record available has been exhausted.

Catching Up With European Privacy Law. NOT!

You have to read the article in the July 4, 2005, Newsweek, titled “Grand Theft Identity.” Along with some excellent pointers to prevent identity theft, including actual case studies, it features one of my favorite people in the fight to control your name and personal data. It’s Beth Givens, founder of Privacy Rights Clearinghouse in San Diego, and you should visit their site often to help you protect your privacy.

So what does the Newsweek piece have to do with European Privacy Law? Just one more example of the huge deficit in this country in the protection against ID theft, and how the Europeans have taken one giant step to stop it there.

On the last page of the article, California Senator Dianne Feinstein states that she “…would like to give consumers the power to keep their records out of databases.” She goes on to indicate “ the opt-in approach is the law in Europe.” That’s the giant step. The European Union may not have been able to decide on a constitution, but they’ve done one hell of a job insuring the privacy of their citizens. It’s like this, if you don’t want to, you don’t have to.

The law has been in effect since 1995 and, in ten years, there have been no widespread business losses, as far as I know. In the EU Data Protection Directive, the consumer must be given the choice to opt-out (which is basically opt-in, in reverse) of having business disclose their personal data or, using it for any purpose, other than that for which it was collected.

Further, an organization must give the consumer access to their private information, a stipulation that would probably horrify most junk mailers and data brokers in the U.S. There is no way they would want the American public to know just what and how much personal data has been collected on them. You can see another version of the law at the New England In-House site, a quarterly publication of Lawyers Weekly.

And then there’s the Law Blog from David Sorkin, a law professor in Chicago, who questions the Bush administration in pressuring European regulators to weaken their privacy standards. The President is worried about our financial institutions having difficulty conducting business abroad. I’m worried about our financial institutions having difficulty conducting business, without compromising our personal data, in the U.S. What about you?

Sorkin provides a link for the article: EU asked to tone down privacy standards. The whole idea is an insult to the American consumer and yet another example of how this administration favors business over the individual. Another piece, Congress fears European privacy standards, published just over three weeks earlier, apparently put Bush in motion when Cliff Stearns, R-Fla, called on him to take the matter up with the EU…quickly.

Both articles are dated (March of 2001), but show clear evidence where the Congress and the current administration are headed in protecting you against identity theft. And I say that, despite the recent ChoicePoint, LexisNexis, etc. incidents and the typical Congressional uproar that has resulted . Without pressure from grass roots efforts, Congress is not likely to enact legislation that would give you the giant step: the right to opt-in.

Although I admire the EU for the opt-in step, it still is not enough. We must pass a law that gives consumers 100% control over their names and personal data. If we can pull this off, maybe the EU will follow our lead.

Junk Mail 101: The Internet, Cyberspace and Identity Theft

Stories abound over the beginnings of the Internet and the World Wide Web. Remember when we thought nothing could surpass television? Well, it did, and with a momentum that will be hard to duplicate in the future, if ever. With a series of commands on your computer, you can be anywhere, doing just about anything. But beware, because this medium of communications continues to take first prize for scams that will quickly relieve you of your money, your name, your personal data, and possibly even result in identity theft.

Of course, the junk mailers are there again, excitedly working their way through a goldmine of data that is currently the new wave in selling your name. While the old method using the postal address brings in around fifteen cents, your e-mail address is worth up to seventy-five cents, with an average of around twenty-five to thirty cents. And that would be OK if some of this money was going in your pocket.

Industry giant, America Online, sells their members’ names for about nineteen cents. There are many other Internet and e-mail lists on the market, but the colossus is one called Able Double Opt-In Consumer E-Mail Masterfile. Almost six million names at twenty-six cents a pop, and they know over three-hundred-fifty intimate details about your household. Go to http://www.act1lists.com, and click on “List Categories,” then “Consumer Mail Order & Responder Lists,” then scroll down and click on “Double Opt-In Consumer E-Mail Master” to see what they know about you.

They can identify: your marital status, age, income, gambling habits, software you own, adoptions in the household, credit cards, those who bank or invest on-line, your religion and political preference, whether or not you are gay/lesbian and looking for a mate, your occupation and medical ailments. All of these private facts, plus more than three-hundred more, are locked away in this company’s database, ready for immediate access.

It is well worth your time and effort to find out how your life has been made an open book, just because you answered an online survey to receive e-mail offers. You also get an inside peek at one of the companies selling your name and personal data.

And here’s a frightening scenario. What if your name and personal data like this were to end up on the street through the efforts of a hacker and then is sold under the table to unprincipled businesses? A health insurance company could use the medical ailments to deny coverage. A large corporation could turn down applicants for a job due to their weakness for gambling or for being gay or lesbian. The possibilities are limited only by what private information is available.

The huge on-line retailer, Amazon.com, went round-and-round with the Electronic Privacy Information Center (EPIC) and Junkbusters about change in their privacy policy in September of 2000. The two organizations, in May of 2001, asked the FTC to stop Amazon.com from disclosing customer information without their consent. However, the FTC sided with Amazon.com, commenting that the company does not sell or rent customer names or personal information and would not do so unless it allowed them to opt-out first.

In a personal experience, my wife went on-line to check Amazon.com’s new apparel line in November of 2002, surfing through the offers but buying nothing, not even asking for information. We were more than surprised a few days later when she received an e-mail from Jeff Bezos, the firm’s CEO, thanking her for her supposedly unchaperoned visit. No big deal, perhaps, but clear evidence that our privacy is compromised on almost every move we make.

It is painfully clear that the battle over control of your name and personal data extends full force into the Internet age. And it is because of this very problem that Senator Fritz Hollings of South Carolina introduced the Online Personal Privacy Act in April of 2002. The 107th session of Congress adjourned before taking up the bill and apparently it is still in limbo. Senator Hollings has considered reintroducing the legislation. Perhaps you should contact your members of Congress and ask them to support Senator Hollings’ bill.

Junk Mail 101: Charitable Organizations Sell Your Name Too

Did you ever wonder why, when you contribute to just one charity, you get an avalanche of mail from all the others? I’ll tell you why. Your name breeds like rabbits. Moves with lightning speed from one philanthropic organization to another. It’s the call of the wild: ‘hey, we hooked someone today and we’ll sell you our names if you’ll sell us yours.’

Perhaps “hook” is a bit callous, but this side of the junk mail industry has to compete for your dollar just like the commercial companies selling you merchandise. And that’s just fine as long as the charity is spending the majority of the money on the actual “cause” and not on fundraising efforts. According to the Better Business Bureau (BBB) Wise Giving Alliance, non-profits should spend at least 65 percent of total expenses on program activities. Let’s see how some of them fare.

I picked seven large organizations, strictly by random, and have listed them in alphabetical order. If you don’t find your favorites, go to the BBB’s Wise Giving Alliance and click on “Charity Reports” at the upper left column. If they aren’t registered with the BBB, go directly to their site and look under financial information. If it isn’t there and an e-mail to the charity doesn’t produce an answer, you might think twice about your next donation. Now, the players and the percentages devoted to their programs:

Alzheimer’s Association: 75%
American Diabetes Association: 76%
American Heart Association: 73%
Disabled American Veterans (DAV): 74%
March of Dimes: 76%
Muscular Dystrophy Association: 77%
Sierra Club: 90%



They all sell your name, averaging almost 8 cents each. As a matter of reference, the typical commercial name sells for about 12 to 15 cents each. And the philanthropic fundraisers are included in the total junk mail take of $4 billion on names and personal data each year.

Most charitable organizations don’t collect, and offer for sale, as much personal data as do the commercial junk mailers and large data brokers. It costs more to capture or add this information and most of them are on a limited budget. Selling your name is more of an income-replacement-tool, and probably offsets the necessity of having to solicit more donations.

On the political side, there’s a funny piece from the Washington Post dating back to July of 1993. The Great Minnesota Progressive blog posted How GOP Computers Got My Mama; And How they Might Get You. The WP reporter tells of his mother receiving a “special” junk mail invitation to President Reagan’s return from his historic European trip. She can’t go and tells her son she will RSVP to let them know, which he, of course, tells her isn’t necessary.

She does anyway, later making a contribution to the GOP, and, naturally, a deluge of mail follows. Finally, a few years later, she begs her son to get the Republican party off her back. “I send them money but they just keep asking for more,” she said. The son tries to explain the fundraiser’s strategy of “giving more means asking for more.” To make a long story short, the mother became ill and the family had to take over her affairs. It was then that they found the humongous amount of political and charitable junk mail, all resulting from her initial contribution. The story is well worth reading.

It isn’t fair, however, to put the fundraising community in the same category as the typical junk mailer. Aside from the fact that, in most cases we are talking about an honorable, worthwhile cause, they don’t really feed at the same trough when it comes to the obsession for control over your name and personal data. How many cases of identity theft have you heard of coming from doling out to the Sierra Club?

The moral of this story is that fundraising organizations are a part of the junk mail community. They do business in a similar way to the commercial companies but their higher purpose puts them on a different level. The telemarketing Do-Not-Call law recognized this and that is why they are exempted. So, pick your charity of choice and give as generously as you can, but make sure your donation is going to the right place.

Re-clarification Of the Basic Issues In the Control Of Your Name and Personal Data

Recently, it came to my attention that there was some much needed clarification of my concept that you should have 100% control over your name and personal data. The idea is really not as complex as it might seem and this post is a follow-up to simplify, at least, the basics.

First, let’s backtrack and cover the foundations of the idea. It is my judgment, based on thirty-five years of selling your name in the junk mail industry, and ten years researching the concept, that you should be given 100% control over your name and personal data. You should receive that right through federal legislation, which is the goal of my grass roots efforts. There are at least five major points in favor of passing this law:

1.You will have complete control over how your name and private information are used in the marketplace.

2.You will be assigned a unique ID which will completely replace the Social Security number for purposes of identification.

3.You will be able to opt-in, not have to opt-out, in receiving any junk mail offers.

4.You will be able to literally eliminate all identity theft.

5.The JACKPOT: You will share in the proceeds of the sale of your name and personal data.

As an added benefit, you would be given the option to act as your own watch-dog to approve any credit-related transactions in your name. This simplified and sophisticated system of notification would stop ID theft in its tracks but would require your immediate reaction to an e-mail or telephone call. Even if you decide not to participate in the individual oversight, which would nip it in the bud, you would still be covered by the current guarantees for limits on liability.

Personally, I cannot understand why anyone would not want to maintain a tight fist over all aspects of their privacy. So there’s a little inconvenience to replying to an e-mail or telephone call, but look at the rewards. For the first time, and backed by law, you get to decide about what remains private about you and your family.

Okay, there must be some exceptions, and there are: the primary one being Homeland Security. This does not mean that government has the right to access your name and private information for any reason it chooses. But, if it is truly a high level security situation, the feds must have that right. Others may exist to accommodate data needed by business where you have officially opted-in, as well as certain requirements in the medical and financial fields. However, Congressional oversight would have to be established for any of these intrusions.

We’re still working on the final plan, so make your opinions known by leaving me your comments. Remember, the 2006 elections are just over the horizon, and we could make some headway with Congressional leaders sympathetic to consumer causes and maybe elect a few new ones that will vote our way.

No Matter Where You Look, Identity Theft Is Rampant

On June 18, I posted on off-shore warehousing of your name and personal data and sent you to a site well worth your time. It was Bloggerradio.com, and, just in case you missed it, the title is: Advance Warning: Lobbyists Don’t Want Us To Own Our Own Identities, and are moving data offshore to avoid regulation. DA, the site’s able master, is convinced, and I agree, that the lobbyists in Congress from the data broker industry have a new goal: move all our personal data overseas to avoid U.S. laws and regulation.

Just this morning I received an e-mail from Mac Haque, my Bangladesh connection, calling attention to an article in The Register: The Sun exposes UK ID theft racket at Indian call centre. It reports on the sale of thousands of UK banking records, including credit card numbers, etc., all of which can be used for identity theft. The Register journalist actually bought 1,000 private records from a “crooked” call centre worker. Along the same lines, Mac, himself, had a very interesting post on the subject, which I referenced on June 15: Identity Theft: Each one, Reach one, Teach one.

Stealing names and personal data is not new. I was in the junk mail business selling names for thirty-five years and experienced it first-hand. While sitting in a client’s office during my second year in the business, we were interrupted by his assistant who said she had an emergency. The short version is that some hustler had stolen the names and private information of several thousand buyers of a major encyclopedia company and wanted to sell them. It was an inside job and they caught the perpetrator as a result of my client’s cooperation. Just one of thousands of incidents you never heard about.

Bob Sullivan, technology correspondent for MSNBC, has the latest information on ID theft from Gartner, Inc., a research and survey firm. They found that one-third of the population are “‘very concerned’ about being victims of identity theft…” Sullivan’s article, ID theft concerns grow, tools lacking, just shows the inadequacy of this Congress to act on such an important problem. It also points out some anxiety from recent identity theft incidents over the effect it is having on e-commerce. As usual, it takes a hit on big business to accomplish anything for us poor consumer slobs.

Folks, won’t you agree that the current Washington gang, at least the side of the aisle that unanimously favors the needs of big business, will probably oppose any legislation that would give you the means to really protect yourself against identity theft? Passing state laws would be a legal and logistical nightmare. There’s only one solution. We all have to get together in a grass roots effort to pass a federal law that will give us 100% control over our name and personal data.

Discuss it with your friends. Send op-ed articles to your local newspaper. Contact talk radio shows and tell them how you feel. Call, write, or e-mail your Congressional representatives. Give me your comments on my blog, which I will pass along to members of Congress. In general, get active over this subject so, together, we can get the job done.

Identity Theft: Off-Shore Warehousing, Outsourcing, Off-Site Storage. This Just Means Your Name and Personal Data Are All Over the Map

It may already be necessary to include an amendment to my proposed federal legislation that gives consumers 100% control over their name and personal data. Although identity theft from the loss of your private information has reached epic proportions in the U.S., it could now be traveling overseas. The amendment would be written to include all personal data outsourced by American companies in foreign countries.

But the problems abroad are covered more than adequately in BloggerRadio.com’s latest entry: Advance Warning: Lobbyists Don’t Want Us To Own Our Own Identities, and are moving data offshore to avoid regulation. Read it. The piece makes an excellent point. Most of us are too busy with our jobs and personal life to take the time to explore what is going on in the marketplace with our private information. Folks, it is everywhere, ripe for identity theft. And you had better get behind this grass roots effort or risk living through a commercialized, Orwellian 1984.

Today, I want to talk about just how wide a presence your name and personal data have among the thousands of junk mailers and their affiliated off-site repositories. First, let me identify the players. You have the seller of merchandise or services: catalogs, insurance companies, etc. Next comes the computer facility where your name and private information are stored. Following is another computer workplace where the seller will send its list of names to match against all the millions of your names it has purchased to mail, with the intention of eliminating the duplicates. It’s called a merge/purge.

To complete the cycle, you have the hucksters of your name and personal data: the List Manager, the one who promotes mailing list names, and the List Broker, my former occupation, the one who actually sells your name and data. That’s the team, but as an aside, it is interesting to note that list brokers are considered the prostitutes of the industry. (Remember, I was one myself) Like the “ladies of the evening” on Lexington Avenue in New York, they would do anything to make the sale.

Now let’s review. Your name and personal data (the list file, it’s called) are housed with the seller, of course. The computer facility that maintains the seller’s list has a complete copy. The other computer workplace doing the merge/purge also has the file. And, even the list manager or list broker could have a duplicate of the list file. In every case, except for the merge/purge location, there is also an off-site copy of all names and personal data. That’s a total of seven.

When you multiply this by several thousand junk mailers, and then compound that by the delivery companies that are necessary to transfer the list files between facilities, you can understand how easy it might be to steal or lose the data. The perfect formula for identity theft. UPS has taken the blame for losing 3.9 million CitiFinancial customer records. The financial giant has just announced it is dropping backup on computer tapes and is sending everything to credit bureaus electronically, after encryption.

Because of the cost of the technology involved in electronic encryption, and the fact that some companies have not yet squarely faced the consumer privacy issue, the junk mail industry as a whole is not likely to embrace this move. In my thirty-five years as a name hawker, I never felt we got out of first gear, even with incident after incident of compromised data. Even today with identity theft the number one consumer complaint, many of those old junk mail entrepreneurs are just burying their heads in the sand, hoping it will go away.

And, if pirating your name for financial gain weren’t enough, at least 98 pieces of junk mail out of 100 end up in the city dump. If you’re an environmentalist, try and equate that to what you receive. According to a report from the Alliance for Environmental Innovation, catalogs alone utilized over 17 billion names in 1999 to reach their destinations. This organization is concerned about the loss of 3.35 million tons of paper to produce those catalogs. Anyway, what kind of business would tolerate a return rate on its advertising of less than 2%, from its infancy to present time?

So let’s get back to basics. Join my grass roots effort to pass federal legislation that will give you 100% control over your name and personal data. The above incidents may still occur, but with my system of checks and balances, you will not be the one to suffer. And as you can find in earlier posts, you would also share in the wealth of the sale of your name and private information.

Let me know what you think. I want to hear your comments!

Junk Mail 101: Identity Theft, Your Name and Personal Data, and the Direct Marketing Association(DMA)

According to the Federal Trade Commission (FTC), identity theft is the number one consumer complaint at 39%. It is followed by internet auction, a distant second at only 16%. If it weren’t for the California "Shine the Light Law, SB27, introduced by California Senator, Liz Figueroa, and passed into law on January 1, 2005, ID theft may well have doubled this year.

Personal data loss by brokers of mailing list names and private information has reached the millions of records and, with the recent CitiFinancial incident (3.9 million names and personal data), shows no signs of ending. On an earlier issue, the Ohio Attorney General filed a complaint against DSW Inc., a shoe retailer, for compromising 1.4 million credit card numbers. At least someone is paying attention. The junk mail industry is running scared and has hired three major PR firms and advertising agencies to improve their image.

I went to the Direct Marketing Association’s (DMA) web site to see what their position on identity theft was. It’s a terse, one-page statement, issued on February 24, 2005, as an answer to Senator Charles Schumer’s (D, NY) press conference on the same day. There’s the typical agreement with Schumer on the identity theft problem with continuing elaboration on what the junk mailers are “supposed” to do to protect your name and personal data against ID theft. Nothing about the central problem of who should be in control.

Steven Levy, technology writer for Newsweek, just posted his answer on MSNBC. "Lost My Secrets? Pay Up, Buddy!” is Levy’s remedy for the recent outbreaks of private information loss. The article puts forth the premise that, if the data brokers compromise our data, they should be made to pay for the damages. He also makes an excellent point which I hope will convince you to click on the title and read his story. You, the victim, could be faced with years, and I cannot emphasize enough the word “years,” of financial vulnerability. The reason is that lost data is still out there for the taking.

You also might want to get a feel for the international outlook on identity theft. Go to Macs BLOG to see how they view this problem on the other side of the world. Mac Haque, who has a jazz-rock fusion band, is in Dhaka, Bangladesh, and he writes about how identity theft is at best a minimum problem today in his country. He continues with pointers on how to stop it, obviously taken from the mistakes we have made in the U.S. It makes very interesting reading with an added benefit that you can listen to top artists such as Billy Joel, Christopher Cross, Dionne Warwick, Dizzy Gillespie, Miles Davis, the Rolling Stones and more.

So, what’s the solution? I have an idea. The DMA sells their list of 5,200+ junk mail member companies and contacts. We can all band together and buy these names for around $23,000 and send each one a letter telling them we want our name and personal data back. Or, we could just ask the DMA to donate the list to our grass roots movement. Whether or not you believe this is a good idea, it is something to think about. Right?