What Does Lexis Nexis Know About Me?

LexisNexis (which acquired ChoicePoint) is the largest data-broker in the world. They create vast profiles on people and use that information to create various reports that they sell to companies of all kinds. These reports are used to make decisions about renting, insurance and more. In the past these reports have been purchased by law enforcement and criminal organizations; all to find out more information about you.

It might be a good idea to find out what's in your report, but it turns out neither simple web searching or LexisNexis themselves do much for listing out all the types of data they know about you. Well here's the list of information they had (or could have had) from my personal LexisNexis dossier:

Auto/Property Insurance Records:

LexisNexis is tied into the "Current Carrier" insurance information system used by insurance companies and agencies when deciding to issue you a policy. Think of it like a "credit report for insurance".

This includes 7 years worth of:

  • Name of insurance company
  • Your policy number
  • Type of policy (auto, boat, fire, quake, tenant, home, etc).
  • Risk type (standard, preferred, facility, etc).
  • Policy start date
  • Policy termination date and reason for termination
  • Names of each subject found on the policy

For auto, this also includes:

  • Insured vehicle (including VIN, year, and make)
  • Type of vehicle
  • Coverage amounts

For property, this also includes:

  • Address of property
  • Eviction records

Personal information that may be included

  • Date of Birth (partially omitted; ex. like 06/##/1970)
  • Sex
  • Social Security Number (Minus the last four digits)
  • Driver's license number (partially omitted)

"C.L.U.E"® insurance loss information reports (apparently reports on whether you're a high risk person or not)

"Esteem" report

This report lists circumstances relating to theft while working at a retail company (admitted or convicted).

In my case, this was of course blank so I don't know specifically what data items would have been included. Most entertaining, there's a line in the report that reads "If you believe we should have information about you in our Esteem Database, let us know"…. Wow.

Background Investigation

If any company ever pays LexisNexis to perform a background check on you, LexisNexis will keep the information for future sales purposes. This may include your full date driving record and your personal credit file.

Screennow ® report

This report shows results of a national criminal records search.

Public Records

  • Professional licences held (Doctor, lawyer, pharmacist, barber, insurance agent, pilot, etc)
  • Address history
  • Deed transfer data
  • Aircraft registration
  • Loan information (where the loan was secured with collateral: i.e. a car)
  • Bankruptcies, liens, and judgements
  • Controlled substance license (in case you want to know who can legally get illegal drugs)
  • Business affiliations – When you're an officer or principal of an incorporated company
  • Significant shareholder records

Employment history

They claim they'll only have history of employers who previously asked LexisNexis to do a background check on you.

Does that make you uncomfortable?

Data brokers are just a business like any other, but as the credit report companies proved, buying and reselling data carelessly leads to disaster. Considering that these reports are FAR more detailed with a much wider variety of information, I can only imagine the consequences of allowing them to proceed as they have been.

Fortunately, you may not have to.

I was able to order my report using this webpage. I believe that doing so would be a good idea, but after that, make sure to also use their opt out procedures if you can.

It turns out that they'll only let your data go if you can prove that you're an identity theft victim or in imminent danger of bodily harm (police officer, public officials, etc). But it's easy to understand why they make it hard. After all, why would you set free one of your prize milk cows for no good reason?

In the end, I hope that strong regulation is introduced before we reach a problem like we did with identity theft.

Tags: , ,

What’s in Your Data Profile?

LexisNexis and ChoicePoint are two of the largest data-brokers in the world. They’re only product is information about you which they buy and sell with little to no regulation of any kind. I have always wondered what kind of information they keep about us, and now I know. In the profile I ordered from them, I found not only several pieces of my personal information, but descriptions of other kinds of information that they collect. Here is a summary:

Information they Had

  • Full first, middle, and last name
  • Wife first, middle, and last name
  • Address history with dates and locations
  • Social Security Number
  • Full date of birth
  • Driver’s License Number
  • Vehicle VIN
  • Insurance history including companies, policy details, dates of coverage, accidents, claims filed, etc.

Information they Collect, but Didn’t Have For Me

  • Auto and property insurance history
  • Pre-employment background report including “personal credit information” and state driving record.
  • An Esteem® report which lists admitted or convicted cases of theft while visiting or working at a retail company (used by retailers for hiring).
  • A ScreenNow® report which displays a ChoicePoint national criminal records search of your name and personal information (used for hiring and volunteer work).
  • A Resident Data® history that includes personal credit information and a criminal record search (used for rental applications).
  • A Resident Data® eviction report used for resident screening.
  • FAA Aircraft Registrations
  • Uniform Commercial Code filings (when securing a loan with collateral).
  • Bankruptcies, Liens, and Judgments
  • Professional Licenses
  • Pilot Licenses
  • Marine Radio Licenses
  • Controlled Substance Licenses (for physicians, dentists, pharmacies).
  • Firearms and Explosives Licenses
  • Business Affiliations (for officers or principals of an incorporated Company).
  • Significant Shareholders Search Results – If your name and address appear at the top of a corporation record.

And the most exciting part of all of this is that you never asked to be part of their profiles, they just take it. Neat huh?

Tags: , ,

Data Abuse

We're making <b>BILLIONS</b> every year off <i>your</i> data!
We're making BILLIONS every year off your data!

At first you might not believe me when I say that your information is valuable. Where you eat, how much you spend for Christmas, your struggle with weight… all these things give companies an advantage in convincing you to give money to them and based on history, companies are only too happy to use every advantage against you as long as they make money (extended warranties, Product Rebates, Gift Cards, etc.)

So the new cash cow is private information about people that will help companies sell things to you more effectively.

Step 1: Get as much of your data as they can.

While doing business with someone, they ask for information they don't actually need for their business. Sometimes they do it to support planned future capabilities and sometimes they do it for targeted marketing. And in some cases, they just sell it to someone else for some extra cash.

It happens all the time, but one of the more egregious examples I've personally seen was a small video-rental store who asked for your social security number as part of the sign up!

The best way to do this of course is to create a site or service where you will choose to volunteer personal data about yourself for no particular reason. For example: Facebook. Facebook openly uses the information in your profile to target ads to you sometimes in quite insulting ways:

With the knowledge that I was engaged to be married, the site splashed an ad across the left side of the screen playing into a presumed vulnerability. Do you want to be a fat bride? You'd better go to such-and-such Web site to learn how to lose weight before the big day.

Which brings us to step number 2…

Step 2: Use all the data to market to your interests (and also your weaknesses and insecurities).

The Risks

Even if you don't see a problem with the companies you do business with capturing and storing information you didn't give them permission to have, what about when they sell it or lose it. That's the basis of the ID theft problem which exists because of one kind of data broker, but those are carefully regulated now and only capture one kind of data.

What about some of the other possibilities that arise when there are "citizen files" out there for anyone to have and use?

Manipulation

Companies complain and moan about how they need all this data to "tailor your experience". What that means is, "exploit you where you're weak" and make money from you.

A gift from a friend...
A gift from a friend...

A company that buys the customer list from Jenny Craig might guess that you have weight control problems and send you advertisements for diet plans and pills, or worse: catalogs for gourmet chocolates. If your purchase records show items like newborn diapers and formula, perhaps now is the time to hit you up for contributions for college funds and insurance.

Even worse, what if I decide I don't like you for some reason (damn you, you took the last donut in the breakroom!), but I know that you're a recovering alcoholic (saw it in your profile). Your Facebook page says your wife and kids are going to be out of town for the weekend so what if I drop a "gift from a friend" on your doorstep for you to find in the morning? Specifically a wine sampler or kegger.

I could literally destroy your life just by pushing you in the right place at the right time.

Exclusion and Prejudice

History shows data can be turned against us quickly.
History shows data can be turned against us quickly.

Let's say you have AIDS and many people don't understand the disease. If your doctor or hospital shared the information with marketers (or if your purchasing records show AIDS-related medication), it could spread. Maybe your gym would cancel your membership fearing the backlash if others found out. Maybe your kids would get kicked out of school by an administration that doesn't understand the risks. Maybe neighbors would start vandalizing your house thinking you've got the plague.

Think that's extreme? Didn't you ever hear of Ryan White? Or take a quick stroll through US history to find that census data was used during World War II to identify Americans of Japanese descent for internment. They didn't even have a communicable disease, they were just foreign!

Crime

How easy is it to stalk you if your name and address are always available from the nearest data broker?

If I have access to your credit card receipts or your "shopper card" records, it's easy for me to see whether you have stuff worth robbing.

If I know your annual income is off the charts, perhaps I can arrange to have your son kidnapped (which becomes even easier because I know your daycare provider's name is listed on your credit card statement).

Fixing the problem

A citizen should be able to control their own data. This does NOT mean that you should be able to just correct data, but that (minus being involved in crimes) you should exist in no databases against your will. All services should be usable without any personally identifiable information, or in the cases that such information is required (such as delivery of an item or billing), the data should be erased from all records, databases, backups etc. upon completion of the transaction.

Companies should only ask for information they need and delete as much information as they can after the transaction is complete

For example: public libraries and video rental stores keep records of what is checked out, but they have no business keeping that data once the item has been checked back in. This serves no legitimate purpose and should be disallowed. They can keep information on what was checked out and when for organization and statistics, but the personal information should be removed.

Another example: If I make a credit card purchase online, I should not have to worry that they are keeping my card on file against my will. It should be used for the transaction only and then purged.

And another: I should not have to create an account with any web store just to make a purchase! Forced registrations are identity abuse and have no legitimacy in a consumer transaction. If I wanted to provide my data for easier checkout on return business, I would do so!

So, put simply, there needs to be stiff regulation of the storage and use of data.

They Can't Lose Data They Don't Have

If you don't keep my data on file, you can't lose it

There's a very simple philosophy I follow when it comes to data security. It doesn't matter how bad the security is or how smart the hackers are, if a company doesn't have my data, they can't lose it.

So remember every time there's a data breach and millions of customers' credit cards are stolen… It's not smart hackers, it's the data abusers who stored your information in the first place.

Tags: ,
IDENTITY THEFT
How to Steal Identities - Why It's So Easy
Credit Freeze
Data Defense
Credit Monitoring
Id Theft Insurance
The Identity Theft Victim's Mini-Guide to Recovery
PRIVACY
The Geek Privacy Principle
Nothing to Hide
Data Abuse
RFID - Radio Frequency IDentification
Privacy Alias/Persona
Data Defense
INTERNET SAFETY
Online Addiction
The Consequences of Posting Online
Photo Safety
Tricks and Scams
Account Hijacking
Trusting Companies
PASSWORDS
Bad Passwords
Password Tips and Tricks
Password Protection
Password Mugging
Computer Security
E-mail Safety
Kids and Computers
Shopping Online
Retailers
All About Warranties

Data Abuse

Learn how your data is taken from you and used against you by large companies for their own benefit.

[Click for full description]

How to Steal Identities - Why It's So Easy

Just why is it so easy to steal identities? Where is all this information coming from!?

[Click for full description]