Scroll down for tips for organizations devising privacy policies
By Robert Ellis Smith
A Washington author used up space in The New York Times early in March telling readers that protecting your privacy is expensive. “Last year, I spent more than $2200 and countless hours to protect my privacy,” she wrote.
I didn’t. In my 40 years in this business, it has cost me less than $50 a year and only a few hours a year to provide myself a strong sense of privacy.
Some strategies are essential:
1. Protect your Social Security number at all times. Don’t give it out even though it seems that you may be penalized for it.
2. Avoid “credit monitoring services,” paper shredders, apps, “identity-theft protection,” anti-eavesdropping experts, Internet filters, unless you want to spend a lot of money.
3. Think of Noah’s Ark. To protect your privacy, think in twos. Rip in half any documents with vital personal information on them, including Social Security numbers, bank-account figures, or credit-card numbers. Deposit them in separate side-by-side trash containers. Empty each trash can at alternating times. Or use a paper shredder if you still want to spend money. Use two personal phone numbers, one for your friends and another for commercial transactions and public circulation. Use a personal mailing address and a “public” mailing address, which can be a post office box, a commercial mail-receiving firm, an office address, or a landlord’s address. This second address will not disclose your physical whereabouts, or that of your children. Have two Internet service providers and electronic mail providers, one for sensitive uses and the other for “public” uses. Have two credit cards, one for customary use and one for online use. If something goes wrong online, you can promptly cancel that credit card with no inconvenience at all. Use a second, out-of-town doctor to disguise certain sensitive treatments, if necessary.
4. Get off the consumer merry-go-round. Three-quarters of what is offered to us for sale is stuff we don’t need. There are virtually no products you will be offered by cold telephone calls or unwanted mail that won’t be available later on your terms. Marketers and data brokers and “big data” types don’t care much about people who don’t spend frequently by phone, mail, or on-line. These are the purchases that allow tracking of your likes and dislikes.
5. Think of the safety of your children if they are minors. It’s not irrational nor paranoid not to disclose your home address to anyone. You owe it to your kids; they can’t make this choice on their own. Have you met someone new or hired a tradesperson to come to your home? Wait until you know them better or until you have arranged a specific appointment for a specific time. Then don’t send your home address by email, where it can be transmitted further and added to lists.
6. Keep ‘em guessing. Use email some-times, texting other times, live telephone calls other times, tweet sometimes, even on the same transactions. Change your patterns – every day – so that you don’t create patterns. This is sound advice whether you are walking in your neighborhood, driving to work, scheduling absences from home, shopping, or going on line. Any habitual behavior makes you a sitting target.
7. Train yourself. Practice, practice protecting your privacy. You can anticipate that in any upcoming transaction you are going to be asked for personal information. Practice beforehand just saying no. Even if the information is seemingly innocuous, like your Zip code. (In fact, stores can use Zip codes in cooperation with credit-card companies to track your purchases.) If you are not successful, ask why the organization needs the information. Most important: Be prepared beforehand to abandon the transaction if the response is unsatisfactory. Approach any over-the-counter or telephone transaction as if you really don’t need the benefit being offered. (If you really do need the benefit or the product but object to the lack of respect for your personal information, buy it elsewhere or buy at a later time. By doing this you may have prompted the clerk to report to management that at least one consumer objects to the company’s demand for personal information. Thanks, on behalf of all of us.)
I remember fretting when Congress required that the Internal Revenue Service demand Social Security numbers of children on tax returns of persons who claimed them as dependents. I held out as long as I could, even went to a one-on-one hearing at the IRS where I discovered that the agent agreed with my concerns and said his colleagues did too. He said, however, he was powerless. (But he apparently was not powerless to keep enforcement against my defiance in limbo for another year.) When it was clear that the agency was not going to give in, a privacy zealot more courageous than me advised me simply: “Do without the deduction. You’ll soon make up in earnings for the loss of the deduction or you’ll find a more clever deduction.” He was right.
What About SSNs?
In dealing with businesses, I am asked at least two times a month for my Social Security number. I politely decline and point out my fear of theft of identity. Their agents move on to some other form of identity, showing that the demand for SSNs by businesses is no longer mandatory. Giving up your date of birth is far safer than giving up your SSN. Last four digits of your SSN? Not so much.
I am discreet when filling out application forms, whether online or in paper form. Often, you can provide general instead of specific information and still complete the transaction (for example, responding “over 18” or “younger than 65” when asked for age).
Try to determine what information on an application or warranty form is for marketing purposes and not necessary for completing the transaction.
When you are asked to sign authorizations to disclose your personal information, date the form or add an expiration date and cross out language that makes the authorization too broad or general. If you reconsider later, revoke the authorization in writing.
I always phrase any demand so that it elicits a positive response, not a negative one. I don’t say, “I refuse. . . .” I say, “Because I’m concerned about my privacy, I chose to keep that information to myself. . . .” I say, “I’d rather not. What else can I do to complete the transaction?” Assume that most clerks as individuals will identify with your concerns, and you will discover that many of them do. Be persistent. Be prepared to try three or four times before the organization caves in. At least make it fun for yourself.
Ask to inspect and correct files about yourself where federal law permits this – credit reports, consumer investigations, school records, federal-agency files, cable TV providers, and criminal records. A dozen states provide these rights for insurance files and 15 states have these rights for personal information stored by state agencies. Rights of access and amendment for patients are required by the federal HIPAA regulation for medical confidentiality.
From the March 2014 edition of PRIVACY JOURNAL
Win a free book. Scroll down and discover what we recommend for ID in airports and why.
* Be discreet when filling out application forms, whether online or in paper form. Often, you can provide general instead of specific information and still complete the transaction (for example, responding “over 18” or “younger than 65” when asked for age). Try to determine what information on an application or warranty form is for marketing purposes and not necessary for completing the transaction. When you are asked to sign authorizations to disclose your personal information, date the form or add an expiration date and cross out language that makes the authorization too broad or general. Revoke the authorization in writing if you reconsider later.
* Protect the confidentiality of your Social Security number. Just say no. Social Security numbers are really not necessary when applying for credit or insurance. There are legal limits when government agencies ask for Social Security numbers (explained in "Ben Franklin's Web Site"). Any request for your number when the transaction has tax consequences – like getting a job or opening a bank account or buying a house – seems reasonable. In other cases, ask for a random number you select or, if you must, try providing only the last four digits.
Most toll-free service lines will ask for Social Security numbers (or last four digits) but will process your request if you just say no and provide other means of verifying your identity. Most of these companies do not have your SSN on file anyway! Why give it to them?
* Attach conditions to sensitive information that you feel you have to provide. Ask that it not be further disclosed outside the organization or that it be destroyed after a certain period. Ask to inspect it in the future. This creates a binding contract with the organization. If it refuses to accept your conditions, that tells you about its information practices.
* Never provide sensitive information over the telephone or Internet to someone you don’t know – including your Social Security number, home address or phone number, bank-account or insurance-policy numbers, bank balance, mother’s maiden name, or medical information. If you want, call back the company and keep a record of its phone number.
Phrase your demand so that it elicits a positive response, not a negative one. Don’t say, “I refuse. . . .” Say, “Because I’m concerned about my privacy, I chose to keep that information to myself. . . .” Say, "I'd rather not. What else can I do to complete the transaction?" Assume that most clerks, as individuals, will identify with your concerns, and you will discover that many of them do. Be persistent. Be prepared to try three or four times before the organization caves in.
* Ask to inspect and correct files about yourself where federal law permits this – credit reports, consumer investigations, school records, federal-agency files, cable TV providers, and criminal records. A dozen states provide these rights for insurance files and 15 states have these rights for personal information stored by state agencies. This is required by federal regulation (HIPAA) for medical records.
* Ask the post office not to disclose your new address to commercial mailers when you file a change-of-address form. Better still, make your change of address temporary not permanent. A temporary forwarding instruction is good for one year, and the Postal Service does not forward temporary change-of-address information to commercial list users and direct marketers.
* Ask to inspect your own medical file and to add information to it if necessary. A federal regulation give you this right and most professional medical organizations endorse this right. Remove from your file any information involving another patient, not you.
* Organize your telephone service for your own convenience. Have your landed telephone number listed without an address in the directory. This will provide much of the same protection that you seek from an unlisted number – and for no charge – because marketers are not interested in collecting phone numbers without addresses. This will keep you out of the address and telephone directories on the World Wide Web. For a nominal monthly fee, phone companies will provide you a second phone number that will ring with a distinctive sound. You can make this your “public number” that you provide to businesses and government agencies. Reserve your original telephone number for friends and relatives, and then you will know when they are calling. In addition, ask the major mailers to delete your landed and cell phone numbers from their telephone and mailing lists.
Remember that cellular, mobile, and cordless phones are not secure. Cell phones allow for tracking your approximate location. Neither are electronic mail or instant messages or texting; regard them as you would a postcard. Remember that a recipient of your e-mail correspondence can pass it on to the whole world, inadvertently or intentionally. You have to respond to email carefully to avoid sending responses to persons you did not intend to receive it. If it's important to you, ASK recipients of your email correspondence not to pass it on without your consent.
Do not ever use telephones and computers at work for sensitive or embarrassing communications. Federal law permits employers to monitor business-related calls and correspondence.
* Demand that a telemarketing company that calls you add your name to a do-not-call list. Call 888/382-1222 from the number you wish to register and get on the federal do-not-call registry in seconds. Or go to www.donotcall.gov. By federal law, a telemarketing company must abide by that list. The same law prohibits recorded advertisements and fax advertisements into your home unless you consent. Many states have government-run do-not-call lists as well.
* Learn all you can about new technologies that affect your privacy – automated telephone devices, the Internet, social-media sites, blogs, genetic tests, electronic mail, bar codes, automated collection of highway tolls, radio frequency identification tags (RFID), contactless credit cards, skin implants for identification, two-way cable television, face recognition, digital driver’s licenses, airport-screening devices, and biometric identification devices like hand scans and eye scans. Know how they work – what they can do and can’t do.
*Subscribe to PRIVACY JOURNAL newsletter for great tips each month and the latest news you need to know to protect yourself. Ask for our reduced special rate for individuals. Click on the order form in the right column.
* Protect against theft of identity. This crime is the impersonation of you by a stranger to get identity documents or use your credit accounts. The main vehicle for it is the circulation of your Social Security number or carelessness with it by organizations. Keep your SSN out of general circulation as much as you can. And your children's numbers. Keep your SSN off your driver’s license and your personal checks.
Be aware of "phishing," the practice of impersonating a legitimate company or Web site and inducing you to provide personal information, like account numbers. Be aware that entrepreneurs create Web sites to suck you in when you misspell a legitimate Web site you intend to visit.
*Use caution in enrolling in social-media sites. Employers, schools, U.S. border guards and others consult them. Some employers demand your Facebook password when you apply for a job. Read the privacy policies of these sites very carefully and chose your options very carefully. Be prepared to take an hour or more to get it right!
* Use search engines like Google, Yahoo, MSN Search, and Bing to discover all you can about where your name is mentioned - and accessible to others - on the World Wide Web. You will be surprised. Correct damaging or inaccurate information if you can.
* Inspect your credit report once a year, or more often if there are frequent new accounts in your life. It's free. Be sure to start with the federal government Web site, www.AnnualCreditReport.com (877-322-8228, Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281), and none other! There are lots of impostors, and the credit reporting agencies themselves like to trap consumers. Often they trap you into a yearly service that costs money.
Avoid the credit-monitoring services that are offered.
* Think of Noah’s Ark. To protect your privacy, think in twos. Rip in half any documents with vital personal information on them, including Social Security numbers, bank-account information, or credit-card numbers. Deposit them in separate side-by-side trash containers. Empty each trash can at alternating times, so that these sensitive documents can not be reconstructed after you dispose of them. Or use a paper shredder. Use two personal phone numbers, one for your friends and another for commercial transactions and public circulation. Use a personal mailing address and a “public” mailing address, which can be a post office box, a commercial mail-receiving firm, an office address, or a landlord’s address. This second address will not disclose your physical whereabouts, or that of your children. Have two Internet service providers and electronic mail providers, one for sensitive uses and the other for “public” uses. Have two credit cards, one for customary use and one for online use. If something goes wrong online, you can promptly cancel that credit card with no inconvenience. Use a second, out-of-town doctor to disguise certain sensitive treatments, if necessary.
* Zealously protect the identities and addresses of your children. Avoid having them enumerated until they reach an age when they are seeking employment. This will keep them out of dangerous databanks and locator services. Take advantage of tax credits and deductions without providing SSNs for your children, if you can; otherwise be willing to do without the tax benefits. Keep them off mailing lists by using an adult’s name on magazine lists and direct-mail purchases. Don’t provide their names on any applications that parents submit. Do not permit them to provide family information – or information about their physical whereabouts or real names – on the Internet.
*Resist surveillance in the community. Make it clear to law enforcement and businesses what you think of the presence of camera surveillance everywhere. Demand that they prove that it is effective. Point out its cumulative effect on the culture and the community. Point out that most communities that launched camera surveillance have found it ineffective, and many have abandoned it.
* Take time to devise in your mind a strategy for dealing with the press if you should be suddenly thrust into a newsworthy situation. Select in your mind a trusted friend you would call upon, to advise you, to be a liaison between you and news reporters, and to assure that you disclose to the public exactly what you want to and keep private exactly what you want to.
* Shop ahead. When you seek insurance, a mortgage, retail credit, a bank account, or other important transaction, be prepared to dicker. Provide the least amount of personal information possible to get the transaction. Be prepared to be asked for more. Provide a little more, if you wish, and be prepared to be asked again to provide more information. Shop around for a transaction you really don’t need, simply to practice your technique of negotiating for the least amount of privacy sacrifice. Most important, be fully prepared to do without the transaction or to shop elsewhere if you believe that you are being asked for too much personal information. You will feel good about yourself. If you are dealing with a dominant business or a monopoly, be prepared to complain to the state agency that regulates the business. It may have guidelines that help you or it may be willing to intervene on your behalf.
* Shop Around. The new century has brought a few new products and services that actually enhance your privacy – e-mail forwarding services that protect your anonymity, encryption software, innovative telephone-answering machines, shredders, mail receivers, anonymous search engines, user-sensitive social networking. Seek them out. Paying by ATM card at the point of sale protects your privacy better than using a credit card. Merchants can track addresses of credit card users, but not ATM card users. In an airport, use your passport (with no address or Social Security number on it), not your driver's license.
* It is going to cost you. In the information age, privacy comes with a cost. You can expect to pay slightly more for some of the duplicative services you need, and you may pay a premium for dealing with an organization that respects your personal information. You may have to do without some of the enticing discounts that require you to agree to be bombarded by commercial messages in the future. The rewards for paying these additional costs are immense. They bring an increased sense of control and dignity to your life. In addition, you will find that you can accomplish a whole lot more or have more leisure time after you take precautions to ration the interruptions and intrusions in your life. One of the richest men in America, Paul Mellon, once said, “The idea of power never appealed to me. What has appealed to me is privacy. To me, privacy is the most valuable asset that money can buy.”
* Choose your battles. Not every collection of personal information or every intrusion is worth expending your energy. Decide which information is most sensitive to you and which moments in your life are most important to protect. However, you should err on the side of protectiveness, because you cannot anticipate which information about you will become crucial in the future. Remember that nearly all of the personal information that businesses and government agencies collect concerns how we spend our money. Organizations don't keep information about who we really are. Work hard to limit it to that.
Organizations (except for social networking sites that we chose to participate in) have not yet been able to intrude into the really important aspects of our lives – our spirituality, our beliefs, our sexuality, our home life, our creativity, our fantasies, our sorrows, and our joys. Using laws where they exist and common sense and determination where they do not, we must preserve our right to privacy for ourselves, our neighbors, and those still to come.
1. Organizations establishing privacy policies should incorporate the elements of the widely accepted *Code of Fair Information Practice:
* The existence of all data systems with personal information in them should be publicly disclosed, and the purpose for which information is gathered about people should be disclosed. This is the principle of openness or transparency.
* There must be a way for an individual to find out what information about him or her is in a record and how it is used.
* There must be a way for an individual to prevent information about him or her that was obtained for one purpose (which was stated when the information was gathered) from being used or made available, either within the organization or outside, for a purpose that is incompatible with the original purpose, without getting the consent of the individual. This is the principle of secondary use.
* There must be a way for an individual to correct or amend a record that contains information that is identifiable to him or her.
* The organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability, accuracy, security and timeliness of the data. In other words, the custodian of information that is disseminated has an obligation to the individual to make sure it is accurate, secure, and not misused. This obligation ought not be delegated to another entity.*
2. An organization must make sure that other entities handling personal information in behalf of the first organization are bound by these same principles.
3. An organization must conduct periodic risk assessments, balancing the possibility or probability of unauthorized access or disclosure against the cost of security precautions and the expected effectiveness of the precautions. In some cases, it will be necessary to establish an audit trail so that records are kept of disclosures of personal information, both within the organization and outside.
4. An organization should collect a complete inventory of federal, state, and local laws affecting its collection and use of personal information. It should be aware of "case law" (court decisions) affecting its information collection. It should scrutinize and any guidelines or ethical principles developed by trade associations on the collection of personal information.
5. Organizations must take special precautions in collecting and using personal information about children, both those 13 or younger and those 18 or younger.
6. An organization should openly disclose its policies and practices with regard to electronic surveillance of its employees' and customers' telephone calls, electronic mail, Internet usage, changing rooms, and rest rooms. It must articulate in advance the reasons for the surveillance.
7. An organization should collect only that personal information that is PROPORTIONAL to the purpose of the information. It must scrutinize each demand for information to determine that it is relevant and necessary.
8. An organization should designate an individual or office (whether full-time or part-time) to handle privacy issues by (a) acting as an ombudsman for customers or employees, (b) assessing the privacy impact of new undertakings, (c) assuring that the organization complies with all laws and trade-association standards; and (d) informing the organization of the latest technology and policies that affect the privacy of customers or employees. An organization, if it utilizes "opt-out" for customers to stay out of certain uses of their information, should make exercising "opt-out" easy, as easy as clicking a button or checking a box, without the need to write a letter or to communicate with another office.
9. An organization should not permit sensitive personal information to be transferred to or stored in portable media like laptops and hand-held devices. An organization should not post personal information on unprotected Web sites.
10. An organization should conduct periodic training of its employees (and volunteers) to assure that they know (1) applicable laws on confidentiality that govern the organization, (2) the organization's policies and actual practices, (3) the rationale for protecting confidentiality and the sensitivity of personal information, (4) the ability to recognize possible breaches and to report them to the proper person. An organization may choose to certify that employees who handle personal information are properly trained.
11. If one organization must comply with a principle of data protection, all organizations in the same field should have to as well, either through industry codes or government regulations.
* The Code of Fair Information Practice [see link below] was first established by the U.S. Department of Health, Education, and Welfare in its report on Records Computers and the Rights of Citizens (1973) and ratified by a similar study by IBM Corp. The Business Roundtable in the U.S. endorsed the code in the 1970s and it became a part of all data protection laws in Europe and most of the privacy laws in the U.S.
Web sites to help you: