Identity theft is a term now common in the American vernacular. Though the term is familiar, what it represents is often misunderstood by large segments of the consumer population. Many people commonly associate the term with someone making illegal use of a credit card number. By most current definitions however, that type of crime is more properly referred to as credit card fraud and is no longer considered a true example of identity theft. So what exactly does the term “identity theft” mean?

The best working definition of true identity theft is simple: The improper or illegal use of someone’s personal identifying Information (PII). It’s that simple. PII is defined as any information that uniquely identifies you as you. More specifically, your social security number, passport, birth certificate, driver’s license or state ID card, and similar documents that alone, or in combination, are unique to you as a person. ITRC considers that your PII can be used to commit several different types of identity theft. We classify these as five (5) basic types of identity theft: financial, criminal, medical, governmental, and cyber/reputational. There is also child identity theft, but other than the age of the victim, these are always one or more of the 5 types above.

  • Financial: Financial Identity theft is simply when someone uses another’s PII for financial gain. This can include using a SSN to open a new line of credit, a utility bill, a student loan, etc. Unlike the unlawful use of an existing, and legitimate credit card, these new fraudulent accounts may exist for extended periods of time before the victim becomes aware of them. Checking your credit reports or getting a call from a collection agency are two of the most common ways financial identity theft is discovered. Victims should file a police report and then dispute any fraudulent charges with the various affected merchants and creditors.
  • Criminal: Criminal Identity Theft occurs when someone has successfully impersonated the victim when dealing with law enforcement. This can be accomplished a multitude of ways. The most common is when a thief uses a victim’s SSN, Name, and perhaps date of birth to acquire a driver’s license. In the event this thief is cited or arrested by a member of law enforcement, the thief will pretend to be the victim thereby creating a fraudulent criminal history for the victim. Victims of this form of ID theft should have their local police fingerprint and mug shot them, and when appropriate send that information to whatever the arresting or citing law enforcement might be, so they can get issued a letter of clearance from the court, clearing them of responsibility.
  • Medical: This form of identity fraud occurs when a criminal makes use of the victim’s PII (such as an SSN or Medical insurance card/number/Medicare card etc.) to receive medical treatments and benefits and then leaves it to the victim and their insurance carrier to pay the bills. These events may also leave mixed medical records, which can be a significant problem to the victim. There is also a growing trend used by illegal pharmaceutical sellers as well as prescription pill addicts to use someone’s identity to steal prescription drugs without leaving a paper trail back to them for anyone to follow. Victims of medical identity theft need to get in touch with their insurance provider as well as the place where the procedures were performed, or where the medical supplies/drugs were purchased, and inform them of the fraud. This should include showing proof of that this misuse was brought to the attention of law enforcement.
  • Governmental: This is when the victim’s PII is used to acquire government benefits that the thief would not otherwise be entitled to. Things like government grants and loans, welfare assistance, even a large tax return a victim might be owed from the IRS are all strong motivators for criminals. Often those in this country illegally will have reasons to engage in governmental Identity theft in order to find gainful employment, or avoid detection. In addition to previously listed steps, victims should request an “earnings history report” at their local branch of the Social Security Administration. This report will show where someone has been working, and can be useful in mitigating the fraud.

Cyber/Reputational identity theft is the newest emerging form of identity theft. This involves the use of one’s name, likeness, online passwords or other associations in order to exploit or damage one’s reputation, or perhaps to gain access to their contacts or emails, or just to spam someone’s online relationships with advertisements or Trojans. Mitigation for this type of theft is best done through contacting the site administrator. (i.e. for a fraudulent Facebook profile, the only way to resolve the issue is through dealing with Facebook staff directly).

For additional questions or concerns, please contact the ITRC. ITRC provides no-cost toll-free assistance to consumers and victim at (888) 400-5530, or

“Classification to Mitigation: What You Need to Know about the Multiple Faces of Identity Theft” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to repost the above article, as written, giving credit to and linking back to the ITRC Blog.

Do you love a discount? You’re not alone. Most people do. And that’s just what Facebook is banking on with their new “Facedeals” project, which sends coupons and discount offers directly to your phone. The only catch: when you use your coupon they snap your picture.

Facebook dealThe program essentially functions as follows: a camera is installed in a business. The camera scans your face as you enter, checks you in on Facebook and sends your phone a text message offering you a targeted discount. A “targeted” discount or deal is a coupon for an item or service that’s viewed as within your range of interests, based on your Facebook “like” history. Merchants use this data to selectively advertise to you, making it more likely you’ll be interested and less likely that they will waste time and resources sending you a coupon for a product you’d never use.

Of course, in order for this program to take effect you must choose to sign up for it, and let Facebook scan and store facial recognition data about you based on your tagged Facebook photos. As more pictures are approved, the app gets more precise in its ability to identify you based on what you look like. Once you sign up for this program you will be automatically identified and tagged at any store or shop you frequent that has a Facebook Camera installed.

No doubt this is another impressive new development in our ever more rapidly advancing technological society. What’s the harm in offering you targeted deals seamlessly and easily right? Well, perhaps none, but certainly there is a potential for misuse and dangerous privacy implications. Mum’s been the word on how this data will be stored, what will be permissible uses for the data, and what if any third parties could request access to such data? Could the government access it under the right circumstances? What about retailers, marketers, or various merchants? You can see that without defined rules, the line could easily be blurred to a dangerous point.

Now everywhere you go, you could potentially be checked in without your knowledge. Every store you visit, every time you leave your house. Once you’ve signed up for this technology there isn’t a way yet to select where you do and don’t want to be checked in, or under what circumstances you feel comfortable broadcasting your whereabouts and purchasing habits to the general public. Once you sign up, it’s entirely plausible that your friends, family, and yes those ultra-aggressive creepy Facebook stalkers can track your daily movement and purchasing habits with a click of a mouse. It’s a spooky thought.

No doubt many will disregard the near certainty of significantly diminished privacy in favor of 50% off a sweet new smart phone cover. But when that creepy ex that you’ve been avoiding since high school just “happens” to bump into you at the mall, don’t say we didn’t warn you.

“Facebook Facedeals Raise Serious New Privacy Concerns” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC_Blog.

When surfing the internet in the privacy of your own home, one might think they are safe from prying eyes, and free to surf the internet without anyone knowing what they’re doing. Unfortunately, this couldn’t be further from the truth. What you do on the internet is information that every retailer and marketing firm wants to know. Why? It’s because these companies use that information to create targeted advertising, which increases sales and thus profits. Targeted advertising simply means that when a company pays for an advertisement they want that advertisement to go to people who will be most likely to purchase whatever the advertisement is selling. For example, sending an advertisement for an expensive boat to someone who is unemployed would most likely be a waste of money.

being watchedCompanies pay for information about your online habits to companies called data brokerage firms or information aggregators. These companies set up thousands of servers specifically to monitor people’s activity on the internet, organize the information to fit a retailer or marketing firm’s needs, and then sell it to the highest bidder. This type of information gathering has set off alarms within the privacy advocacy community as the information collected can at the very least have personal information about you, including age, race, sex, weight, height, marital status, educational level, politics, buying habits, household health worries, vacation dreams and more.

So far, the retail industry has for the most part been self-regulating when it comes to what is right or wrong when tracking you online. According to the World Wide Web Consortium (W3C), an international community where Member organizations, a full-time staff, and the public work together to develop Web standards, privacy advocates and retailers have come to a cautious agreement that an option called “Do Not Track” on web browsers should be available to consumers. When a consumer clicks the “Do Not Track” option, retailers would honor their request and stop their websites from tracking everything that a consumer does on their website. The problem is that all of this is voluntarily and the W3C has no power to enforce any of the standards they promulgate.

Microsoft has added to the controversy over this issue by declaring that their next web browser, Internet Explorer 10, will have the “Do Not Track” option activated as the default setting for their new browser. Retailers and marketers rebuked this idea, threatening not to comply because they believed the standard of complying with the do not track request is only valid if the consumer actively selects it themselves. This latest battle in the protracted war between privacy advocates and the retailing industry has many calling for legislation so that there is some method of enforcing companies to respect the “Do Not Track” option. Surprisingly, several bills have been introduced in both the Senate and the House regarding tracking online consumers. Not surprisingly, all of these bills have been languishing in Congressional committees since 2011. With the attention Microsoft’s move has garnered, the possibility of these bills gaining traction in Congress is becoming more likely.

A bill submitted by Rep. Jackie Speier, the Do Not Track Me Online Act of 2011, requires the Federal Trade Commission (FTC) to create new rules that establish standards for the required use of online opt-out mechanism to let a consumer choose to prohibit anyone from tracking them online. The standards must include a rule requiring covered companies to disclose to the consumer how they collect information and what they do with it, as well as a rule obligating companies to not track consumers if they elect to not be tracked. The FTC would also be given the authority to conduct random audits of covered companies to ensure that they are in compliance with the established standards. For companies not in compliance with these standards, any state attorney general would be permitted to bring a civil action imposing fines up to $11,000 per day with a $5,000,000 maximum cap.

The Do-Not-Track Online Act of 2011, submitted by Sen. John Rockefeller, largely mirrors Rep. Jackie Speier’s legislation; however, his bill lacks any language giving the FTC authority to conduct random audits of companies. While it lacks audit authority for the FTC, Sen. Rockefeller’s bill calls for fines up to $16,000 per day with a $15,000,000 maximum cap.

Lastly, Rep. Edward Markey has put forth the Do Not Track Kids Act of 2011 putting extra emphasis on the protection of children from being tracked online. This bill provides for the same kind of enforceable standards as above, but adds extra standards for minors. This bill would require covered companies to not track children unless receiving parental permission, stop companies from requiring children’s personal information in exchange for allowing the child to play a free online game, and to create an “eraser button” allowing users of a website to erase any current or past information already collected on a minor. While providing a multitude of protections for minors on online, this bill does not provide any recommendations on fines or damages to be paid by companies in violation of its rules.

While it is unlikely that any of these bills will be signed into law in the near future, it is a good idea to keep them in mind as the discord surrounding privacy on the web escalates. For now, the war between retailers and privacy advocates will continue as the struggle for meaningful self-regulation of online tracking makes slow progress. In the meantime, click that “Do Not Track” option if you feel uncomfortable having your online activity monitored and hope that companies are courteous enough to oblige.

“You Are Being Tracked” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Most people would think that the person or people who know them best are family members, close friends, or significant others. Unfortunately, one more category must be added to that list and it may be one that knows you better than anyone else: an information aggregator. Information aggregators, or data brokers, collect information regarding individuals and look to sell this information to marketers seeking to advertise their products to the best targeted audience possible.

watchingThis sounds fairly innocuous until one looks at the actual breadth and scope of information these aggregators are collecting. Reps. Edward J. Markey and Joe Barton along with six other congressman sent letters to nine major information aggregation companies citing an article in the New York Times (“A Data Giant is Mapping, and Sharing, the Consumer Genome”) which explains what exactly these companies do. The article focuses on a company called Acxiom which collects information on nearly “500 million active consumers worldwide, with about 1,500 data points per person. That includes a majority of adults in the United States.” Among these data points include “your age, race, sex, weight, height, marital status, educational level, politics, buying habits, household health worries, vacation dreams – and on and on.” The article goes on to state that Acxiom has 23,000 computer servers processing more than 50 trillion data transactions a year.

Just the data points mentioned are disturbing enough, but to think that these companies have up to approximately 1500 is downright problematic. The Congressmen writing the letters to these companies express their concern that, in addition, to the privacy concerns involved with this so called “data mining”, how companies use this information may lead to another process called “weblining.”

Weblining is a process by which companies will grade each individual and base decisions about them solely in regard to the information they buy from companies like Acxiom. Privacy advocates warn that this way of profiling consumers can lead to different classes of individuals which will receive different offers and attention from different companies. Health insurance, higher education, employment, and financing could all be decided before you ever get in contact with an insurance agency, school, potential employer or lender, all based upon the information gathered and collated by information aggregators. The Congressmen behind these letters are especially concerned with what and how these aggregators are collecting information on children and minors, as this method of profiling could impact them the most.

The lack of transparency and the volume of legally collected information on consumers is not the only concern as these data brokerage firms are extremely attractive to criminal hackers. While it is unsettling to know that a corporation has such intimate details about you and your habits, they are at least following the law (as lacking as it may be) regarding privacy. They take measures to encrypt and protect your data to minimize any information reaching any unintended parties. A criminal hacker who successfully hacks one of these data brokerage firms would potentially have personal information on hundreds of millions of people.

With Congress struggling to pass any meaningful cybersecurity laws regarding protecting or collecting personal information from online consumers, it seems that, for now, the individual consumer can only hope his or her information profile doesn’t exclude them from opportunities in life or end up in the hands of a criminal.

“What is Information Aggregation and Why Should You Care?” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

An article from Private WiFi’s CEO, Kent Lawson, raised interesting points about online privacy attitudes among younger people.

The article presented some interesting thoughts from Ella Hickson, a young playwright. Ella notes she is more aware of the value of privacy and puts forth the idea that most of the younger generation thinks in terms of an “inner circle of friends” and “our public self.” She further relates that we want this public self or persona out there “on billboards,” and that the whole point of this carefully constructed and controlled persona is that “it is seen.”

As she noted in the piece:

“I think the kind of ‘all hanging out there’ that we see on social networking sites, etc., is more duplicitous than it seems. The things that we have total access to are, of course, highly controlled by those that are putting it there for the most part. Very rarely is anything being posted ‘about’ someone that they aren’t posting themselves.”
I can’t disagree with Ella, and find her comments very insightful. Most postings on social networking sites are carefully controlled by the person who “owns” the page. We can think of this persona as our billboard where we advertise the self we want people to see, and what they get to see is very definitely filtered by what we want them to know about us. She is absolutely correct in that we don’t put our dirty laundry on Facebook, just the “good stuff.”

Where I see a flaw in her outlook on privacy is in a lack of knowledge about how many different types of exploits are used to trap personal information, both for “legitimate” marketing purposes, and by those who wish to do us harm.

It should be remembered that in regarding social media sites, we users are their income stream, not their customers. Their customers are the many entities that want to access our information for sales and marketing purposes. Mobile apps and social networking apps and games want access to our user information for a marketing reason.

And, many of those who would do us harm are very bright and capable, and find many ways to “social engineer” or otherwise exploit our public presence to gain information that is then used to harm us.

Preventing Online Crime

Stalking, identity theft, scams, and other criminal acts all succeed best when the perpetrator has knowledge of his or her intended victim. The fact that the information the criminal started with was our public information does not make it any less useful. As an example, about a year ago I spent a few hours investigating geo-tagging,” which is where a cellphone or smartphone takes a photo and embeds the GPS location information directly in the image file. Most current phones with cameras have this ability, and each device may or may not be configured to geo-tag each photo.

Having read about this, I was curious to find out whether photos posted to Facebook would have the information, and whether it was difficult to use. I downloaded about 20 photos from a variety of friends’ Facebook pages. Most did not have the embedded location information, but four of them did. Using that information and Google Maps, I was able in a few seconds to see the location, and even zoom in and look at the home involved.

That’s more than a little scary – that’s a great tool for a Facebook stalker.

The point I am making is not specific to this one type of exploit, but rather that we should all be very careful about having a complacent attitude regarding our privacy and security. Certainly there is a lot of our personal information “out there in the cloud,” and being used by a large variety of companies with which we have dealings. But there is a significant area of “privacy responsibility” that resides directly with each individual. In that context, it is a really good idea for all of us, including twenty-something young adults, to also pay close attention to our public persona.

Ask anyone who has been denied a job because of party pictures shared publicly; that is not identity theft, per se, but it certainly can have an impact. The point is that collecting a variety of information about an individual is a fairly powerful way to build an identity profile, and what you publicly post is certainly a great starting point.

This article was originally posted by PRIVATE WiFi, a personal VPN software that encrypts your data in public wireless hotspots. Using our easy software prevents identity thieves from hacking into your emails, online banking, social media accounts, and other personal information. To sign up for a FREE three-day trial, visit

We welcome you to post/reprint this article, as written, giving credit to the author and linking back to

The introduction of the smartphone into the technology platform revolutionized the use of the cellphone. Suddenly, activities and actions that required a stationary device, or a device connected to wireless internet became activities on-the-go. Now, the smartphone’s capabilities have surpassed those ever associated with a small mobile device. Cellphones went from being solely used for telephone calls, to nearly replacing the use of computers.

Nowadays, smartphones are used to place and receive phones calls, text messages, email, online banking known as mobile banking, document generation and sharing, social networking, bill paying, gaming, etc. Almost any activity can be supported by the small mobile device. These activities are made possible by the introduction of applications, known as apps. Just like programs have to be downloaded to a computer, apps have to be downloaded to a smartphone to carry out the desired commands.

When it comes to the smartphone, safety comes second to that of the computer. However, it doesn’t mean users cannot take security measures to ensure they are being protected. One of the greatest threats to users is applications. As a result of security holes, certain app developers create apps designed to steal user data, and gain access to information they would otherwise not have access to. For example, Malware is a common threat. In its essence, Malware is malicious software intended for malicious purposes. It has the ability to damage and disable computer systems. Since a smartphone is in many ways like a computer, it is a target.

When users download an app, and the app is malicious, it can download Trojans, viruses, worms, etc. to the device. These may install keylogger software, spyware, bonnets, and so on. The intent of the software is to follow user activities to obtain personal information. This information can then be used by criminals for financial gain – committing financial fraud, and in some cases identity theft.

The best rule of thumb is to verify the legitimacy of the applications being downloaded to a smartphone. As it is, apps require access to a significant amount of data, so ruling out applications can be a great step to take. In addition, reading the apps’ reviews can be helpful. Usually other users will define in their posts the problems they have had with the application. Users need to be weary of what they download, therefore, if the user doesn’t feel comfortable with the information the app is requesting access to, the best thing to do is to not download the app.

Truth of the matter is no one can protect a smartphone better than its user. It all boils down to the apps the user is downloading, and the activities or commands being carried. Although the responsibility of protecting a device is the users’, there are security software apps that scan for malware and spyware. These can be a helping hand.

Many professionals view air-travel days as an opportunity to get some extra work done, pay bills online, or distract themselves during their commute by surfing the internet. The convenience and ease of use of modern laptops and iPads have made it easy to stay connected in route. As a result, public Wi-Fi is now commonplace in most major airports and even becoming more common on the airplanes themselves. As with most technological conveniences these days, in addition to the obvious advantages, wifi in airports pose additional risk to consumers who may not be aware that they’re in potentially dangerous ‘hot zones’ for identity theft.

Public wifi is a beacon for those who would seek to harvest your personal information through your internet connection. Free wireless networks are usually not password protected, or have a password that’s publicly available. This means that every time you sign on to a public wifi connection, you’re essentially sharing a connection with any and all strangers in the area. In an airport especially, even more so than in a coffee shop or other place usually associated with public wifi, the number of strangers in your immediate vicinity is usually much higher. Any and all of those have the potential ability to access the same network connection you’re using. All it takes is one malicious user on your network to cause you a lot of trouble.

Anytime you access public connections to the internet, your computer is more exposed to the threats of malware or viruses which may be present on another’s laptop, not to mention the threat of a nefarious fellow traveler snooping through your shared files, shoulder surfing to watch you input your passwords, or otherwise monitoring your internet activity. Most people don’t realize that when sharing a network internet connection with someone, there is no additional firewall or security in place to protect the information stored on your computer. This quite naturally makes places like airports and other areas that offer free public wifi very attractive to would-be identity thieves.

If you can avoid using public wifi altogether, do so…if you just can’t resist checking the scores or the weather while waiting to board your flight or arrive at your intended destination, try to avoid doing potentially dangerous activities like online banking, filing tax returns, or checking any email accounts that might have valuable information stored in it; as this information could be harvested from your machine and used against you. If you know you will be traveling often and find yourself using public wifi normally you may want to look into getting a personal VPN. A personal Virtual Private Network will help protect you against the dangers of public wifi.

If using public wifi unprotected, be wary of any wireless network that shows up with a stronger signal than the network offered by the known provider (in other words, if you’re in the American Airlines terminal, you shouldn’t choose that random linksys server over the one labeled “Americanterminal1access” for example). Often potential hackers will generate their own network signal to have others “hook up” to them, exposing all their information. Other network users will see the stronger signal and connect to it unwittingly, without realizing that they’ve just voluntarily offered up anything that isn’t independently password protected for viewing by the thief.

When using your home wireless connection, ensure that it’s always password protected. Remember, you never know who else may be online.

Facebook – the social network giant has posed the opportunity for its users to vote on changes to their privacy policies. The focus wraps around how the network uses ‘user’ information through data collection practices and the use of that data for advertising. The giant is aiming at providing clear explanations to its users of how information is shared. In other words, users will have options to control how their information is shared. The voting was opened on June 1, 2012 and will close June 8, 2012.


Although some consider this to be a way to engage users, some say that users are not actually voting on policies, but rather voting for the old policy or the new policy. The old policy, per se, involves more complex language – harder for the user to decipher. On the other hand, the new policy is more transparent – easier and clearer for the user to understand. Co-Chair and Director, Jules Polonetsky of the organization Future of Privacy Forum feels “they’re going through with a vote because they promised a vote, but they’re really not going to end up with anything useful.”

According to The Inquisitr, users will find the following on the social network site:

‘Recently, Facebook provided revisions to its SRR and Data Use Policy to, among other things, improve the documents by adding examples and detailed explanations to help users better understand their policies and practices; comply with the law; incorporate feedback from the Irish Data Protection Commissioner’s Office, other regulators, and users; and reflect the addition of new products and services, like Timeline.’

So, if users want to vote, they have until Friday, June 8, 2012 to do so. However, keep in mind that in order for the results of the voting to even matter and taken into consideration, more than 30% of Facebook users have to vote. If that is not the case, the question then, is there anything useful in the process at all?

Last spring, it was revealed that iPhones and Android mobile phones send individual’s “user location data” back to their respective companies, Apple and Google. Initially the news was met by an angry uproar from citizens concerned that their right to privacy was being collectively violated. It didn’t slow down sales of either iPhones or Androids however, both of which posted significant gains last year. While Google is quick to point out that the information is stored anonymously, consumer concern has prompted Reps. Ed Markey (D-Mass) and Joe Barton (T-Texas) to call on the Federal Trade Commission to investigate whether Google’s privacy policies violate a previous settlement reached with the FTC last year.

This is in addition to the ongoing FTC antitrust probe into Google and Google+. Last June Google was answering questions about apparent manipulation of search results to accommodate its own products. The more recent probe includes Google +, and questions whether Google + has been given preferential treatment in Google’s vast network of online products and services. “The FTC is examining whether the company unfairly increases advertising rates for competitors and ranks search results to favor its own business, such as its networking site Google. According to the latest report, the FTC wants to find out “whether the company is using its control of the Android mobile operating system to harm competition.”

Google’s opponents have called for an investigation into Google’s search protocols for some time. Responding to reports of an imminent investigation, which originally surfaced in June of last year, applauded the news. represents companies such as Expedia, Travelocity, Kayak and Microsoft; all entities that have objected to Google’s actions.

“Google engages in anticompetitive behavior across many vertical categories of search that harms consumers,” the organization said in a statement. “The result of Google’s anticompetitive practices is to curb innovation and investment in new technologies by other companies.”

As of May 2011, Google had a 65.5 percent share of the U.S. search market, compared to 16 percent for Yahoo and 14 percent for Microsoft’s Bing. The European Commission began a similar antitrust investigation into Google’s search practices last year after numerous complaints from small businesses. That case is still pending. The gist of the FTC probe, prompted by the Senate, is that 1) since Google is a dominant gatekeeper to access competitive commercial opportunity online, and 2) if it deceptively represents that it is an equal opportunity search engine, 3) then favors the search results with Google products and services, then 4) Google is effectively using deceptive practices to steal the competitive opportunity of competitors and depriving Internet users’ of free choice to choose competing products and services.

While it is so far unclear what the long-term ramifications are for Google, the fact that this call to investigate has widespread bi-partisan support in Washington could lead to more trouble for the information conglomerate before all is said and done. Most recently Apple was subpoenaed regarding the Apple iOS use of Google products on their smartphones. Should Google be found to have violated the terms of their 2011 settlement, serious punitive action from the federal government may be in Google’s future.

“FTC and Google’s Ongoing Battle and its Implications:” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Just how is it that companies always seem to know just how to advertise to us? Ever get a chill up your spine when Target sends you a coupon for the exact type of jacket you’d been thinking of purchasing for the last week? If it feels like internet marketers know what products you’re likely to be interested in, it’s because they do. It is well known that internet activity can be tracked by marketers and used to more effectively reach the consumers who are likely to be interested in the product or service they offer. What is less widely understood is how different websites track your information, and how they use it. Simply changing your privacy settings in your browser can limit the information that you share across the entire spectrum of internet advertising. But what if you want to go deeper?


In order to truly understand how each site you interact with tracks your information, and just who they share it with, would require the consumer to read each individual privacy policy for every single website they frequent. By law the terms of use and related privacy policy must outline exactly what information they harvest from you, exactly how they use it, and with whom they are sharing it. There is no law however, against making your terms of service long, using lots of tiny print, or against writing it in legalese jargon that makes it very difficult for the average consumer to understand.

There is a company with a new product that seeks to address this particular issue. PrivacyChoice has developed a digital service that indexes and disseminates privacy policies from a multitude of various websites, and has developed a scale designed to rate these sites based on how they collect and use your personal data. Their idea is to provide a one-stop easy tool that will allow consumers, site publishers, and administrators to compare various privacy policies across a given field at a glance. The hope is that not only will this spur more careful web shopping and browsing by the consumer, but will also provide greater exposure to how companies act with your information, making it advantageous from a public relations perspective for companies to create stronger privacy policies, and to encourage more responsible handling of consumer data.

Specifically, PrivacyChoice measures whether a website shares personal user data with other sites, how long the site retains that data, and whether there is a confirmation process to confirm eventual deletion of that data. Users who visit can search for Web sites they wish to have scored. Users also can download a plug-in app for their web browsers that, when activated, will show a privacy score at the top of each Web site they visit. There is also a downloadable plug-in that will function like an additional tool-bar in your browser that will show you the privacy score of various sites as you surf the web.

“What Is PrivacyScore and What Does It Do?” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the ITRC Blog.