Three Scenarios Where You Should Ask How Your Personal Information Is Protected
Written by: Dustin Pellegrini | Fri, 02 Oct 2015 16:53:23 +0000
The personal information you provide to healthcare providers, insurance companies, car dealerships, and small businesses can leave you vulnerable to identity theft.
"In this ever-evolving cyberthreat landscape, small businesses are often targeted," says Tom Garcia, president and CEO of InfoSight Inc., IT security and compliance company.
While it's impossible to eliminate the possibility that someone will steal your information, a few questions about how your data is being protected can help you decide whether it's worth the risk to hand it over.
Here are three scenarios where consumers might want to consider asking how their personal information is being protected:
1. Buying a car
Car shoppers are generally required to provide personal data when purchasing a new or used vehicle. The information, which can include Social Security numbers (SSNs) and credit card data, could be at risk if the dealership's computer system is hacked, according to David Nathanson, head of the retail advisory practice division at Motormindz, an automotive advisory group.
Nathanson says hackers and fraudsters can abuse this data even if you decide against purchasing the vehicle, so you should find out ahead of time how the dealership plans to protect the personal information that you provide.
2. Filing insurance claims
"Whenever you fill out an application for insurance, you're going to be giving some sensitive information," says Michael Born, vice president, global technology and privacy practice, and account executive for the Global Technology and Privacy practice at Lockton, and independent insurance brokerage firm.
Filing a claim may require less data than initially applying for insurance, but information from your file, such as payment data, your date of birth, or your SSN, may be accessed during processing.
"If that is all aggregated in one place, it can be used by the bad guys to steal your identity or to launch a phishing attack against you," says Born.
While it's important to ask how your data will be protected, even strong security can be broken, so you might also want to regularly monitor your accounts for fraud assuming that your sensitive information could already be out there
3. Receiving health services
Medical paperwork may ask for sensitive consumer data, including SSNs, and if this information is exposed in a breach it can expose thousands of consumers to identity theft. In a healthcare provider's office, consumers may want to consider asking why the data is needed and how it will be protected.
Consumers, can do some digging on their own to find out how healthcare providers are using their data. The U.S. Department of Health & Human Services says that covered entities, including most healthcare providers, must allow you to see your health records, make corrections to them, and opt out of having your personal information used for marketing purposes.
"In most instances, an individual cannot actually change how an organization uses or discloses personal data," says Kate Borten, president of The Marblehead Group, IT security and healthcare compliance consultancy group. Still, privacy notices should be posted by all covered entities, including pharmacies and dentists, and given to consumers upon their first service.
Borten says consumers who are unhappy with the way their data is being shared can make an informed decision to change healthcare providers.
If you're at all concerned about the safety of your data, you may want to consider asking why it's needed, what it will be used for, and how it will be protected. If you don't like the answers, consider doing business elsewhere.
"[Consumers] need to be very aware of the fact that nobody is going to protect their data better than themselves," says Garcia.
What is identity theft? How do criminals use your personal information against you? Find out here.