Hoofnagle's Consumer Privacy Top 10

Chris Hoofnagle is the West Coast Director for EPIC. It's his list.

I've been working for some time on writing easy-to-understand guides for protecting privacy. Here's my "top 10" things you can do with very little money or effort to protect your privacy.

Good stuff.

Posted on November 25, 2005 at 8:46 AM • 18 Comments

Comments

Dave W.November 25, 2005 10:26 AM

The text only Google Cache of the page will work. Here is the list (from the cached page):

Hoofnagle's Consumer Privacy Top 10

I've been working for some time on writing easy-to-understand guides for protecting privacy. Here's my "top 10" things you can do with very little money or effort to protect your privacy. I'm presenting this list to the California Office of Privacy Protection later this week, and I'm going to continue to tweak it. I'd appreciate your input. Edits based on your suggestions are marked with and additions.

1. OPT OUT OF PRESCREENED OFFERS OF CREDIT. By calling 1-888-567-8688 or by visiting https://www.optoutprescreen.com/, you can stop receiving those annoying credit and insurance offers.

2. STOP YOUR PHONE RECORDS FROM BEING SOLD. Call your landline and wireless phone companies and request to opt-out of "CPNI" sharing. CPNI is your call records information; most telephone companies sell this data.

3. KEEP YOUR BANKING RECORDS PRIVATE. Under federal law, your bank can sell your account information, including your bank balances, unless to direct them not to. Call all the banks that you use and ask to opt out from all information sharing.

4. GET FREE CREDIT MONITORING. All Americans are now entitled to a free credit report from each of the three nationwide consumer reporting agencies. You can perform a free form of credit monitoring by requesting one of your three credit reports every four months. Visit https://www.annualcreditreport.com or call 1-877-322-8228.

5. DO-NOT-CALL REGISTRY. Enroll your telephone numbers (both landline and wireless) in the Federal Trade Commission anti-telemarketing list by calling 1-888-382-1222.

6. SAFEGUARD YOUR SSN. The Social Security number is the key to identity databases. Those who have it can steal your identity and engage in fraud. Do not keep your Social Security Card or any other document that contains your SSN in your wallet. And don't give out your SSN unless it is in a tax or employment context.

7. END STUDENT PROFILING. Your children's schools can sell personal information to marketers and recruiters. Federal law allows you to opt out of this information sale.

8. AVOID LOYALTY PROGRAMS. Supermarket and other "loyalty" cards track your purchases and make it easier for companies to sell your information. Be loyal to stores without loyalty cards. If you have to use a supermarket shopping card, be sure to exchange it with your friends or with strangers.

9. SECURE YOUR ACCOUNTS. Be sure to place a password on your banking, telephone, and utilities accounts. With a password in place, it makes it more difficult for others to access your information.

10. ENGAGE IN PRIVACY SELF-DEFENSE. Don't give your phone number or other personal details to businesses unless they really need it. Don't complete product warranty cards, surveys, or sweepstakes--these are just tools used to collect and sell your data. Be sure to ask businesses how they use your personal information, whether they sell it, and how they protect it.

Posted by Chris Hoofnagle at November 14, 2005 05:43 PM

IO ERRORNovember 25, 2005 12:37 PM

I have several supermarket shopping cards, none of which have my name (or any real person's name) and all of which have no real address, either. They still work, too.

ShuraNovember 25, 2005 1:24 PM

Interesting list, but it seems that most of it applies to US-Americans only - pity. I was expecting something more global. :)

Bruce SchneierNovember 25, 2005 2:18 PM

"Interesting list, but it seems that most of it applies to US-Americans only - pity. I was expecting something more global."

A lot of these sorts of recommendations are going to be country-specific, as they are largely dependent on local laws.

Do Not Call?November 25, 2005 2:29 PM

True story:
A reserach company has been calling for the past two months. My wife and I have both told them to remove us from their list -- repeatedly. It was not done. Part of it was our fault -- we'd say: Remove us and then hang up.

So last time they called, I told the guy if they don't stop calling they will be getting a lawsuit for harassment (don't know if that is legal, but what the heck, right).. he tells me: we don't have authority to do that. Now, I can't confirm whether or not that is true, but the supervisor supposedly did. Is it really a legal out for them to not give the caller permission? I would think that once I say: Take me off. That should be enough. Am I wrong?

gregNovember 25, 2005 5:56 PM

My goodness. What arn't US companies legaly alowed to trade? Your soul would be fair game too eh? No wonder lots of ppl refuse to accept jobs in the US! (me included, my wife flat refused to go to the US- even with a large sum of money that was offered)

@Do Not Call

Well i don't about the US. But there was a case here in NZ. The guy said that if he was called again then that would constite a agrrement to pay him $500 (can't remeber the exact amount, but thats a ball park figure). They called, he went to small claims court and won. Don't know if they called again.

Greg

IthikaNovember 25, 2005 7:34 PM

@ Greg

Got any more info (a link?) on the story about the New Zealand contract-over-phone? If it's true I'd like to see more. Sounds like a good laugh anyway.

Something which UK residents can try: Save up your junk mail prepaid response envelopes. Then you can mail them back at Christmas time filled with nonsense. Make it heavy nonsense, as they have to pay the postage by weight for it all. Tie it to a brick and post the whole thing! :)

YongqiNovember 26, 2005 2:00 AM

Hey I know this is kinda off-topic and should better be posted in a crytography forum, but I can't find one so I'll post the question here: what is the impact of the tweable block cipher? I noticed that the new version of TrueCrypt uses a cipher block of operation based upon a treakable cipher, but is this secure? This is kinda new, is there proof that this new mode of operation is secure?

Thanks in advance.

another_bruceNovember 26, 2005 8:48 AM

@greg
i applaud your wife's refusal to come here. it is hypocritical to come to a country you hate just for a ton of cash, gorging like a tick on its fair bosom but bad-mouthing it all the while.

PhilNovember 28, 2005 7:21 AM

@IO ERROR sayeth:

>>I have several supermarket shopping cards, none of which have my name (or any real person's name) and all of which have no real address, either. They still work, too.<<

Ever use a credit or debit card in conjunction with those supermarket shopping cards?

JJOctober 8, 2008 12:50 PM

Companies doing market research are exempt from the DO NOT CALL list. However, I have discovered this is nothing more than an "out." They will "Claim" it's "market research" when they are actually trying to sell something. When you tell them to not call again, they will "claim" the exemption because of "market research." This is not entirely true. If you tell them you are on the "do not call" list, and you ask to be removed, they are required to remove you. If they don't, you can sue! Even if they are a "market research" company or charity.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..