Privacy Journal

Send us your questions here and we'll answer them.
What are your rights? How to create a privacy policy? Where can you find help? How does certain technology function? What about credit reports and patient records? What's ahead for the FBI, Department of Defense, the privacy-advocacy world, or the airport near you?

Do you have a copy of the first issue published?

Yes! Why do you ask? We have a photocopy of the November 1974 issue, and copies of each issue since then ($10, less for full-year sets_.

From Cyberspace: What laws protect employees from use of RFID tags?

Response: Missouri bans requiring employees to have Radio Frequency ID or a similar chip implanted in themselves; California and Wisconsin ban requiring any persons to have an implant. Washington State bans remotely scanning an RFID ID device without knowledge for fraudulent purposes.

That’s about it. There are not many laws protecting privacy of employees at all. A dozen or so states permit an employee to inspect his or her own personal data on file, presumably any information generated by RFID technology.

Our view is that RFID was developed for keeping track of inventory and raw materials and is not intended for identifying individuals, is not reliable enough for that purpose, and ought not to be used for that purpose.

Inquiry: I saw that you handle consumer rights. There is this company Proactiv that has been sending solicitations to buy its products. I keep calling to stop mailing the letter to me. One time they even mailed the product which I ended up to pay. When I moved they still sending me stuff and I have no idea how they knew my new address. I opened up a PO Box address and they still sending me their stuff. And every time I receive something from them I call them to stop the solicitations. I said to them I do not want to hear anything about them at all, I am interested in their products at all. I feel they really truly invading my privacy and has crossed the line many times. Do you think I handle this incorrect? Do you know a better way to handle this? I am really really sick and tired of them.

Response: Some people like to return the material to the sender.

From a Reader: Re: previous person's comments. I found thru Google - a person with the same name - and some very odd and unprofessional posts on these social Web sites. I believe it's a practice for employers to search - I'd prefer they not see a photo of a bald shady-type individual (not that there's anything wrong with that) when they search my name. What do I do?

Response: Make sure you tell potential employers that you are not the individual online. Perhaps use a middle name. Include your hometown prominently in your application materials, if the other individual lives in a separate location.

Reader's Comment: A salesman was sent to my home when I called a company to install 2 shutters on my home. Before he left after giving me a quote, he asked me for proof of identity and asked to see my driver's license. I didn't feel secure showing my driver's license to this man that I hardly knew. He said he wanted the information to finalize the quote that I indeed had accepted to go ahead with the work. By the way, I have previously done business with this company and they had never asked me for my driver's license. Why is the rep now wanted to copy my driver's license information? Can you give me some guidance as to how risky is to just show my driver's license on command?

Response: Often, when we get inquiries like this, the questioner says that he or she objected to a demand for personal information and then ends up giving it away anyway. We hope that's not the case here.

We have no idea why a salesman would ask for an identity document (especially for a transaction to be completed at the house he is visiting!). Often it's an idle habit by companies. Perhaps it's to make getting a credit report easier. DON'T GIVE IT. Shop elsewhere.

From Connecticut: How long do posts remain on Google, etc. ?

A lot of incorrect information seems to get placed on Google ... even searches for people. My name comes up stating I have an account with classmates.com with the year I graduated. That could allow someone to figure my age. Anyway to remove this?

Hi, I believe online employment application resources (ICIMS, Taleo, Brassring) are either sharing or passing on incorrect or bad information. I had a successful career 28 yrs, then when our office was closed I changed jobs ... had one bad experience with termination(as moved etc.), could not make successful completion of training and believe this is affecting my future employment. What do I do ?

Response:: Google can search "cached" information that has been removed from Web sites, as well as information that is actively displayed on Web sites.

School graduation dates are generally known in newspaper records, yearbooks, and other off-line sources. We shouldn't be surprised that they are freely available online.

Persons who deal with online services should know that federal and state laws provide confidentiality only for credit and consumer investigation data, school records, federal agency records, patient information, library records, video-rental records, the content of phone calls, state records in fewer than a dozen states, and a few telephone-company records. That's it. No law prohibits exchanges of employment information.

Persons who deal with online services - especially those concerning employment opportunities - should check their spelling, grammar and wording before posting. You are writing for a wide audience, after all.

Question: Who legally has access to your medical records? What about your health benefits provider such as Aetna, Blue Cross Blue Shield, Met Life, etc?

Response: The federal HIPAA regulations say that insurance companies have access to patient information for purposes of paying for treatment.

Patient information may also be released for your treatment and care coordination; to family, relatives, friends, or others you identify who are involved with your health care or your health care bills, unless you object; to make sure doctors give good care and nursing homes are clean and safe; to protect the public's health, such as by reporting when the flu is in your area; to make required reports to the police, such as reporting gunshot wounds. [from HIPAA’s Web site]

Question: Do you think Google Plus can be an invasion to some one's privacy if she/​he has the account? At least you could help me with your expertise how to find this.

Response: Take the time to go to the privacy policy of Google+ and you will find: "By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any content which you submit, post or display on or through, the services. This license is for the sole purpose of enabling Google to display, distribute, and promote the service."

Do you need to know more? Social-networking sites are not the place to post personal data that you want to keep among yourself and selected others. Listen to the entrepreneurs who have started them: Social-network sites are for disseminating personal information.

Question: What is the protocol in a doctor's office telling a wife of a husband's upcoming doctor's appointment at a geriatric clinic when I went to the doctor with him to have him assessed?

From the HIPAA enforcement office Web site: A health-care provider "may share relevant information with the family and these other persons if it can reasonably infer, based on professional judgment, that the patient does not object." In addition, "when a patient is incapacitated or not present a covered entity may share information with another person when, in exercising professional judgment, it determines that doing so would be in the best interest of the patient."

Question: I have scoured the Internet and read several of your articles and one of your books, but have yet to find an answer to the following question.

Can I legally stop a business that already has my SSN from using, keeping, or otherwise retaining it against my wishes? I am not concerned with the consequences, i.e., they may refuse to do business with me. I am most specifically concerned about credit reporting agencies, credit providers and telecommunications companies.

I have been in the process of trying to secure my privacy for some time, and have been pretty successful, but this one has me stumped. I am hoping there is some law which states something to the effect of "Upon notification in writing, any business entity must cease the use of an individual's SSN."

Response: Alas, there are no federal or state laws like this. One small help is that credit-reporting companies may disclose information about you for only narrowly defined purposes. And you have a right to see your record in all the credit bureaus; you should do so to determine whether they even have an SSN on file for you. An estimated one-third of credit reports have no SSNs in them.

Telephone companies may well agree to remove your SSN, especially after you have established a payment history with them. Try it.

This is the kind of information we provide each month to our readers. You should be subscribing, at our special rate for individuals.

Question: I heard about the national id card act, and how it should be in effect on January 2013. What's the status of this?

Response: You are referring to the 2005 REAL ID Act, which is intended to implement a recommendation of the 911 Commission to make state driver’s licenses uniform and to base them on reliable personal identification. Many persons regard this as a final stepping stone to a required national identification card. Just about every state has resisted the law, on principle or on the basis of cost, and the effective date has been continually postponed. In March the Obama Administration delayed the effective date of regulations to Jan. 15, 2013. Homeland Security Secretary Janet Napolitano opposed REAL ID as governor of Arizona prior to her current job, and she has given it mainly lip service.

In response to Robert Ellis Smith: "The Post 9/​11 Assault on Privacy Rights" (link below): Terrorists 1, Sheeple 0. It's the 8th inning, bases loaded and Mr. Ellis Smith was at bat. He hit a line drive off the top of the wall. Two runs could have scored, but Mr. Apathy was on third and wasn't paying attention because he was on his cell talking to his stock broker and selling everything out, including the rest of us. He got caught in a pickle and was tagged out. Nice hit though.

Query: I am a subscriber to your journal. Very informative. Could you please suggest a couple good references (journal articles, books, etc.) that discuss privacy and information retrieval?

From Privacy Journal's staff: Publisher Robert Ellis Smith makes these recommendations:

From New Orleans: Good comments from your publisher on WWL radio this AM about the "data retention" child porn proposal. HR 1981. Dangerous idea.

From Arizona: Wonderful Web site. Thank you. August 2011

Comment: In survey after survey, including a recent MSNBC survey, more than 90 percent of the American people say that workplace discrimination based upon someone’s personal credit report is wrong and should be illegal. The practice was always wrong and from the start has always been a gross invasion of Americans’ privacy. The information has always been used by employers to low-ball wages and intimidate employees based upon the level of desperation depicted in their credit report – while employers use the smoke screen of saying the information is used to protect them from fraud and theft. It’s “the people” that need protection from corrupt politicians and dirty corporate money . . . not the other way around!

NOT ONE SINGLE study or shred of evidence exists to demonstrate that Americans with damaged credit reports steal or commit fraud at a higher percentage than other Americans.

Response: Rep. Steve Cohen, D-Tenn., and several others are pushing a federal law to prohibit use of credit reports in the employment process, even with consent, except for national-security, government, or financial jobs. HR 321 is similar to, perhaps more stringent than, laws passed now in Washington State, Hawaii, Illinois, Oregon, and, effective in October, Maryland.

You should write to your Members of Congress with your views. This is important.

From Providence RI: Seeking a job, I put my resume online using an online job board services. I set up my resume as private, NOT public. One day I entered my name and corresponding email address into Google search engine, I was shocked that my resume at the company website can be seen publicly without even logging in into the company website. I am so upset and thinking to report the company. I however am not sure if I have a good reason to do that and do not know where to report, department of labor? Does your Compilation of State and Federal Privacy Laws cover this matter?


Response: There are no laws prohibiting the disclosure of employment information, including making resumes available to search engines like Google. You should check the terms of service of the resume Web site and ask that it insulate your data from on-line searches. Are you sure that is what you want?

Request: Have you ever thought about re-posting articles from your old newsletters? I believe new readers would be curious of those as I found your reports very accurate, representative and in balance.

Response: Great idea! To see stories from past newsletters, click

We want to stress that it takes time and talent and travel expenses and resources to publish original materials. If we gave them away, we wouldn't be able to continue. To keep track of the latest news, subscribe to our newsletter, in hard copy by U.S. mail or in a pdf attachment by email.

Question: I'm researching how the proposed changes to FERPA to accommodate the state longitudinal data system tracking of students from preschool through the workforce further disseminates private information. Have you any publications on that subject?

Response: We wrote about this on page one of our May 2011 issue. Public-interest groups and educational institutions will be submitting comments to the U.S. Department of Education by May 23. When they are displayed on the department's Web site, that will be your best source. If you are researching in order to submit comments, contact us by email directly, orders@​privacyjournal.net. (FERPA is the Family Educational Rights and Privacy Act, which requires confidentiality of some student records.)

Our email address: orders@​privacyjournal.net
Telephone: 401/​274-7861

From New Orleans: I heard you on the local radio station this morning WWL. Almost four years after Katrina a local TV station discovered that our personal information was unsecured in a maintenance warehouse. The files were all over the floor. They did not offer to give us any protection from identity theft. Do you know if there is anything we can do now. I would like to know more about what you said about state law.

Response: Laws in Louisiana and 40+ other states require that you be notified of a breach of security like this unless there is no likelihood of harm. So it's important to know whether the data left the building.

From TC, CT: As a consultant, we are often asked to be a signor for banking purposes. Banks always ask our SSN. Knowing the risk, I have been asking the banks to use other means. They keep saying no. Note that this is not our bank accounts and there is no tax consequences for us. Can you advise how we explain this better to the financial institutions?

Response from the editor: Your entity, even if not incorporated, should have a Federal Employer's Identification Number (FEIN). This should be sufficient for a consultant to provide, and it's not nearly as sensitive as a person's SSN. In fact, PRIVACY JOURNAL publishes its FEIN on its Web site. Find it and win a free book from us when you send us the number and the pass code next to it!

Question: Do you have 2010/​2011 War Stories?

Answer: The latest edition was Volume IV in 2004. We began this collection of "horror stories" because journalists, critics, and elected officials kept asking, "Who's hurt by invasions of privacy? Where are the victims?" After we have published collections of more than 1000 case studies and after an epidemic of identity theft, they seem not to ask that question as much now. In fact, many of the doubters have become victims of privacy invasions themselves.

Question: In the March 2011 issue I wasn't even able to finish reading the "Going Dark" piece you had. (Reprint of the FBI testimony to House Subcommittee on Crime and Terrorism.)
How about we talk about the fact that the FBI consistently has broken the law by not getting Judicial approvals of it's actions?
"...the government is unable to obtain communications and related data, even when authorized by a court to do so." That sort of tells the story. Translated "...even in the small number of times in which we follow the law and use the courts."
"Some providers are currently obligated by law to have technical solutions in place ..." That is a great one too.

From Cyberspace: I am registering for a race/​game but wouldn't want my personal information (name, etc) displayed publicly. The organizer cannot do my request, instead suggesting to register under a different name, even not a real one. Do you think that is legal? Do I have to declare this fake name I would use one time only for the race every time I fill out forms asking for my other names? Jessica, Boston MA

Response: We have noticed that marathon and similar results show up all over the Internet and provide a means of tracing a person by locality, gender, and interests and often by age bracket. The sources that create this exposure are usually the sponsors' sites, not news organizations.

The general rule in the U.S. is that "a person may select any name he or she wishes so long as there is an intention to use it consistently and exclusively and without fraudulent or improper purpose." No court permission is necessary; that is simply an available option. (From Privacy:How to Protect What's Left of It by Robert Ellis Smith, a still helpful 1979 book still available from us.)

Here, you plan not to use the separate name exclusively or consistently, and so you should simply state on the form that this is a pseudonym for this one situation. Provide a means for the sponsors of the athletic event to find your true identity. Better still, keep working with the sponsors to get them to use initials or chosen nicknames when they post results publicly, or publicly on the Internet. Point out to them the possible dangers of listing your name and results on the Internet.

From Florida: What are the general rules or laws regarding placement of a tracking device on a private vehicle, such as a GPS tracking device? Do you need a court order, the vehicle owner's consent or neither? I'm a private investigator, and I anxiously await your response.

Response: The U.S. Court of Appeals for D.C. says law enforcement needs a warrant. The U.S. courts of appeals for the Ninth Circuit and the Seventh Circuit say no warrant is required. "State courts, however, have not favored the surreptitious use of tracking devices [without a warrant]," according to an authoritative report in our September 2010 issue by correspondent Chisheng Li, which you may get free by sending an email or calling. In short, there is a disagreement among both federal and state courts. Also, more on this in the January 2011 issue.

This is irrespective of a private party's ability to install such a device; this may expose a private investigator to a lawsuit based on invasion of privacy (a tort), not the Fourth Amendment. A court deciding such a case will probably look to these Fourth Amendment cases for guidance. Is government tracking of the whereabouts of a vehicle an unreasonable search and seizure without a warrant or is it no more than observing what anybody may freely observe?

In any case, using a GPS tracking device with the consent of the vehicle owner would not violate privacy or the Constitution.

Reader Comment: Some cameras recently installed in our place of worship. Most of the church goers are not happy with this and ask the cameras to be removed as it is against their privacy. The board members say NO as they said the purpose is for safety. Can you help us here?

Response: Keeping a permanent video record of who attends religious services and when and what they do while they are there is certainly an invasion of privacy. Hiring live human beings to patrol the place is a more effective use of resources and a more benign way to assure freedom of religion.

Comment: My husband and I are more careful now in regard with adult videos posted on the Internet after [we] learned the tragic death of Tyler Clementi. They said an invasion of privacy involved in his death. Can you briefly explained to us DO and DON'T in regard with this matter? Further, do you have any articles related to this in any of your publications that we could read to educate us?
Thanks, Melissa, NY.

Response: Robert Ellis Smith, our publisher and the best person to do this in the U.S., does so in our October issue. Write us at orders@​privacyjournal.net, for a free copy (electronic pdf or hard copy) of our October issue with his article in it.

Comment Excellent resources on this site for those interested in online privacy. Nice work!

I would be interested in your thoughts on what we're doing at privacychoice.org, and how we can improve it.

http:/​/​www.privacychoice.org Jim Brock

From Andre, Albany, Ga.: I was trying to send money overseas using Moneygram service. It came to my surprise that they asked me for my SSN and they even went beyond that by asking to have my SS card copied for their files. I offered them my driver license but they refused it. They cited the reason was the amount being sent above two thousand dollars.

How do you take at that? Do you think I can fight them?

Response: The USA PATRIOT Act requires financial institutions to "know your customer" and often this means collecting Social Security numbers and asking for ID from new customers. The institution wants to copy the documentation to prove that it complied.

A cash transaction of $10,000 usually triggers a required report to U.S. government authorities, although other aspects of a smaller transaction can trigger a Suspicious Activity Report by the bank.

In general, DON'T provide a Social Security number unless it is for Social Security itself, tax purposes or Medicare. (A transaction involving a significant amount of money usually has tax consequences.)

DON'T provide a Social Security number by telephone or online unless you are positive of the identity of the organization.

Try to persuade the requester of the dangers of identity theft or the indignities of being enumerated. If that doesn't work, shop elsewhere. There are competing money-transfer businesses. (This response was revised June 17.)

Comment: Why don't you have a well publicized Facebook privacy-settings page design competition?


Comment: What can be done about Google, who are now showing search results of old newspaper articles? A search of my name shows articles from a 23-year-old court case for which I was acquitted. This can now be seen by my colleagues, wife, neighbors, acquaintances, etc. It is very embarrassing and could result in my dismissal, ridicule, harassment and even physical harm. My 11-year-old son could be subjected to harassment. It reveals personal medical information and I am outraged over this. Google responded to my complaint suggesting I contact the owner of the Web site. Of course, the newspapers think their poorly written and vindictive articles from the past are above reproach and truthfully represent historical fact. This is hogwash and a present threat to my personal security and privacy. Google claims innocence and in my opinion are culpable for any harm befalling myself or family!
Innocent but still prosecuted.

Response: This is going to be very difficult, because Google does not own the material you are objecting to; it merely points to it, along with billions of other bits of information. The news organization is generally not obligated to remove such information because the First Amendment prevents the government, including a court, from requiring this.

TWO EXCEPTIONS: If elements of the story are untrue and you can prove it, you may sue for libel. If the information is true but puts you in a false light for any reason including the passage of time, you may sue for invasion of privacy. For more on this, see the Supreme Court case of Wolston v. Readers Digest, 443 U.S. 257 (1979). Google it.

If this is your situation, a demand for the news organization to remove the item may be successful. If that doesn't work, (1) ask the news organization to place your short rebuttal with the electronic entry; (2) get your name listed in Google so many times that the damaging entry is reduced in importance and lowered in Google's search results; (3) start a personal Web page or blog that refutes the 23-year-old entry and portrays yourself as you wish to be portrayed now (and this Internet entry will be picked up in a Google search); (4) and certainly anticipate that this old event will continue to come up and so tell family members and employers in advance about it, with documentation on hand to prove the acquittal.

The news organization would seem to have a moral obligation to include reference to the acquittal in any electronic version of the old story and to make sure this shows up in a Google search.

But remember, even if the original entry is removed from the Internet, search engines have previously cached the displayed information. In other words, they have stored it and it will show up in a subsequent search result (labeled "cached.")

From Phoenix: Outlaw the use of our Social Security numbers as identifiers. Thirty years ago it didn't matter if someone had your Social Security number; it was for one purpose only. My Social Security card was shown for only one purpose: employment or collection of benefits.

Ban the sale of personal information for profit; this is your work product, bits of your life, snapshots sold off for profit. Shouldn’t our life’s work information be just like a copyright? Make the credit and information collection companies have to pay a fee to use and sell your information and allow you to opt out completely.

Ban credit and insurance scoring. Credit scores were completely ignored by lenders ready to make a quick buck on what was thought to be a never-ending balloon of home and property values. Insurance scoring penalizes the poor and those who have had financial problems.

From a site visitor: If I feel there are subliminal advertisements in college textbooks as explained in Wilson Brian Keys book "The Age of Manipulation," page 51, where do I get help in rectifying the matter? I wrote to the FTC and the university dean and got nowhere.

Response: The FTC is the proper place to seek an investigation. See the Web address for complaints below.

Inquiry: A few years ago, to protect my privacy, I opted out of ussearch.com. My information has since reappeared and they now demand $10 a year to remove my information. Is there any legal precedence to stop online companies from charging a person to protect their privacy by opting out of their service?

Response: Interesting question. We suggest that you notify the Federal Trade Commission, with as much detail as possible. https:/​/​www.ftccomplaintassistant.gov/​
And notify the World Privacy Forum, which objected to the FTC about this a year ago. www.worldprivacyforum.org/​

Depending on what your agreement was with the company in the beginning, this could be an illegal deceptive practice or a violation of the FTC's opt-out guidelines.

From Florida: Do plaintiffs in a court case owe a duty not to disclose a defendant's Social Security number in a complaint or exhibits filed with the clerk of the court, under either state (Florida) or federal law?

Response: Everyone who has our Compilation of State and Federal Privacy Laws knows where to find the answer:
"Until January 1, 2011, if a social security number or a bank account, debit, charge, or credit card number is included in a court file, such number may be included as part of the court record available for public inspection and copying unless redaction is requested by the holder of such number or by the holder's attorney or legal guardian. On January 1, 2011, and thereafter, the clerk of the court must keep social security numbers confidential and exempt as provided for in s. 119.071(5)(a), and bank account, debit, charge, and credit card numbers exempt as provided for in s. 119.071(5)(b), without any person having to request redaction."
That's the law in Florida. We believe that less specific laws in AZ, CA, CT, HI, IL, KY, MD, MN, MO, NJ, NC, RI, UT, VT, VA, and WA could be interpreted to prohibit this disclosure in court filings, especially if a business is the plaintiff or defendant.

Our email address: orders@​privacyjournal.net
Telephone: 401/​274-7861

Notify us of a typographical or grammatical error on this site and win a free book of your choice.

Comment: We have a highschooler at home and she has started learning about privacy. Can we give her your newsletter? Do you have the electronic edition of the old ones that you could sell us?

Response: We have special discounted rates for students. And our back issues are available. Let us hear from you. 401 274-7861

Privacy for foreigners: I am a foreign student graduated from a state college in NY and received a job offer from a company in RI. My employer told me they have to post my salary on a common area that can be seen by others in the office to follow immigration (USCIS) requirements. I told them that my salary is my privacy. They have no choice if they want to employ me, and I cannot imagine the whole office know how much I would be making. Do you think that immigration rule is against privacy? If yes, can a foreigner write to the immigration about that to get a waiver? Thanks,

Response: Technically, your employer is posting the wages for the position, not for yourself. The H-1B program requires an employer to attempt to recruit U.S. workers for the job before hiring a non-citizen and also requires the posting of the details of the position, including the wage to be paid, as part of that recruitment. An additional rule of the U.S. Department of Labor, not the immigration agency, requires that a non-citizen receive pay comparable to what a citizen would be paid (but this does not necessarily require posting of an individual’s wages).

Anyone legally in the U.S. has the same constitutional rights as citizens, including privacy rights. But complicated rules apply to immigrant employees, as you and everyone else knows. Privacy applies to sensitive personal matters, and so there is a diminished right to privacy in the workplace.

Question: When will the 2011 supplement to the compilation of state laws be published?

Response: It's ready. You may order it now, $25 plus $4 shipping. Specify hard copy or electronic pdf version.

Our email address: orders@​privacyjournal.net
Telephone: 401/​274-7861

From Norwalk CT: Keep up the great work! Continue to keep us informed on our privacy and freedom which seems to be in jeopardy everyday.

From Oak Grove MO: Regarding your converting subscriptions to email, do you realize that not everyone (myself included) has a computer, nor can afford one? If and when you do such, I'll not be able to get your paper, therefore, I'll not renew.

Response: We haven't converted to email delivery yet, but lots of our subscribers have done so, so that they get the newsletter faster and more reliably. They get to store the newsletters in their computers and search them later by keywords at any time. They get live hyperlinks and color graphics too. But we won't abandon our non-computerized friends; we'll try to find a way to fulfill their needs for a hard-copy edition, despite rising printing, paper, and postage rates, which are rapidly and severely cutting into our ability to practice professional journalism.

Of course, if lots of people sign up for our email edition, we'll be able to do this for readers who have not gone high-tech.

From Louisiana: I was very relieved to find your Web site, as I was beginning to believe I am the only person who is uncomfortable with non-stop camera surveillance. On your list of privacy tips you recommend resisting this in our communities, so my question concerns that issue. I live in a very quiet suburb where there has been an explosion of surveillance cameras in every possible location: hospitals just outside patient rooms, restaurant dining rooms, traffic lights. There are no less than five cameras trained on people in line at the post office.

The latest plan is for installation of a widespread camera “security” system throughout all public schools, including elementary schools. As I have a child in this system and thought this was ridiculously over the top and open to potential abuse, I contacted the school board. Their security chief told me that the plan is in response to no specific threat, but to a survey of “concerned” parents and school administrators and the recent news about potential “catastrophic” school events.

I know this is apparently overwhelmingly popular with parents, but since you advise bringing up the cultural impact of constant surveillance on innocent people I would like to at least try to do that and see if it makes a difference. Can you direct me to any studies on this, particularly where schools and such young children are involved? Also, are there any studies on the effectiveness – or lack thereof – of surveillance cameras in schools? I know they did nothing at Columbine.

Response: Send us an email and ask for a copy of our March 2008 issue and October 2008 issue, which documented the studies done.

The consensus was that there is scant evidence of effectiveness. The U.S. Department of Justice said in 2006, “While there is a general perception among system managers and the public that video surveillance cameras are effective in preventing crime, actual evidence is more difficult to find.”

From Zanesville, Ohio: Are there chief privacy officers in the states?

Response: We count five: Joanne McNabb is director of California’s Office of Privacy Protection in the Department of Consumer Affairs. Laurie Beyer-Kropuenske is director of the Information Policy Analysis Division in the Minnesota Department of Administration, which enforces the state’s privacy law affecting all levels of government.

Hawaii has an Office of Information Practices. Sol Berman in the Office of Information Technology is the first chief privacy officer for the State of Ohio. Sallie Hunt, an attorney who is also executive director of the West Virginia Health Information Network, is state privacy officer.

You will find the details you need in our constantly updated DIRECTORY OF PRIVACY PROFESSIONALS.

NOTE: Our publisher, Robert Ellis Smith, serves as an expert witness in lawsuits involving all aspects of privacy. For a list of his engagements, write orders@​privacyjournal.net. PRIVACY JOURNAL is also eligible for "cy pres" awards from class-action settlements so that we can further our advocacy and consumer education.

From Portland, Ore.: Is there any specific law that prohibits companies from asking for a Social Security number? I'm not sure where I saw it, but I remember seeing an article which states that the only agencies that can legally require an SSN are the Social Security Administration, the IRS, and the military.

Response: There are no such laws. You may have read advice from us saying that the only legitimate demands for your SSN are when some tax reporting is involved - like payroll, home purchase or sale, bank accounts. The federal Privacy Act prohibits government agencies but not businesses from demanding SSNs unless certain conditions are met. States hav enacted laws prohibiting certain disclosures of SSNs by state agencies and businesses, but these don't affect whether state agencies may demand the number from you.

Exceptions: RI law says merchants may not demand an SSN when a customer makes a purchase. ME disallows denying goods and services to a person who does not provide an SSN, but many industry categories are exempt. NM has a similar law.

DON'T give up your number unless the transaction involves tax reporting or it's for Medicare. And, unfortunately, it's the military ID number. Unwise decision that we are paying for now.

From Connecticut: Great newsletter. I look forward to it every month. and I learn something every month.

Visitor Comment: I understand your point about needless concern about transmitting a credit card number through unencrypted email. I do agree that the chances are rare, but it's just as easy to publish a PGP key for all emails. This failure to take such a simple step concerns me.

Check out this site that helps protect your privacy and reduce junk mail too: proquo.com. It's actually free...

Inquiry: I'm looking for some research that identifies a person's preference for maintaining their location privacy. For example, is there anything that indicates that people are willing to let strangers know where they are with an accuracy of x meters?

Response: Check our December 2007 issue for some answers.

When the public figure Jackie Kennedy Onassis complained in the 1970s about stalking on the streets of Manhattan by a paparazzi photographer, who claimed protection by his First Amendment right to gather news, a federal court successfully barred him from “approaching within 100 yards of the home of her and her children, 100 yards of the schools attended by the children; and at all other places and times 75 yards from the children and 50 yards from her.”

A state law in Massachusetts prevents anti-abortion protesters from approaching within six feet of a person who is within an 18-foot zone around an abortion clinic. The U.S. Supreme Court has declined to question the constitutionality of this restriction. It has upheld a 36-foot demonstration-free zone in Florida. On Nov. 13, Massachusetts expanded the prohibition to a 35-foot zone.

From Rob Mayer, University of Utah: There are several studies in the U.S. that document the prevalence and consequences of ID theft. Have similar studies been conducted in other countries, or is ID theft not much of a problem outside the U.S.?

Response: You need a copy of our March 2005 issue in which we documented that ID theft is mainly a phenomenon in the U.S., and we explained why. Credit bureaus in other nations don't use a Social Security number or its equivalent to confirm identities in their files. "Identity Theft Happens Mainly in America," PJ Mar 05.

From a Reader: The March 2007 issue of PRIVACY JOURNAL states, at the bottom of page 5, that the PATRIOT Act ". . . merely requires banks to have a credible program for verifying identities of its new customers." Could you provide a reference in the PATRIOT Act that supports your statement? I have been having trouble with Washington Mutual over their statement that the PATRIOT Act requires a copy of my driver's license in order to open an account. -- Dan Durham Lacey, WA

Response: It's Section 326 of the Patriot Act. Go to 31 U.S. Code 5318 in a law library or online and scroll to Section l (as in the letter L). See the regulation under the law at http:/​/​www.ustreas.gov/​press/​releases/​js335.htm. Banks have discretion, but showing a drivers license is only one way to confirm one's identity. A drivers license is not specifically required.

From Florida: Can you cite specific examples of states with laws that address computer repair services disclosing others' personal data? My story is that instead of fixing my computer, Circuit City installed someone else's files on mine and wiped mine out. The person whose files were installed had also had her hard drive (with files intact) sold. Microsoft, banking institutions, and the FL Retail Federation among others is making a huge lobbing effort to impede our progress.

From Ontario: Your Web site is fantastic. I'm taking my 5th (and final) course to obtain an Access and Privacy certificate through the University of * * * Government Studies program. Many of your articles are required reading. I work as a Privacy Officer (x 3 years) at the Workplace Safety and Insurance Board in * * * and your Web site has become an excellent resource for me. Of course, I'm usually so focused when I got into your site, I didn't catch the offer of finding spelling mistakes/​typos.

From La Jolla, Calif.: The junkers have pulled another fast one. The telemarketers are calling for a federal law to set a uniform standard, thus preempting strong state laws.

Comment from Matfield Green, Kans.: After reading your notice about encouraging stores to forego “loyalty cards,” I promptly addressed my appreciation to the management of the card-free grocery store I shop at when visiting Kansas City.

From Annapolis, Md.: I’m incredulous. No one seems to care about the REAL ID Act. It’s an administrative nightmare and the information demands sound like something out of Nazi Germany.

Response: There are now bills in Congress with a chance (Akaka-Sununu in the Senate and Rep. Thomas Allen of Maine in the House) that would repeal some of the more onerous elements of the REAL ID Act. The Maine legislature voted in January 2007 not to participate in the costly uniform state drivers-license scheme, and regulations from the U.S. Department of Homeland Security have been significantly delayed. People do seem to care.

From Austin, Tex.: I appreciate your fine newsletter and the informative insights. You need to have your PR person get you on cable TV in order to enforce the message. Many folks (especially some legislators) just don’t get it. I am sure that Dobbs, O’Reilly or Scarborough would love to have such an interesting guest as yourself.

Ben Franklin's Web Site - I finished reading it, but it's not finished with me. What an eye-opener.
Dave, Oregon

Visitor Comment: Re: Laptop Hall of Shame [on forbes.com]. In regard to the “the next step is how to make personal data self-destruct when the laptop leaves the custody of the owner" - that moment arrived some time ago via CyberStor.net software. CyberStor two years ago identified laptops as the Achilles Heel of the data security and developed a state-of-the-art data security package which does in fact wipe all data from a laptop. However the data is available for the user as prior to erasure on the laptop the data is encrypted and transmitted to a safe-server via a standard wireless network - typically when the user logs off.

Comment: Your 9/​7/​06 commentary on Laptop Hall of Shame points to evidences of a problem, but doesn't accurately identify the problem. Your conclusion that more legislative controls are needed misses the bigger point. The real problem is that we've created a technological mental model that says it is OK to keep private data and store it. Most of the time this isn't truly necessary. With ever more ways to easily copy and move information that should never ever be moved, the problem is only going to get worse. The bottom line is that we've created a culture where personal information is effectively and sometimes literally being parked curbside for every Tom Dick and Harry to grab. Privacy should not be about 'keeping secrets', but we've modeled it that way architecturally and culturally.

From a Reader: What are the thoughts about the MyLaptopGPS system that can retrieve and even erase files from a stolen laptop? I found the information at MyLaptopGPS.com to be interesting. Is anyone using it?

Response: Our September 2006 issue lists three or four software offerings like this, in response to our column on forbes.com about the shocking number of lost or stolen laptops with sensitive personal data on them. Email us for a sample copy of the September issue.

Question: Are there any essential books regardless of author or publisher (like the top 3 books) that you feel do the best about educating the public on specific actions and steps they can personally take to establish more privacy?

Response: The final chapter of "Ben Franklin's Web Site" (offered for sale on this site, at "Books" or at amazon.com) includes specific tips for protecting your privacy. We offer TIPS for protecting your own privacy on this Web site, too. Go to "Privacy Tips."

Question: I wanted to sign up for your newsletter but I am concerned about credit card information sent in an email. Do you have a secured transaction site for subscriptions? Thanks and Take Care. j

Response: You will notice that we offer five alternatives for persons to order products. Some choose to use credit cards. Sending a credit-card number by email is no more risky than providing a credit card to a waitress or waiter or using the number to order a product by telephone. Interception of credit-card numbers transmitted by email is rare indeed; we cannot recall a single case, and we report on these matters all the time. Hackers are more interested in getting long lists of credit-card numbers and names, not spending lots of effort to get one in a transmitted email.

As experienced analysts in this field, we think that people fret needlessly about sending credit card numbers by email. Nevertheless we urge our customers to send the expiration date by a separate email later in the day and we urge them to delete their numbers when they write to us a second time.

Comment: I appreciate your excellent Web site. However, although it is nice to know what is happening with our privacy rights, it could be improved by giving us a way to take action (i.e. an Action Center) as Amnesty International USA’s site and many other sites do. They give you a sample letter, which you can modify, to send to government officials. Based on your Zip code, they provide addresses to write. They also give you the option of receiving periodic action alerts by e-mail.

From Lexington, Ky.: I am a new student at the University of Kentucky. I was surprised to find when I enrolled that my student ID # is my Soc. #. I'm not too happy about that. Now, everywhere i go i have to give out my soc. #. what can be done?

To the University of Kentucky student: At registration, the university should have given you a statement saying that you may select another number. This is required, sort of, by the Privacy Act of 1974 of all governmental bodies, including public universities. It was probably in the small type. Go to the registrar and ask for an alternative number. Point out the dangers of identity theft; a lot of it originates from wrongful access to university students' SSNs. Because of this, NY, WI, CA, and AZ have laws disallowing universities to use the SSN as a student number. Get your state legislature to consider similar legislation.

Question: Are there any meeting groups in the Akron area that get together to discuss privacy issues?

Response: Try the American Civil Liberties Union in your community.

Start your own monthly meeting, by visiting meetup.org.

Visitor Comment: Surfing the Internet should be a matter of anonymity. We don't need Big Brother's hawks' eyes paranoidly scrutinizing innocent behavior as though every move is criminally suspect. The Internet cannot be used freely at many libraries due to the required use of a library card which has a record of our address and phone number and requires ID to verify our identity so that should the government at its whimsy, not approve of certain website visits they can come knock down our door and arrest us without question to be vilified like poor Richard Jewell for innocent actions. The purpose in name and address on a library card is obvious as related to stolen property, but to require the use of the card to surf the web is a patent violation of our right to privacy. Merely reading about something that's available out there is not a crime. Shall we have thought police next? Personal rights and privacy are rapidly and insidiously being eroded under the euphemistic guise of protection; a misrepresentation of the truth. Such a practice is synonymous with propaganda and is a covert misappropriation of power. In the future, as well, we will be a "paperless" society which means we won't even have the right to make an anonymous purchase! Thus begins the rapid advancement of a police state.

Response: You should delete all history and Web sites visited when you finish your session at the library. Most libraries erase all of this information at the end of the day anyway (but they don't always succeed!). And many libraries will issue user cards if you provide a nickname or a pseudonym or a post office box or the address of a local contact, not your own. ASK. There is rarely linkage between a person's library card and Web sites visited from a library computer.

When you're asked for ID, use a passport, if you have one. It doesn't include your address or Social Security number.

Comment: ChoicePoint is outrageous. Now the state of California wants to give them another contract? Don't they know this company can't keep information accurate or safe?????

Question: My local bank had given out information on my account to a third party on three different occasions. The first time I did not say anything because I was not sure exactly what my rights were. The second time I went to the bank manager in which he assured me this would never happen again. The third time at a different branch the same thing had happened. I am very disgusted! I have gone through a lot because of this. Do I have a case against this branch of banks?

Response: Generally under the "Gramm-Leach-Bliley" law, banks may not release account information about you, except to certain affiliated companies. Further, your state may have prohibitions against release of personal information by banks. To answer your question further, we would need to know your city and state, the type of information that was disclosed, and the kind of institution that received the information and for what purpose. In the meantime, send a letter to your bank asking that no personal information be released without your consent.

From Cameron WI: The war in Iraq does not help gasoline prices at home, while the terrorist conspiracy does nothing for civil liberties, and lost constitutional rights, by the so-called Patriot Act.

Question: My bank has all privacy settings for me as "do not share any info" and "do not send any mail." They just sent me a piece of advertising with 18% APR loan (what a deal!) with their branch manager's name on it. DO I have a legal case to go to court? If so, where do I pick an attorney? Thank you.

Response: Federal and state laws on this subject do not prohibit financial institutions from sending advertising mail to their own customers. However, if the bank accepted your letter and continued to do business with you, it may have breached its contract with you. If you sue and win, you probably will not be entitled to any damages beyond the cost to you of restoring you to the "do-not-mail" position.

* * *
Question: What are the 10 worst states for privacy?

Response: YOU decide. See our ranking of the states in privacy protection by clicking at the top of this page on "Advocacy."

* * *
Get a trial subscription to Privacy Journal for $19.84. Send us an e-mail and mention "1984 Web offer."

Our email address: orders@​privacyjournal.net
Telephone: 401/​274-7861

Comment: Congratulations to Patrick Kenny of the City of Toronto for setting the new Privacy Journal record for finding typos in this Web site and winning free books!

Question: Does the driver license number and date of birth that banks and most businesses in Texas require and write on the check come under the Privacy Act? That information can be used to steal someone identity as all the information about the person and their banking is right there.

REPLY: No state or federal laws limit what merchants may copy on a check that is presented for payment or cashing. A dozen or so states prohibit copying credit-card data on a check OR prohibit copying personal information on credit-card slips. Sorry, no recourse for you here.

The information you refer to is usually used if a check bounces, and then you can be sure that the data finds its way into a database.

The Privacy Act limits collection and disclosure of personal information BY FEDERAL GOVERNMENT AGENCIES only, not businesses.

Question: How can you find out what information exists about you on the Web? Bill M., Trenton N.J.

Response: Bill, you should have our March 2011 issue, with a front-page story on "scrubbing the net" to eliminate negative information about yourself. Our December 2003 issue provided this tip: Google yourself. Go to www.google.com and search for your name, in all possible variations, then your address, your phone number, your Social Security number, and the last four digits of your Social Security number. Do this for all members of your family. See what comes up.

How can you delete this information about you on the Web? You can't. But, you can ask the Web site to delete it and you should make the attempt.

But next time you fill in a form do not include information that you do not want shared on the World Wide Web. You may get resistance to this at first, but after a few tries, you'll find that businesses back off and accept your application anyway.

* * *
Comment:"Ben Franklin's Web Site" was the best publication that I have ever read on privacy. It was extremely comprehensive and enlightening. However, at the top of Page 155, J.E.B. Stuart is not a Union General. He was a Confederate General. This error needs to be fixed (especially in light of the South's feelings on the Civil War). Keep the enlightening work coming.

From a researcher’s point of view, [these are] great books that need to be converted to CD preferably PDF format 6.0 to take advantage of Adobe's new search engine. As a professional researcher, information must be at hand and you have plenty of it, just unable to get to it, by book format.

Response: We made JEB a Confederate and made many other updates and changes, in the second printing of this popular book, now available. You are able to download the text of Ben Franklin's Web Site and store it in your computer. Our other titles are also available for direct download. With a credit card, send us an email order.

Does the new federal do-not-call system work?
- Des Moines

Response: It is worth registering, because it DOES work. Be sure to check whether your state has a do-not-call list. Register there too. You can find out in our Compilation of State and Federal Privacy Laws. Mention "Feedback," and you get it for half price, $15.50!