The impact of these breaches continues to grow. It has reached the point where not only your Social Security number, but also your health information, address, phone number, high school, college, favorite color, political and/or religious preference, or your "perfect" man or woman can be discovered by almost anyone. The worst part is, naturally, that you can't know who has your information, who stole it, and oftentimes when it was stolen. The murky language with which breach incidents are announced and discussed (see above) tells you exactly nothing. You become an unwitting, innocent victim and statistic, without knowing exactly who your assailant is. Before all this, if you got mugged, you would at least know what was stolen, and you probably could describe the thief. Theft these days is much more sophisticated and much less personal.
The Human Factor
Ultimately this isn't about what a few companies should or shouldn't have done when it comes to securing data. The reality is that even when companies employ stringent security protocols, people aren't perfect and sometimes they make mistakes or are derelict in their responsibilities. But because of the globalization of information, handing over client information to third parties is now just part of doing business. Many organizations employ companies to manage things like email marketing projects (we haven't, but will in the future), because they can't do that kind of thing in-house. Hopefully they do their due diligence and asked the right questions about security, but there's always a risk that a person who they don't employ will make a mistake. It's a scary proposition, because regardless of the third-party affiliation, the buck ultimately stops with the company that manages the relationship. As an owner of a couple companies myself, it's the kind of thing that sometimes keeps me up at night.
So what can you, the consumer, do?
It's clear that you can't prevent identity theft. You can do everything right and still be on the wrong database at the wrong moment and suddenly you are in a world of hurt. What you can do is minimize your risk of exposure, employing many of the techniques I have written about. You can enroll in services and engage in practices that can help you detect as quickly as possible that the integrity of your sensitive information has been compromised. You can set up a damage control program to deal with the problem quickly and efficiently should the need arise. You can demand that the institutions with which you do business become as protective of your personal data as they are covetous of their trade secrets and intellectual property. And finally, you can elect people, who appoint people who respect the sanctity of your identity.
Adam Levin is chairman and cofounder of Credit.com. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.