Friday, March 17, 2017

YOUNG DRIVERS PERSONAL DATA & THE NORTH CAROLINA DEPARTMENT OF MOTOR VEHICLES

YOUNG DRIVERS WHO RECEIVE THEIR FIRST LICENCE FROM THE NORTH CAROLINA DEPARTMENT OF MOTOR VEHICLES FACE A FUTURE OF POTENTIAL ABUSE RELATING TO THEIR PERSONALLY IDENTIFIABLE INFORMATION.

Both Governor Roy Cooper and North Carolina Department of Transport Secretary,  James H. Trogdon III have to explain to young drivers and their parents why the safety and integrity of their personally identifiable information (which includes name, address, date-of-birth, drivers license particulars and Social Security number) are being placed at risk on a daily basis by consumer reporting agencies, data brokers, and so-called insurance industry support organizations.

Day in and day out, our children's driver license and vehicle records held on NC-DMV databases are downloaded and sold as a commodity to practically anyone with a ‘perceived’ legitimate purpose for acquiring it.  Which unfortunately all too often includes those individuals who do not have our youngsters best interests at heart.

The fact is, law enforcement officials, private investigators, debt collectors, sales and marketing professionals and even convicted identity thieves will all tell you that a person’s current driver’s license and vehicle ownership particulars are the most valuable data asset in today’s digital universe for finding someone and monitoring them on a continuous  basis.  How creepy is that?

 Explaining to parents that a loophole in the  Driver's Privacy Protection Act of 1994 permits consumer data traffickers to gather DMV records on our kids (and adults) and sell it on to practically anyone is most definitely not an acceptable explanation in 2017.

Monday, February 20, 2017

For Ever Positive, There's A Negative

A research project funded by Blue Cross Blue Shield of Tennesee (BCBST) which uses data from pharmacies, insurance claims and other sources to identify and combat opioid abuse appears to be a success.

In collaboration with Big Data analytics company Fuzzy Logix, BCBST analysts have been able to identify Tennesseans at risk through the use of sophisticated computer algorithms.

Combing through vast amounts of data to identify problematic or unlawful behavior with the sole mission of saving lives is to be commended.

However, for every positive, there is a negative, and once again we see a modern day example of how easy it is for our private lives to be scrutinized and evaluated based on data acquired from multiple different sources.

While it has to be accepted that our medical records, along with our prescription records held at pharmacies are no longer private and confidential. Perhaps the bigger issue to keep in mind is that doing something as simple as paying cash for a  prescription instead of using one's health insurance plan can place us at risk of potential scrutiny by insurers and even law enforcement authorities.

The nothing to hide, nothing to fear mantra is fine until seemingly harmless behavior gets us on a suspicious activity watch list.

So gentlemen, for privacy reasons, it's probably best for the time being if you pay for your ED medication using your health insurance plan.

For more information on this post, please feel free to contact us.

Wednesday, January 11, 2017

Get Smart in 2017

Some people resent being told that they should change their usernames and passwords on a regular basis.

Yes, it can be inconvenient, and a mind-numbing experience trying to come up with a new username and password (which includes numbers, and character symbols, that one can actually remember) but ignoring the inevitable is not only foolish it's downright reckless.

In fact, changing usernames and passwords for all personal and business accounts every few months is essential in today's world.


If you still have any doubts, ask someone who has had a bank account cleaned out by fraudsters. They'll be happy to tell you how long it took for them to get their money back.

Worse, for those small business owners who have had funds stolen from their checking accounts, in many cases, they will never see their money again due to loopholes in some states banking laws.

Get smart in 2017, and change your usernames and passwords on a regular basis.    

Monday, January 2, 2017

The Misguided Use of the 'P' Word

If there is one word used by business entities and organizations today which typifies's their commitment to deflecting questions from consumers relating to privacy and data security, it's the use of the word 'proprietary.'

It has to be said that it's an artful word used for getting rid of annoying consumers, journalists, and privacy advocates in emails, and other written communications because it sounds formal, and suggests to the recipient that potential legal consequences exist for those who continue to be inquisitive and seek answers to their questions.

But in reality, it is just an overused word, commonly deployed as a deflector by officials who don't care, don't understand or worse know that their employer has something to hide from the public!

When it comes to consumer privacy and data security, there are no legitimate 'proprietary' techniques for collecting, collating and disseminating consumer's personally identifiable information without their knowledge and consent.  And this includes sharing their name, address and phone number with third parties.  

Below are two definitions of the word 'proprietary' shown on the  Merriam-Webster Dictionary website:

1:  One that possesses, owns or holds an exclusive right to something;  specifically.  

2:  Something that is used produced, or marketed under exclusive legal right of the inventor or maker; specifically:  a drug (as a patent medicine) that is protected by secrecy, patent, or copyright against free competition as to name, product, composition, or process of manufacture.

The fact is when you provide a bank, supermarket or hospital with your personally identifiable information; you are not giving them the right to own and use your personal data as they see fit forever. You are merely entrusting them with your information in order for them to identify you and better serve you as a customer or patient in the future.

It's that simple.  

Wednesday, December 21, 2016

If I have learned anything in 2016...

If I have learned anything in 2016, it's that many businesses, healthcare providers, and even government agencies remain reticent when it comes to discussing what steps they take to protect our privacy and personal data.

That's unfortunate in so many different ways.

Here are three examples why.  



First, it tells us that (customer, patient or taxpayer) privacy and personal data safety is not a priority with their executive management team.

Second, the cost and inconvenience of putting in place practices and procedures for allowing transparency and openness relating to consumer privacy and data protection most likely cost's too much.

Third, they probably have something to hide. Could be they are sharing (selling) consumer data with third parties!

Whatever the reason, there is also a good chance that those in charge falsely believe that consumer data protection along with identity fraud prevention is an irritating fad promoted by law enforcement officials, security consultants and bloggers who have too much spare time on their hands.

Further, that internal measures for protecting consumer data are adequate and that anyone asking about how their personal data is used and above all protected should be treated with suspicion.

After all, data breaches and hacker attacks only happen to ADP, Adobe, Blue Cross BlueShield, Facebook, Hilton Hotels, Home Depot, JP Morgan Chase, Target, the State of South Carolina  and Yahoo!  No one else!

Happy Holidays.

Paul

Sunday, December 11, 2016

Happy Holidays From All The Businesses Watching You!

Nothing reveals more about you than your personal shopping habits and traits.

When and where you shop, what you shop for and how you pay for your purchases, is all "data treasure" to organizations which make it their business to collect and sell information on us all.

Collecting and selling data on American consumers is nothing new. But advances in technology have made it possible to gather vast amounts of personal information on every man, woman, and child living in America today from multiple sources and hold that information in perpetuity.

No matter your socio-economic status or background, there are hundreds, possibly thousands of databases out there actively seeking to collect and analyze information on you every day.

Most likely you have never heard of these organizations, let alone come into contact with them.  But they most definitely know who you are!

Who uses your collected data?

Primarily, collected data is still used for direct marketing and promotional purposes.  In other words, to sell you something.

Data Brokers: Know All About You!
But banks, government agencies (including law enforcement authorities) insurance companies, health care providers and law offices also now use this aggregated data for a variety of different purposes.

This includes identity and residence verification checks along with mode of living and lifestyle analysis.

How do they obtain your data?

For many years public record information along with completed product warranty cards, magazine subscriptions, and mail order purchases were the predominant source of information used to develop databases on us all.

Today, data from so-called 'contributors' which includes businesses prepared to betray the trust of their customers by sharing their personally identifiable information (name, address, telephone, etc.) with third party organizations known as data brokers or information brokers is common practice.

Interestingly, data brokers are described in privacy notices as business partners or affiliates.

Both privacy advocates and consultants who work in the consumer data field agree that privacy notices are open to interpretation and prone to ambiguous or worse intentionally misleading statements.

So consider this when you are shopping for gifts and goodies this holiday season, whether you're using a credit card or store loyalty card or both at the pharmacy,  supermarket or any other location which has the ability to identify you and most definitely online.

What you buy, where you purchase it from and how you pay for it will all be collected and stored for future analysis and most likely contribute to your "bucket profile."

Happy holidays from all the businesses and data brokers watching you this festive season!



Sunday, November 27, 2016

The President Elect is a Victim Too!

Bank of America N.A.
The scourge of the banking and financial services industry is employees who share customer information with unauthorized third parties or worse, who operate illegal sideline businesses selling private and confidential customer data.

Recipients of this stolen data include disreputable attorneys, journalists, private investigators and of course scam artists, including identity thieves.

This is not a new problem.  In fact, over the decades, employees at some of America's biggest banks have been identified selling confidential customer information to persons who have absolutely no lawful purpose in acquiring it.

Data Breach Victim
A bank with a long history of employees abusing the privacy and personal data safety of customers is Bank of America.  Even the president-elect of the United States, Donald Trump, allegedly fell victim in the early 90's to executives at Bank of America (formerly National Westminister Bank USA) sharing specific details relating to his then troubled loan accounts with unauthorized third parties.

National Westminster Bank USA
National Westminster Bank USA was acquired by Fleet Financial in 1996 and in 2004, became part of what is today Bank of America.


Fleet Branch 
Some of the most egregious examples of bad behavior by employees at Bank of America over the past two decades included senior executives supporting (or at the very least turning a blind eye to) the use of identity fraud as a business tool to expedite debt collection operations.

In fact, loan officers and attorneys employed at the banks Managed Asset Divisions (also known as Corporate Services) located in Hartford, Connecticut, and Providence, Rhode Island, were allegedly  observed using the services of identity fraudsters to speed-up debt collection operations using a social engineering technique known as "pretexting."

Specific information sought often included customer data from competitor banks,  payroll records from employers and even on occasion taxpayer data from government agencies.

To be fair, the identity fraudsters did purport to be licensed investigators and debt collectors.  But surprisingly, no one at Bank of America ever bothered to check the validity of their credentials.

Meanwhile,  the same fraudsters were also stealing Bank of America customer data and selling it on to practically anyone willing to pay for it.

Norwalk Savings Society
They even managed to infiltrate a branch of the Norwalk Savings Society (acquired by Summit Bancorp in 1999 and later incorporated into Bank of America in 2004) located in Norwalk, Connecticut to facilitate a sophisticated checking account scam targeting both consumers and small businesses located in the Northeast.

This necessitated bank employees retrieving and covertly forwarding on to the identity fraudsters sensitive overnight data received from the Federal Reserve every morning.

In return, the bank's employees allegedly received various forms of compensation which included candy and flowers when a 'scammed victim' showed up at the branch asking some awkward questions or worse causing a scene.

For those victims (which included Bank of America customers)  who did manage to identify and report this widespread unlawful conduct to the authorities, the retribution was often swift at the hands of both the corrupt bank employees and contractors.

The punishment meted out often included harassing phone calls day and night, repeated threats of physical violence, blackmail and intimidation along with the victim's personal credit being hijacked and systematically trashed over an extended period.

Bank of America Regulator
But perhaps most surprising of all, was the fact that local and state law enforcement authorities were allegedly kept off the case by highly protective bank regulators.

Allegedly this included the Office of the Comptroller of the Currency (OCC) who reportedly cited 'federal preemption' laws when intentionally shielding corrupt Bank of America's employees and contractors from possible prosecution by local jurisdictions.

To paraphrase two OCC officials who spoke 'on the record' in 1998 and 2010, "the function of the Comptroller's Office is to ensure the safety and security of the banks it supervises and not necessarily the interests of the American public."

How deeply troubling is that?