A guy walks into a bar… and loses his identity
July 30, 2018I was recently at a pub and they asked to see my ID. No problem, although I am clearly over 21. The bouncer asked me to remove it from my wallet so he could scan it. I politely said nope. When talking to the manager, I asked what do you do with my information, what information is collected, how is it stored and safeguarded? To me, these were all valid questions.
I frequently get asked if an email is spam or if a website is safe to use. My answer: Nothing on the web is 100 percent safe from causing harm or from external attacks. Remember the Yahoo breach in August 2013 or the Equifax failure in July of 2017?
I am not suggesting we live in fear. Quite the opposite actually. There are steps we can take to keep your personally identifiable information (PII) more protected. But first, what the heck is PII? This is not a quiz, but maybe it should be! I know what you’re thinking – this is easy, it’s my social security number (SSN) and maybe my date of birth. Well, you would be partially correct.
According to the Federal Trade Commission, your PII includes full name (especially middle name or initial), SSN/truncated SSN, citizenship status, date of birth/place of birth, gender/race/ethnicity, mother’s maiden/middle name, driver’s license number, license plate number and financial information. And that’s the short list!
And YES, I get teased at the office for being over protective. But consider this: According to the U.S. Department of Health & Human Services, it only takes gender, a zip code and a date of birth to personally identify 87 percent of the American population. Think about it. How many women were born 6/30/1978 and live in the 55803 zip code?!
Many companies who ask for PII are required to meet legal obligations to protect that sensitive data per FTC Rules and guidelines. On May 25, 2018, European Union law implemented the General Data Protection Regulation (GDPR), which superseded the Data Protection Directive. You may have recently gotten hundreds of emails with companies updating their privacy policies. This new law has very strict rules on how and what information is collected, retained and deleted. I expect/hope the U.S. to follow suit shortly.
We have rules and laws like HIPPA that protect your data, but what about that bar you went to or the pack of cigarettes you just bought? To date, there are no statutes protecting our data from retailers. There are several bars and retailers that now just swipe your driver’s licenses for returns or to check if you are legal to purchase certain items. What information are they collecting, how is it encrypted, and who sees the data?
The information contained on your license varies by state. Here are examples of what’s on Minnesota and Wisconsin licenses.
So, what can we do? Well, be vigilant but polite. After all, the bouncer at the bar is just doing his job. Also, be smart and ask questions: Why do you need it? How will it be protected? Finally, contact your senator and representative and ask them to create legislation similar to the GDPR to protect our information at retail locations.
Now that we know what our PII is, check back for our next blog where we will talk about protecting your online data and how DataCom/OTA can help!