Last week we learnt about the apparent theft of data (social security numbers and other sensitive personal information) belonging to 4 million current and former government employees, and the possibility of a foreign government’s involvement.
The fact that this happened is very concerning, especially for the folks affected, however what’s more troubling to me is the frequency of these occurrences.
The Identity Theft Resource Center (ITRC) compiles and lists data breaches confirmed by various media sources and/or notification lists from state governmental agencies. This list is updated daily, and published each Tuesday. So far in 2015, there have been 348 breaches – an average of two a day – with over 107 million people affected (as of June 9 2015). Not a day seems to go by without some organization or company acknowledging that a data breach has occurred, and given this relentless drumbeat of bad news, we are now becoming desensitized to the severity and importance of these issues when they happen.
Unless, of course, it happens to you!
And when it does happen, the results could range from minor annoyances to major traumas, and could take years to untangle. A thief using your ID could get your tax refund. Or sell your ID to someone who gets (and uses) credit cards in your name. Who rents an apartment – or even buys a house, then defaults, causing potential bankruptcy, all in your name. They could commit violent crimes, get medical treatment, or cause a nasty traffic accident – with a driver’s license that leads the police (and the lawsuits) to you.
It’s all about the opt-out!
While no network is completely secure, as digital citizens we are now, more than ever, responsible for what we publish online – and how we are marketed to, given that we have provided the digital keys to our own castle.
It’s time for us all to take control of our digital footprint and become aware of the data that we provide, either voluntarily or involuntarily.
Most organizations that you have a relationship with “share” your information for marketing or other purposes, unless you ask them to stop. Opting-out is a great way to reduce the amount of your data that hits the web, and allows you to “control” your relationship with your vendors.
Requesting an opt-out may take some cycles to implement but I can confidently tell you that it works. You can locate information pertaining to how your data is collected and distributed within the Privacy Policies of the companies you deal with. For example, here’s ours.
Companies should tell you the what, why and how of your data is going to be used. They should be fully transparent, and provide clear and conspicuous options for you to opt-out of sharing.
What do you do if you are affected by a breach?
Not all breaches lead to identity theft, but the probability that something like that will occur is high. Most organizations don’t realize they have been breached until months later and by then it’s too late to act proactively.
Therefore, you have to assume that something will happen. Here’s the advice from the FTC pertaining to the recent government breach and what to do, with a plan for identity theft recovery:
https://www.identitytheft.gov/
At the high level, these are the steps:
Do immediately:
- Call the companies where you know fraud occurred.
- Place a fraud alert and get your credit report.
- Report identity theft to the FTC.
- File a report with your local police department.
Next:
- Close new accounts opened in your name.
- Remove bogus charges from your accounts.
- Correct your credit report.
- Consider adding an extended fraud alert or credit freeze.
And that’s just to get things underway. Getting your identity back, and your name cleared, could easily be your next full-time job if you fall victim to a data breach.
In conclusion:
You can’t do much to proactively protect yourself if your employer or your health plan suffers a breach. But all those other people who sell you things collect information about you, and you can do something about that.
Your data has tremendous value in today’s digital ecosystem, you need to manage what your share and to whom you share it with. Control your data streams and only provide information about yourself that facilitates your ability to manage the digital relationship for your benefit.
Cheers,
David