You can now listen to the experts on varying topics through podcasting and vodcasting! Dr. Heather Mark, PhD., and ProPay’s own SVP of Market Strategy, today podcasted on an article featured in the New York Times about the IRS, their regulations, and the efforts of locating missing children. Please visit: mypropay.libsyn.com to listen to the cast!

Most people might think that perceiving a downside to privacy laws is counter-intuitive.  The central objective behind privacy laws is to protect people and their sensitive information from wrongdoers.  However, there are occasions in which privacy laws may actually assist those that are breaking the law.  The New York Times recently ran an article highlighting the challenges that are presented by privacy laws in child abduction investigations.  The article addressed privacy laws, written in the 1970s, that preclude the IRS from turning over any taxpayer information, even to law enforcement.  Strangely enough, evidence indicates that up to a third of people involved in child abductions file tax returns and some even list the abducted child as a dependent – complete with social security number.  The information could be extremely helpful in locating these missing children.  Unfortunately, unless the case is being investigated by federal law enforcement agencies, which most parental kidnappings are not, the IRS is not permitted to provide any information.

The point here is not to portray the IRS in a negative light.  The agency is doing what it is permitted to do by law.  Rather the notion here is to highlight the challenge of legislating privacy practices.  Government and businesses are asked to walk a very fine line between the ensuring only the authorized and appropriate use of information, and ensuring that they are not endangering the public good by maintaining privacy of information.  In drafting laws to protect privacy, a many states have made provisions to account for turning information over in response to subpoenas or other government compulsion.   Many federal privacy laws were drafted prior to the advent of the Internet and the now ubiquitous corporate network.  While adjustments have been made to the laws to account for new technologies, they are often inadequate in their scope.

The aftermath of the September 11, 2001 attacks saw a major swing in privacy laws, allowing the government wide latitude in dealing with personal information – phone records, Internet use and searches, library records, pharmacy purchases, and similar information were rumored to be in the purview of the federal government.  An example of one project of concern is the Total Information Awareness project, in which the government was going to scour public and private databases to search for evidence of terrorist activity.  The Electronic Privacy Information Center listed a number of concerns about the project.  The question for lawmakers and businesses is “Where do you draw the line between personal privacy and public safety?”

Dr. Heather Mark, PhD.  SVP of Market Strategy

The following was published at Focus.com.  “Does PCI Compliance Equal Security?”

This morning I was reading on Yahoo! Finance and came across an article informing of the most risky places to give out your social security number.  According to Kiplinger.com, the top ten most dangerous places to give out your social security number are listed below:

1. Universities and colleges
2. Banking and financial institutions
3. Hospitals
4. State governments
5. Local government
6. Federal government
7. Medical businesses
8. Non-profit organizations
9. Technology companies
10. Health insurers and medical offices

This ‘top ten’ list is based on breaches from January 2009-October 2010 involving Social Security numbers.  What’s more startling is that Social Security numbers are required by law or by the groups’ policies in order to receive services.  Adam Levin, chairman and co-founder of Identity Theft 911 said, “It’s obvious there is no slam-dunk 100% way to protect yourself.  Everywhere you turn, you’re going to run into an organization looking for information from you.” (http://finance.yahoo.com/banking-budgeting/article/111238/10-riskiest-places-to-give-your-social-security-number?mod=bb-budgeting)

So how can consumers relieve themselves from the headache of the possibility of their personal information being breached?  Although  the vast majority of stores try to pull some information from you, whether it is signing-up for a new credit card, or simply requesting your zip code upon check out at retail stores.  Adam Levin suggested a few ways to save yourself from the hardship of identity theft,

• Don’t be so quick to give out your number
• Lock away your social security card
• Protect your number from cyber thieves
• Control the damage

Overall, ask yourself before giving out sensitive information, if the information is really required or needed.  Do not quickly hand over your social security numbers, or other sensitive information, and make sure to keep your SSN, account numbers, or any other personal information in a safe environment.

Travis Allen | Marketing Coordinator, Emerging Markets

As the American technology news this week was being dominated by stories of third party applications sharing user data, the European Union was proposing an unprecedented notion – The Right to Be Forgotten.  The European Union has long been ahead of the United States in both data security and data privacy legislation.  As that body has sought to strengthen consumer and individual protections with respect to their data, the Commissioner has set forth a number of goals.  According to the commissioner, “Individuals should also be clearly informed in a transparent way on how, why, by whom, and for how long their data is collected and used. People should be able to give their informed consent to the processing of their personal data, for example when surfing online, and should have the “right to be forgotten” when their data is no longer needed or they want their data to be deleted.”

Consider the implications of such a right here in the United States.  This year has certainly seen its share of data breaches and is likely to see more before the year’s end.  If consumers had the right to be forgotten, then such breaches would likely diminish in impact.  Certainly, since this writer’s payment card details have been compromised a half dozen times in as many years, such a right would be attractive.  If consumers had the write to essentially erase their online presence and purchase history, the number of those affected by a data breach could be significantly reduced.  MSNBC’s Bob Sullivan has written a post that describes attempts at similar proposals in the United States.

As with most plans in cyberspace, there is a world of difference between the theoretical and the practical.  It will be interesting to see such a principle in practice.  While it’s nice to believe that I could go online and tick a box that says “Forget me,” the technology may not yet allow such a simple solution.  We will certainly follow the European initiative with interest to see what lessons can be learned there and how we can implement similar practices domestically.

Dr. Heather Mark, PhD.  SVP of Market Strategy