For most of us, privacy is an important issue. We talk about, write about, sue each other over it, and debate the extent to which it is our Constitutional right. We know that our original notions of privacy have been drastically eroded by the amount of data collected about us every day. Every time you buy with a credit card, debit card, or even pay cash and use a discount card, the records are collected and aggregated. Every time you pay a bill, borrow money, or ask to borrow money, the information is collected and stored together. There's work being done right now to do the same things with all of your medical records.
What's happening to all this information? Private companies are using the information to trying to figure out what to sell you next, whether to extend you credit, and to whom they can sell your name and information. The government is using the information to try to figure out if you are a law-abiding citizen. And, your friends, family, and acquaintances may be using it just to find out what you haven't told them directly. (In response to a challenge recently, in five minutes on Google, I was able to retrieve a friend's secondary address, parent's and sibling's names, religion, political party affiliation, last job, current job, foreign language spoken, and a hint about his financial position.)
Criminals want to gain access to your private personal information, too. They want to use it to take advantage of you -- most typically by fraudulently posing as you and making credit purchases. Some of them want to use or sell your identity more generally, in order for someone else -- typically an illegal immigrant or another criminal -- to be able to hide from the authorities by posing as you on a day-to-day basis.
So, how likely is it that your private personal information will end up in the wrong hands?
The most recent US Census statistics estimate that there are about 225 million adults in the US (aged 18 and over). The Privacy Rights Clearinghouse has been trying to keep track of all of the instances when an organization has lost private personal information, including everything from hacker attacks on universities to laptops and disks lost by employees. It's current total for 29 months (January 2005 to May 2007) is over 155 million records lost that contain information useful to identity thieves. But, about 15% of the incidents do not have reported loss numbers; so, I estimate the true number to be around 182 million (155/.85). And, that results in an estimate of approximately 75 million records lost or stolen per year (182 * 12/29). Or, approximately 225 million records lost or stolen in three years. Of course, this does not mean that every US adult's data will be lost or stolen in a three year period; some unlucky souls will have their data compromised more than once, while others will not be affected.
In addition to large scale losses of information by those we entrust with our digital data, there are lots of small scale ways to lose our personal information. A Gartner Group analyst reported that 1.2 million Americans a year believe they have given their personal information to a criminal on the internet, but that same group is reported to have estimated that the true number for 2006 would be 3.5 million. Large numbers of credit cards (or credit card numbers) are lost or stolen every year: A Harris poll reported that 16% of American adults had had a credit card used by someone they didn't know. And, a 2004 study for the Federal Trade Commission found that identity theft victims who did know who stolen their identity, nearly always reported manual (non-computer, non-digital) theft by family members, friends, neighbors, in-home employees, co-workers, sales employees, and financial institution employees, people who had access to the physical cards, receipts, or statements.
According to the FTC report, 4.6% of survey respondents reported they had been victims of identity theft in the past year; extrapolated across the adult population today, that would be about 10.4 million new victims per year. If that number weren't escalating, you'd be at risk for identity theft about once every 22 years during your adult lifetime. However, the FTC study found that the rate of discovery of identity theft nearly doubled from one year to the next. If that trend continued, in 5 years the entire adult population would be compromised each year. Clearly, that won't happen, as consumer awareness increases and anti-fraud technologies improves.
The bottom line is that there's lots of information floating around about most of us and quite a bit of it is in the hands of people or systems we never intended.
Post Script: Should I care that I don't have much privacy?
There are two ways to think about this. 1) It's not a problem; it's just part of evolution. Look at YouTube and MySpace; the next generation is creating permanent, open records about things that older generations would never want publicly known. In the not-too-distant future, privacy will be dead as a concept. 2) It is a problem. Privacy (like discretion) is more appreciated with age. Identity theft and credit card fraud will become such a time-consuming and costly issue that protections are a better alternative. I admit I have my toe in the water of the first camp, but that my weight (and work) still fall heavily in the second.
What's happening to all this information? Private companies are using the information to trying to figure out what to sell you next, whether to extend you credit, and to whom they can sell your name and information. The government is using the information to try to figure out if you are a law-abiding citizen. And, your friends, family, and acquaintances may be using it just to find out what you haven't told them directly. (In response to a challenge recently, in five minutes on Google, I was able to retrieve a friend's secondary address, parent's and sibling's names, religion, political party affiliation, last job, current job, foreign language spoken, and a hint about his financial position.)
Criminals want to gain access to your private personal information, too. They want to use it to take advantage of you -- most typically by fraudulently posing as you and making credit purchases. Some of them want to use or sell your identity more generally, in order for someone else -- typically an illegal immigrant or another criminal -- to be able to hide from the authorities by posing as you on a day-to-day basis.
So, how likely is it that your private personal information will end up in the wrong hands?
The most recent US Census statistics estimate that there are about 225 million adults in the US (aged 18 and over). The Privacy Rights Clearinghouse has been trying to keep track of all of the instances when an organization has lost private personal information, including everything from hacker attacks on universities to laptops and disks lost by employees. It's current total for 29 months (January 2005 to May 2007) is over 155 million records lost that contain information useful to identity thieves. But, about 15% of the incidents do not have reported loss numbers; so, I estimate the true number to be around 182 million (155/.85). And, that results in an estimate of approximately 75 million records lost or stolen per year (182 * 12/29). Or, approximately 225 million records lost or stolen in three years. Of course, this does not mean that every US adult's data will be lost or stolen in a three year period; some unlucky souls will have their data compromised more than once, while others will not be affected.
In addition to large scale losses of information by those we entrust with our digital data, there are lots of small scale ways to lose our personal information. A Gartner Group analyst reported that 1.2 million Americans a year believe they have given their personal information to a criminal on the internet, but that same group is reported to have estimated that the true number for 2006 would be 3.5 million. Large numbers of credit cards (or credit card numbers) are lost or stolen every year: A Harris poll reported that 16% of American adults had had a credit card used by someone they didn't know. And, a 2004 study for the Federal Trade Commission found that identity theft victims who did know who stolen their identity, nearly always reported manual (non-computer, non-digital) theft by family members, friends, neighbors, in-home employees, co-workers, sales employees, and financial institution employees, people who had access to the physical cards, receipts, or statements.
According to the FTC report, 4.6% of survey respondents reported they had been victims of identity theft in the past year; extrapolated across the adult population today, that would be about 10.4 million new victims per year. If that number weren't escalating, you'd be at risk for identity theft about once every 22 years during your adult lifetime. However, the FTC study found that the rate of discovery of identity theft nearly doubled from one year to the next. If that trend continued, in 5 years the entire adult population would be compromised each year. Clearly, that won't happen, as consumer awareness increases and anti-fraud technologies improves.
In US | Per Year |
Adults | 225 million |
Estimated digital records lost or stolen with personally identifiable information | 75 million |
Estimated number of adults who give personal information to phishers and other online criminals | 3.5 million |
Estimated number of individuals who were victims of identity theft (2003) | 10.4 million |
The bottom line is that there's lots of information floating around about most of us and quite a bit of it is in the hands of people or systems we never intended.
Post Script: Should I care that I don't have much privacy?
There are two ways to think about this. 1) It's not a problem; it's just part of evolution. Look at YouTube and MySpace; the next generation is creating permanent, open records about things that older generations would never want publicly known. In the not-too-distant future, privacy will be dead as a concept. 2) It is a problem. Privacy (like discretion) is more appreciated with age. Identity theft and credit card fraud will become such a time-consuming and costly issue that protections are a better alternative. I admit I have my toe in the water of the first camp, but that my weight (and work) still fall heavily in the second.