YOUNG DRIVERS PERSONAL INFORMATION AND THE NORTH CAROLINA DEPARTMENT OF MOTOR VEHICLES

YOUNG DRIVERS WHO RECEIVE THEIR FIRST LICENCE FROM THE NORTH CAROLINA DEPARTMENT OF MOTOR VEHICLES FACE A FUTURE OF POTENTIAL ABUSE RELATING TO THEIR PERSONALLY IDENTIFIABLE INFORMATION.

Both Governor Roy Cooper and North Carolina Department of Transport Secretary,  James H. Trogdon III have to explain to young drivers and their parents why the safety and integrity of their personally identifiable information (which includes name, address, date-of-birth, drivers license particulars and Social Security number) are being placed at risk on a daily basis by consumer reporting agencies, data brokers, and so-called insurance industry support organizations.

Day in and day out, our children's driver license and vehicle records held on NC-DMV databases are downloaded and sold as a commodity to practically anyone with a ‘perceived’ legitimate purpose for acquiring it.  Which unfortunately all too often includes those individuals who do not have our youngsters best interests at heart.

The fact is, law enforcement officials, private investigators, debt collectors, sales and marketing professionals and even convicted identity thieves will all tell you that a person’s current driver’s license and vehicle ownership particulars are the most valuable data asset in today’s digital universe for finding someone and monitoring them on a continuous  basis.  How creepy is that?

 Explaining to parents that a loophole in the  Driver's Privacy Protection Act of 1994 permits consumer data traffickers to gather DMV records on our kids (and adults) and sell it on to practically anyone is most definitely not an acceptable explanation in 2017.

WFAE's "BANKTOWN" SHOW

WFAE's February 7 edition of Charlotte Talks focused on President Trump's proclamation that he is going to  "do a job" on the Dodd–Frank Wall Street Reform and Consumer Protection Act of 2010.

The 50 minute show didn't reveal any new insights into the future of the consumer-friendly Obama-era legislation other than to highlight the possibility that the Dodd-Frank created Consumer Financial Protection Bureau (CFPB) is most likely going to be subjected to some changes relating to the enforcement authority of its director and how the agency receives its funding.

Congressman  Robert Pittenger 

But, the morning radio show was not without a little suspense and controversy.  First, the principal guest, Congressman  Robert Pittenger was a no-show, and second,  local banking giant Bank of America (or to be precise CEO Brian Moynihan) was mentioned in a positive light by panel guest Rick Rothacker.

Charlotte Talks is a well produced and informative weekday program, but, when it comes to the topic of  "Banktown" (as the show's producers like to refer to the city's banking industry), things invariably go awry.
This show was no exception.

To be honest, it was hard to imagine that Congressman Robert Pittenger would agree to be on a show with Charlotte Observer reporter  Rick Rothacker who has reported extensively about the congressman's legal problems with the federal government over the years.

Rick Rothacker

Being called away to a  "security briefing" just before going on air was therefore not a surprise to me. Although as a listener, one wasn't sure during the broadcast if he might just make an appearance towards the end of the show.

During the broadcast, Mr. Rothacker mentioned that Bank of America CEO Brian Moynihan was "an early supporter" of Dodd-Frank.

But if he understood the mindset of US banking industry executives, he would know that Mr. Moynihan or JP Morgan Chase CEO, Jamie Dimon for that matter, are about as much in favor of Dodd-Frank as having a hole in their respective heads.

Claims by Mr. Moynihan that the big banks would like to see a level playing field is pure public relations spin.

If Dodd-Frank and possibly the CFPB do go away, it will be a very black day for the American consumer.

SEN. BLUMENTHAL ALLEGEDLY TURNED A BLIND EYE TO WRONGDOING BY EQUIFAX AND TWO BANKS IN HIS STATE

Blumenthal and Gorsuch

One thing President Trump said which is 100% accurate this past week, is that US Senator Richard Blumenthal of Connecticut is sometimes economical with the truth.

In fact,  I can personally attest to the fact that Mr. Blumenthal has a track record of not only being light on the facts when it apparently suits him but also has a history of allegedly acting against the interests of the public (which includes his constituents) from time to time.

This is borne out by his actions (or lack of) as the Connecticut Attorney General back in the 1990's when he had the temerity to take absolutely no meaningful action against two banks in his state accused of using identity fraud as a business tool in order to expedite debt collection operations. Or, consumer reporting giant Equifax which allegedly sold thousands (possibly tens of thousands) of consumer credit reports to identity thieves between 1991 and 1998.  

All this, despite his constant efforts to portray himself as a consumer advocate representing the interests of all American consumers.

To the best of my knowledge, neither Mr. Blumenthal or his successor at the CT AG's office have ever notified the thousands of victims both in his state or the rest of the country affected by both the bank's actions or the Equifax data breach. This begs the question why?

After his recent private meeting with Supreme Court nominee Neil Gorsuch,  who reportedly criticized President Donald Trump's comments on the judiciary as being "demoralizing" and "disheartening," Senator Blumenthal managed to turn Judge Gorsuch's openness and candor with him into a major news story.  Alas, demonstrating once again, that Senator Blumenthal appears to care little for other people's privacy no matter who they are.

Now in his 70's,  perhaps it is time for Senator Blumenthal to rethink just how he conducts himself while serving his constituents and maybe even own up to his past failings.

THE MISGUIDED USE OF THE "P" WORD

If there is one word used by business entities and organizations today which typifies's their commitment to deflecting questions from consumers relating to privacy and data security, it's the use of the word 'proprietary.'

It has to be said that it's an artful word used for getting rid of annoying consumers, journalists, and privacy advocates in emails, and other written communications because it sounds formal, and suggests to the recipient that potential legal consequences exist for those who continue to be inquisitive and seek answers to their questions. But in reality, it is just an overused word, commonly deployed as a deflector by officials who don't care, don't understand or worse know that their employer has something to hide from the public!

When it comes to consumer privacy and data security, there are no legitimate 'proprietary' techniques for collecting, collating and disseminating consumer's personally identifiable information without their knowledge and consent.  And this includes sharing their name, address and phone number with third parties.

Below are two definitions of the word 'proprietary' shown on the  Merriam-Webster Dictionary website:

1:  One that possesses, owns or holds an exclusive right to something;  specifically.

2:  Something that is used produced, or marketed under exclusive legal right of the inventor or maker; specifically:  a drug (as a patent medicine) that is protected by secrecy, patent, or copyright against free competition as to name, product, composition, or process of manufacture.

The fact is when you provide a bank, supermarket or hospital with your personally identifiable information; you are not giving them the right to own and use your personal data as they see fit forever. You are merely entrusting them with your information in order for them to identify you and better serve you as a customer or patient in the future.

It's that simple.  

Posted by 

Talk Privacy Blog at 5:41 PM 

FOR EVERY POSITIVE, THERE'S A NEGATIVE

A research project funded by Blue Cross Blue Shield of Tennesee (BCBST) which uses data from pharmacies, insurance claims and other sources to identify and combat opioid abuse appears to be a success.

In collaboration with Big Data analytics company Fuzzy Logix, BCBST analysts have been able to identify Tennesseans at risk through the use of sophisticated computer algorithms.

Combing through vast amounts of data to identify problematic or unlawful behavior with the sole mission of saving lives is to be commended.

However, for every positive, there is a negative, and once again we see a modern day example of how easy it is for our private lives to be scrutinized and evaluated based on data acquired from multiple different sources. 

While it has to be accepted that our medical records, along with our prescription records held at pharmacies are no longer private and confidential. Perhaps the bigger issue to keep in mind is that doing something as simple as paying cash for a  prescription instead of using one's health insurance plan can place us at risk of potential scrutiny by insurers and even law enforcement authorities.

The nothing to hide, nothing to fear mantra is fine until seemingly harmless behavior gets us on a suspicious activity watch list.

So gentlemen, for privacy reasons, it's probably best for the time being if you pay for your EDmedication using your health insurance plan.

For more information on this post, please feel free to contact us. 

NOTHING REVEALS MORE ABOUT YOU!

Supermarkets are a source of consumer data

Nothing reveals more about you than your personal shopping habits and traits.

When and where you shop, what you shop for and how you pay for your purchases, is all "data treasure" to organizations which make it their business to collect and sell information on us all.

Collecting and selling data on American consumers is nothing new. But advances in technology have made it possible to gather vast amounts of personal information on every man, woman, and child living in America today from multiple sources and hold that information in perpetuity.

No matter your socio-economic status or background, there are hundreds, possibly thousands of databases out there actively seeking to collect and analyze information on you every single day.

Data Brokers: Know All About You!

Most likely you have never heard of these organizations, let alone come into contact with them.  But they most definitely know who you are!

Who uses your collected data?

Primarily, collected data is still used for direct marketing and promotional purposes.  In other words, to sell you something.

But banks, government agencies (including law enforcement authorities) insurance companies, health care providers and law offices also now use this aggregated data for a variety of different purposes.

This includes identity and residence verification checks along with mode of living and lifestyle analysis.

How do they obtain your data?

For many years public record information along with completed product warranty cards, magazine subscriptions, and mail order purchases was the predominant source of information used to develop databases on us all.

Today, data from so-called 'contributors' which includes businesses prepared to betray the trust of their customers by sharing their personally identifiable information (name, address, telephone, etc.) with third party organizations known as data brokers is common practice.

Interestingly, data brokers are often described in consumer privacy notices as business partners or affiliates.

Both privacy advocates and consultants who work in the consumer data industry agree that privacy notices are open to interpretation and prone to ambiguous or intentionally misleading statements.

So, when you are out and about shopping, remember that you are leaving trails of personal data behind you, which will be collected, analyzed and most likely go towards your so-called bucket profile.

THE PRESIDENT'S A PAST VICTIM TOO!

President Trump

The scourge of the banking and financial services industry is employees who share customer information with unauthorized third parties or worse, who operate illegal sideline businesses selling private and confidential customer data.

Recipients of this stolen data include disreputable attorneys, journalists, private investigators and of course scam artists, including identity thieves.

This is not a new problem.  In fact, over the decades, employees at some of America's biggest banks have been identified selling confidential customer information to persons who have absolutely no lawful purpose in acquiring it.

A bank with a long history of employees abusing the privacy and personal data safety of customers is Bank of America.  

Even the President of the United States, Donald Trump, allegedly fell victim in the early 90's to executives at Bank of America (formerly National Westminister Bank USA) sharing specific details relating to his then troubled loan accounts with unauthorized third parties.

National Westminster Bank USA

National Westminster Bank USA was acquired by Fleet Financial in 1996 and in 2004, became part of what is today Bank of America.

Some of the most egregious examples of bad behavior by employees at Bank of America over the past two decades included senior executives supporting (or at the very least turning a blind eye to) the use of identity fraud as a business tool to expedite debt collection operations.

In fact, loan officers and attorneys employed at the banks Managed Asset Division (also known as Corporate Services) located in Hartford, Connecticut, and Providence, Rhode Island, were allegedly observed using the services of identity fraudsters to speed-up debt collection operations using a social engineering technique known as "pretexting."

Specific information sought often included customer data from competitor banks, payroll records from employers and even on occasion taxpayer data from government agencies.

OCC Seal

But perhaps most surprising of all was the fact that local and state law enforcement authorities were aware of this unlawful conduct but allegedly kept off the case by highly protective bank regulators.

This included the Office of the Comptroller of the Currency(OCC) which reportedly cited 'federal preemption' laws when intentionally shielding corrupt Bank of America's employees and contractors from possible prosecution by local jurisdictions.

To paraphrase two OCC officials who spoke 'on the record' in 1998 and 2010, "the function of the Comptroller's Office is to ensure the safety and security of the banks it supervises and not necessarily the interests of the American public."
How troubling is that?

IF I HAVE LEARNED ANYTHING IN 2016

If I have learned anything in 2016, it's that many businesses, healthcare providers, and even government agencies remain reticent when it comes to discussing what steps they take to protect our privacy and personal data. 
That's unfortunate in so many different ways.

Here are three examples why.  

First, it tells us that (customer, patient or taxpayer) privacy and personal data safety is not a priority with their executive management team. 

Second, the cost and inconvenience of putting in place practices and procedures for allowing transparency and openness relating to consumer privacy and data protection most likely cost's too much.

Third, they probably have something to hide. Could be they are sharing (selling) consumer data with third parties!

Whatever the reason, there is also a good chance that those in charge falsely believe that consumer data protection along with identity fraud prevention is an irritating fad promoted by law enforcement officials, security consultants and bloggers who have too much spare time on their hands.

Further, that internal measures for protecting consumer data are adequate and that anyone asking about how their personal data is used and above all protected should be treated with suspicion.

After all, data breaches and hacker attacks only happen to ADP, Adobe, Blue Cross BlueShield, Facebook, Hilton Hotels, Home Depot, JP Morgan Chase, Target, the State of South Carolina and Yahoo!  

No one else!

Happy New Year!