washingtonpost.com  > Print Edition > Sunday Sections > Sunday Outlook
Correction to This Article
A March 6 Outlook information box on credit reports created confusion for some Maryland readers. As the box stated, existing state law makes Marylanders eligible for a free report annually. But until Sept. 1, they are not eligible under a new federal credit law that mandates free reports for all states. So until that date, Maryland residents must contact the three major credit bureaus directly rather than using the all-in-one phone number and Web site set up under the federal program. Some readers also reported frustration with using the companies' automated phone systems. A more detailed guide for navigating them will appear in Sunday's Outlook section.

When Your Identity Is Their Commodity

By Evan Hendricks
Sunday, March 6, 2005; Page B01

So you think it's your personal information? That's not the viewpoint of the mega-companies compiling and selling data about you. As they see it, if they collect the information, they own it. Sure, it's about you, but it's theirs. You might think "privacy," but they see a commodity -- and a valuable one at that.

And for now, they're right. Never mind that there's a fundamental conflict built into this arrangement. The same companies entrusted with safekeeping our essential information make money only if they sell that information, and they do so in bulk. What's more, the current system places the burden on you to put a stop to any practices you don't like -- provided you discover them. You have to obtain your credit file, dispute errors, "opt-out," call, write -- and hope for the best.

Under a new federal law, residents of all states and the District of Columbia will be able to request free copies of their credit reports by Sept. 1. The law goes into effect in stages. Residents of 25 states in the western half of the country, plus others covered by pre-existing state laws, can obtain free reports now; 10 Southern states join the list on June 1, followed by the Northeast three months later. Consumers will be entitled to one free report a year from each of the three major nationwide credit bureaus. If someone is trying to steal your identity and opens a credit card account in your name, that activity appears on your credit report. Financial consultants advise consumers to request reports at least once annually to verify their accuracy.

Alaska, Arizona, California, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Michigan, Minnesota, Missouri, Montana, Nebraska, Nevada, New Mexico, North Dakota, Ohio, Oregon, South Dakota, Utah, Washington, Wisconsin, Wyoming

Alabama, Arkansas, Florida, Kentucky, Louisiana, Mississippi, Oklahoma, South Carolina, Tennessee, Texas

Connecticut, Delaware, District of Columbia, New Hampshire, New York, North Carolina, Pennsylvania, Rhode Island, Virginia, West Virginia

Georgia, Maine, Massachusetts, Maryland, New Jersey, Vermont (Residents of these states must contact the three major credit bureaus directly until Sept. 1. They cannot use the all-in-one Web site and phone number listed below)

Equifax: 800-685-1111
www. equifax.com

Experian: 888-397-3742

TransUnion: 800-888-4213

Residents of Western and Midwestern states can reach all three agencies at www.annualcreditreport.com or 877-322-8228. Residents of other states will be able to use that Web site and phone number once their state becomes eligible under the phased-in federal law.


Those are a few of the lessons emerging from a pair of privacy debacles last month that left millions of Americans asking how they can protect themselves and their data in an age when identity theft is the crime of choice. The first of these fiascos involved a company called ChoicePoint Inc., which admitted that it had been tricked into providing information on 145,000 people to a group of bogus companies, and the second stemmed from Bank of America's loss of credit data on 1.2 million federal employees. The incidents suggest that our sensitive personal information has been treated as just another commodity, deserving no more respect (and maybe less protection) than soybeans or pork bellies.

The scandals have re-stoked congressional interest. The day after Sens. Arlen Specter (R-Pa.) and Patrick Leahy (D-Vt.) announced Judiciary Committee hearings on the ChoicePoint scam, Leahy learned that his credit card data was on the Bank of America backup tape that disappeared without a trace. Like the growing number of Americans victimized by such "leakages," he didn't sound too happy.

Perhaps these events will prove to be the tipping point for policymakers and will educate consumers as to their stake and role in what has been aptly termed the "Data Revolution."

Did we say we wanted this revolution?

In fact, we did -- or at least we didn't complain about its benefits. Without the data revolution, there would be no information age. Personal information is vital to this new epoch. The collection and sharing of that information has powered the economy by increasing the availability of consumer credit, while at the same time lowering the cost of granting it. It also facilitates screening of employees, tenants, nannies and others who are entrusted with access to offices and homes. It makes it more convenient for our highly mobile population to buy houses, rent apartments and get instant store credit.

But there's a dark side: The current system invites identity theft, a fast-growing and distressing crime.

Ultimately, privacy has a very good chance of prevailing over the forces chipping away at it. Not only do Americans overwhelmingly view privacy as a fundamental right that must be preserved, but the economics of the electronic age also dictate the need for innovations that will protect that personal information while continuing to enable the information age.

Brace yourself, however: it's going to get worse before it gets better.

As the Supreme Court has recognized, the key to protecting privacy in the modern world is ensuring that individuals maintain reasonable control over their personal data. Reaching that goal requires a mix of strong national policy, good use of technology and consumer awareness.

ChoicePoint's recent lapse shows how far we have to go. A still at-large fraud ring became "customers" of ChoicePoint by posing as 50 fake businesses, including debt collectors and check-cashing firms. The thieves used ChoicePoint as a portal for accessing at least one major credit bureau, enabling them to filch Social Security numbers, other identifiers such as addresses, and sensitive credit report data. Although the full extent of the damage is not yet known, it's clearly one of the worst cases ever: ChoicePoint sent letters to 145,000 consumers warning that their data were compromised; 750 individuals were confirmed victims of identity theft.

The perpetrators picked quite a target. ChoicePoint is a symbol of the "commodification" of our personal data, having compiled 19 billion records covering virtually every American adult. A spinoff of Equifax, the giant credit bureau, ChoicePoint taps a wide range of taxpayer-subsidized sources, including local property records; driver records; boating, pilot and professional licenses; and court records showing bankruptcies, liens, judgments and divorce. Its sales to corporations and governments last year topped $900 million. (Other database companies are Acxiom, LexisNexis, Westlaw and Seisint.) While some of ChoicePoint's mammoth databases are filled with public records, these records are no longer "public" once ChoicePoint houses them. The company will give you access to some of the files it keeps on you, as required by the Fair Credit Reporting Act (FCRA). But it recently argued to the Electronic Privacy Information Center (EPIC), a public interest research center here in Washington, that other data are not subject to the FCRA. That means you cannot see your data or correct errors -- even though other companies and government agencies could buy the same data and use them for making decisions about you.

With the byzantine nature of the laws governing personal information and of the electronic systems that house such information, you need a scorecard to know when your information is protected by federal statute: credit reports (yes), video rental records (yes), federal agency records (yes), medical records (generally no), bank and credit card records (kind of), non-credit database company records (who knows?).

CONTINUED    1 2    Next >

© 2005 The Washington Post Company