Hot News

. . . continued from Hot News

There have been similar reports about TransUnion and Experian. Delightfully for prospective thieves (and rumor mongers?), all three companies appear to be outsourcing data management to various off-shore companies from Jamaica to India. All three companies essentially sing the same tune when questioned about data security: ". . . there have been no known security breaches at outsourcing companies." The key words are ". . . no known" implying that if the overlords at each company don't know about a security breach then nothing could have happened. The situation begs investigation if only because of the terribly closed-mouth attitude of the people who are operating Equifax, TransUnion and Experian. They don't want to discuss anything, in any way, at any level, for any reason. Period. They just want us to shut up and trust them. This attitude does not inspire confidence.

The issue I have is less with security breaches than it is with the aftermath of any of that sort of problem. A quick check into privacy laws in Jamaica, India, Indonesia, the Philippines and a variety of other countries, shows that the stronger information privacy and security laws in Canada, the U.S., the UK and France really can't be enforced in outsourcing nations. For that matter, U.S. and Canadian privacy and digital security laws pale in comparison to laws enacted by the European Union over the past few years. At this time in the U.S. and Canada, a catastrophic personal data theft will not automatically result in immediate cooperation by all parties—municipal, regional, county, state, provincial and federal authorities do not cooperate via central information databases, and the mechanisms and laws in place to deal with digital data theft are rudimentary at best. Topping that, as concerns about actual and potential personal data theft grow, Equifax, TransUnion and Experian seem to be less communicative than ever.

The laissez-faire attitude about personal information in many outsourcing nations is not without parallel in North America. Hard lobbying by privacy and security advocates has not elicited much success recently in North America. In contrast, consumer and privacy advocates have lobbied hard and successfully in the European Union to press governments into creating and enacting legislation that protects us against the scourge of thieves just waiting out there for opportunities to steal identities, steal credit cards, and concoct the worst sorts of cons, scams and outright thefts. People are deeply hurt by this kind of theft, often financially. Most certainly as well, as evidenced by innumerable examples of common citizens whose identities have been compromised, the horrible problems with credit, business management and often threats of bankruptcy along with all the concomitant stresses that go hand-in-hand with these disasters, has taken a huge health toll from millions of people around the world. The European Union has taken huge steps toward securing the personal data of citizens in all of its member nations, with laws requiring up-front secure storage and auditing practices coupled with time limits on data storage, limitations on what kind of data can be stored, and severe penalties for data theft of any kind. Japan is following suit. India, that hotbed of outsourcing for all things digital, is struggling to come up with legislation which emulates the European Union's approach but which also does not drive up infrastructure costs. Good luck with that.

The European Union has taken huge steps toward securing the personal data of citizens in all of its member nations, with laws requiring up-front secure storage and auditing practices coupled with time limits on data storage, limitations on what kind of data can be stored, and severe penalties for data theft of any kind.

In the U.S., senator Arlen Spector has introduced a data security bill that will likely be gutted in some typical Congressional backroom deal designed to appease all parties and solve no problems. We wouldn't want to upset the influential lobbyists. Keep a good thought in any event—the House and the Senate might surprise us.

I started off with the statement that I hate lordliness. Here's what I mean. I can recall going hat in hand in 2004 to Equifax, asking that an error on my credit report be corrected. I found out about the error during a business transaction, which thankfully was not compromised by the error. When I went to the local credit reporting agency to correct the problem, the issue was dealt with quickly and to my satisfaction. Six months later, I ran my own credit check online and lo and behold, the same damn error was still sitting in my credit report. To say that Equifax was less than cooperative when I called the company is an extreme understatement. Despite the credentials I presented, despite the corrected report from the local credit bureau, despite the passage of six full months, Equifax's records had not been updated. The company representative responded to my questions by saying simply, "Do you have any idea how many records we handle sir? Surely you don't expect us to update everything every day?!"

Well, Your Majesty . . . yes I do! If you're going to set yourself up as the arbiter of who's good and who's bad, you better be using accurate information. You had also better keep in mind and in policy at all times the idea that your power over the common citizen derives from general acceptance of your practices. You cannot claim accuracy by boasting that, in the United States, your reports are fully accurate for 95% of your database. What that boils down to is that you're admitting to 15 million completely inaccurate records! The comparatively low percentage number is irrelevant because the actual count is a huge number. And if a certain error factor is included in the count of all records which are claimed to be "accurate" (which likely includes my file), then the rest of the records are also suspect. Function and accuracy are two different things. In Equifax's drive for a greater share of the credit reporting and data collection money pie (and you can substitute TransUnion and Experian here and in all cases), a few million inaccurate records doesn't seem to bother anybody? Data and records updates that take six months or more to percolate through the system, to my mind clearly indicate a broken system.

Combine the data update delays with data theft (possibile miscreants include employees, hackers and outsourcers) and you've got a problem of potentially monumental proportions. Stir in the literally thousands of data brokers who are feeding on registration cards, online applications, warranty cards, online registrations, sales forms, credit applications, and even state, provincial and municipal records, all of which are eventually transferred or sold to the big three, and the opportunities for your personal information to find its way into the wrong hands sit in plain view. If the problems and losses take place in Jamaica or India or Bulgaria or wherever, you have little or no legal recourse. Not only can your data be stolen and your credit poorly reported or ruined, but because of lax or nonexistent security laws in other countries, there's nothing you can do about it!

Welcome to life in the digital age. The lords and masters of our data look down upon us peons with all the sympathy of a mantis stalking its prey. The more of us they have in their databases, the more money they can make. That some of the data they store about us is stale, inaccurate or just plain wrong is unimportant. These companies collect data and collate it. But these companies don't verify anything. When a Visa affiliate reports your late payment that was listed that way because Visa experienced processing delays, you're screwed—your credit rating goes down. When the post office takes 10 days to deliver an envelope that normally arrives in two days, you're screwed. When you check your own credit too often, your rating creeps downward of its own accord. Poof—just like that. Everything you do financially throughout your life is scrutinized and reported. It all comes together in these monstrously large databases.

Now . . . time heals all wounds. In fact, if you wait long enough and do nothing financially unusual, eventually (it takes years) your credit rating and almost everything bad in your credit report will become pristine all on their own. It's like magic. The problem is, in these situations, some people are more equal than others. The lords are quick to take away, but slow to give back—always remember that. I know of one person who found a 15 year old, long paid-back debt, still listed on his credit report with a relatively current date. He went back to the original credit issuer, a well known purveyor of hardware and home maintenance supplies, and demanded to see his credit account records. Sure enough, the hardware company's monthly credit report had never been updated and it continued to faithfully report the person's old debt. So he sued the hardware company and won a quick settlement. Good for him. His action was just as vindictive as the hardware company's actions were thoughtless and careless. Serves them right.

That incident is reflective of the kind of retaliation waiting in the wings for Equifax, TransUnion, Experian and all the thousands of smaller data brokers. Stories of other incidents abound for sure. Discount about 25% of the stories as sour grapes—credit complaints from people who got themselves into real financial trouble because of greed, lack of self-control and what have you. Those kinds will always hide their true nature behind people with legitimate complaints. But the other 75% of the complaints are painfully real. Your personal data is exposed, often misfiled, contains inaccuracies and is available to all sorts of people you don't know (and in most cases don't want to know).

Statistics are few and far between, but a straw poll taken of friends and business associates revealed that at least 30% of those who admitted to having dealt with credit problems over the years, never took the time to ensure that their credit reports were accurate after correcting the financial problems. That's an astounding number from an admittedly non-scientific poll. But even if you weight the percentage heavily downwards, you still end up with a very large number of people who feel guilty about their past financial transgressions and are willing to wait until time expunges their credit records. Some of these people even expressed the idea that the failure of credit reporting agencies to correct records was little more than a punishment for the real financial woes that these people had caused for themselves. That astounding attitude is borne, I think, out of a monumental fear of powerful organizations such as Equifax, TransUnion and Experian. There's no doubt that few people indeed are willing to step into any sort of confrontational breach.

But there's no way around it. The more we step up, the more we take down the arrogant nature of the corporate infrastructures and government cosseting enjoyed by Equifax, TransUnion and Experian. The more we challenge inaccuracy, the bolder our legislators will become. The more we demand accurate credit reporting, the more we will isolate those among us who continue to abuse their finances and the opportunities around them. And the more we look after our own money and our financial reputations, the more opportunities we'll have as life goes on to better manage our lives and businesses. And all those data brokers that feed the big sharks? A pox on them!

The Security Mantra (chant to yourself every day for three weeks):

I will not allow anyone else to use my credit cards
I will guard my PINs at all costs
I will never reveal my SSN or SIN to anyone other than the government and my employer
I will never supply my birth date to anyone for any reason
I will only use irritatingly complex passwords that are ridiculously hard to guess and I will store them securely in an encrypted database rather than on scraps of paper or in notebooks or my wallet or my purse
I will never respond to e-mails claiming to be from my bank or from PayPal
I will never respond to e-mails claiming to be from eBay
I will never allow web sites to install anything automatically on my computer
I will maintain a firewall, antivirus, antispam and antispyware software diligently on my computers at home and work
I will never loan my drivers license to anyone and I will never let it out of my sight
I will never let my debit and credit cards out of my sight at stores
I will always use only one, low limit credit card when shopping online
I will check each and every credit card statement, line by line, comparing charges against receipts and reporting errors immediately
I will never operate my business on personal credit
I will demand at every opportunity that individuals and companies having the privilege of collecting and storing my personal data will ensure that the data is fully secure

Life is good, as long as you stay tough and guard what's yours. Don't think for one split nanosecond that anyone else will protect you. Your life and everything about it is sitting in records on servers located in who knows how many places on Earth. The companies that own those servers don't know you and don't care about you and consider your personal data to be merely one component of a vast and salable commodity. These companies yearn to operate secretly and without any scrutiny, circumstances which throughout history have too often been shown to cover a multitude of sins. Govern yourself accordingly!

Back to Hot News!