Skip to main content

We give out our confidential personal information all the time with the expectation that it will be protected. When you apply for a credit card, start a new job or visit the doctor’s office, for example, your personal information is collected and stored. But what happens when that information is stored improperly or mistakenly leaked? For you, the results can be serious.

Identity theft is the most dangerous repercussion of leaked confidential information. If an identity thief gains access to your name, address and Social Security number, fraudulent accounts can be created in your name and thousands of dollars worth of charges can be made on those accounts. Even more damaging, some identity theft cases involve criminal acts using stolen identities. For example, if a criminal is arrested and uses a fraudulent identification card in your name, you could have a criminal record, outstanding warrants and fines that you don’t even know about. Cleaning up a credit report and a criminal record because of identity theft can be a long, grueling and a sometimes expensive process.

Most European countries and Canada have federal laws to protect the security of confidential information, but the United States does not have such laws. Instead, the U.S. has sectoral privacy laws like the Health Insurance Portability and Accountability Act (HIPPA), which protects medical records, and the Fair Credit Reporting Act, which regulates consumer credit rights.  But these laws do not protect all uses of personal information, though some states, like California, have broader consumer privacy laws.

In the last several years there have been numerous instances where data breaches have compromised the confidential financial information of millions of Americans. The most recent large-scale data breach occurred at TJX Companies, Inc. in 2006 and reportedly affected over 450,000 customers. Earlier in the same year, the U.S. Department of Veterans Affairs also experienced a massive security breach, in which Social Security numbers of 26.5 million veterans were stolen. Similar breaches have occurred at ChoicePoint Inc., Bank of America, CardSystems Solutions and DSW Shoe Warehouse.

When these data breaches occur, the U.S. Federal Trade Commission (FTC) is the governing authority that investigates and penalizes the companies. Companies are often fined millions of dollars and ordered to setup services to help consumers recover damages. Banks may also sue the companies where the breach occurs, if the breach resulted in fraudulent credit accounts and damages. Consumers also have the ability to sue for damages, but may be best served by joining a class action suit on big cases. A protracted legal battle with a large company can be costly.

A movement to better secure confidential personal information is gaining traction. Advocacy groups like U.S. Pirg and Privacy Rights Clearinghouse are pushing for stronger federal legislation to protect consumer and employee privacy rights. Many companies are also implementing privacy policies to protect both consumer and employee information. For example, The Procter & Gamble Company has an extensive “Global Privacy Policy” that prohibits the sale of personal information and establishes data protection protocols and accountability. Always inquire about a company’s privacy policy before furnishing your personal information.

If you suspect that your personal information has been compromised, your first step should be to put a fraud alert on your credit report so that no credit new accounts can be opened in your name. Protecting yourself should be your number one priority.

—For the best rates on loans, bank accounts and credit cards, enter your ZIP code at