Security

How to Opt Out of Online Databases

By Todd Wasserman

You might think with enough power and influence, you could keep most of your personal information off the Web and away from identity thieves.

That hasn’t been Jeb Bush’s experience, though. Until fairly recently, the Social Security number of the former governor of Florida and brother of the current President of the United States had been available online as were those of former Secretary of State Colin Powell’s and former CIA director Porter Goss.

Apparently, no one is immune. Even if you are among the ranks of the so-called UnGoogleable, there are firms like US Search, Accurint and 555-1212 that supply information including names, addresses, phone numbers and more to anyone willing to pay a fee. A skilled searcher can also find property records, Social Security, credit card and bank account numbers.

Furthermore, over the last decade, many municipal government agencies have been eagerly putting data from public records online, such as marriage records, death certificates, and property records. And there’s the rub. Some municipalities may choose not to digitize their data, but unless policies change to reflect the Internet age, there’s no such thing as an opt-out policy for government records.

The danger of databases
The harm in having your private data widely available to the public is that much of this data could be used to form the basis of identity theft. Identity theft has become a rampant problem worldwide as criminals use a few nuggets of information -- often all that is needed is a name, birth date, and Social Security number -- to fraudulently assume your identity. When they do this, they can take out credit cards, sign up for cell phones, and make purchases under your name that they never intend to pay for.

How big a problem is identity theft? A 2007 survey by Javelin Strategy and Research found that the number of adult victims of identity theft in the U.S. was about 8.4 million. That's down a bit from a peak of more than 10 million in 2003. But these thieves can still cause a heap of trouble for you. They committed nearly $50 billion in fraud in 2007, according to the survey. And each victim lost an average of $5,720.

The worst part is that you -- the victim -- are the one who is often stuck with sorting out the whole mess. Notifying authorities, your credit card companies, credit bureaus, etc., can often take days. And victims have been known to spend years trying to remove negative credit information from their records caused as a result of identity theft.

How to protect your private data
The good news is there are some things you can do to protect the information collected about you in databases. The bad news is that it will take a lot of effort, and regular monitoring.

Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse, a San Diego watchdog group, says the best thing you can do is ask firms that collect data to take you off their databases. The group’s website lists the companies that provide you with an "opt-out" option -- meaning they will take you and your information off of their publicly available databases and lists if you ask.

The problem is that if another firm doesn't have an opt-out policy, your private information may still be on the Internet for anyone in the world to see. Stephens says that opting out isn't necessarily the perfect solution. “Let’s say you opt out of half," he says, "the other half are still going to have your information online.”

Charles Cresson Wood, a Sausalito, Calif.-based information security consultant, disagrees with Stephens’ assessment. First of all, consumers can protect their privacy by being more circumspect. “A lot of people are posting info on Facebook and MySpace and other social networking sites about getting hung over and partying,” he says. “A future employer is likely to search you and find all that stuff.” Wood says disclosing such information is more a hallmark of the under-25 “look at me” generation, who are less likely to heed his advice. Unfortunately, even after you expunge such information, it’s not gone from the Internet forever. Third parties archive such Internet data.

Nevertheless, experts agree there are a few things you can do to keep your name off online databases:

• See if your personal data is already out there and where Try punching in your Social Security number or bank account number in a search engine to get an idea whether your sensitive information is already in the public domain. (Don't use dashes since a search engine such as Google will then assume it is a math problem and offer its calculator function.)

• Limit the amount of traceable data you produce If privacy is a primary concern, you may want to rethink unnecessary property purchases, applications for special licenses from government agencies, and other actions that create a paper trail.

• Don’t give out your personal information online Don't fill out unnecessary online forms or provide any more information than you have to when doing business online. If you have children, instruct them to do the same. (Companies are required by federal law to ask for parental consent for such information when it involves children younger than 13 years of age.)

• Ask for an opt-out policy. If a firm doesn’t offer an opt-out policy, one option is to make a stink about it. “You can embarrass the organization by making their tactics public,” said Wood. “Write a letter to the editor.” Many companies that have been publicly embarrassed about their data collection policies have been shamed into changing them by consumers.

Though it might seem criminal that such data is so freely available, it's always been perfectly legal. Prior to the Internet, such information could be found on marriage and divorce records, property deeds and military discharge papers, but to get it you had to go in person to a courthouse or other government building.

At the moment, extreme measures seem to be the most effective way to challenge the status quo. For instance, the fact that Bush’s Social Security number was online became widely known only after a Virginia woman, Betty “BJ” Ostergen, attempted to draw attention to the issue by posting Bush’s and other famous people’s Social Security numbers on her web site. The Virginia General Assembly responded by unanimously passing legislation making Ostergen’s tactics illegal and punishable by a $2,500 fine.