Thursday, January 18, 2007

Identity Theft and Privacy Concerns

There was a spirited and informative discussion recently on several mailing lists concerning identity theft and data privacy. Rather than try to summarize the discussion and conclusions here, I decided to post this article from Rootsweb Review dated 17 January 2007 (online here) has the following article:

Using RootsWeb: Private Concerns (Originally published in the RootsWeb Review 13 April 2005, Vol. 8, No.15.)

Question. What can I do if I find private information about myself and my living family members published at RootsWeb?

Answer. That depends upon the nature of the "private" information and where you have found it. Most information about living individuals is not considered "private" and it is widely accessible. Names, dates, andplaces are public, not private, information. GEDCOMs (GEnealogical Data COMmunications) submitted to WorldConnect ( are automatically "cleaned" for entries that involve individuals born prior to 1930 -- if there is no information listed in the death field. The submitter of the GEDCOM can elect an earlier date for treating individuals as "living" or can even remove the living individual from a file completely for public display purposes. The 1930 U.S. census is available to the public. Thus anyone appearing in it might appear in someone's posted family tree, even though that individual is only say 76 years young.

If you find information about yourself in a WorldConnect family tree file you can contact the submitter at the e-mail address provided on any page of the database and politely request that it be removed from public display. However, unless this information is actually private (LIVING Smith is NOT private) in nature and/or concerns someone born after 1930, it can only be removed through the courtesy of the submitter. RootsWeb does not edit or alter these user-owned and controlled trees.

Note: Some genealogy programs allow users to privatize (exclude) certain individuals or data when creating the GEDCOM and prior to submitting it to WorldConnect. However, this approach is not recommended as the data you remove is the very data WorldConnect's filters need to establish whether an individual is to be treated as living or dead. Also, removing data from the raw file you submit to WorldConnect prohibits it from preserving your complete genealogy file to be used by you as a backup should you need to restore lost data on your own computer. If you don't submit it, you can't retrieve it later.

Q. I'm concerned about identity theft and worry that if information about my family is found at RootsWeb it could lead to my identity being stolen.

A. "Identify theft" has become a buzz word, but it is a misnomer. Actually in most instances it refers to credit card theft and most of that happens offline. A recent survey reported on the Better Business Bureau website indicates that the vast majority of so-called "identity theft" cases involve"paper" theft -- not Internet theft. Even the cases that do involve the Internet are the result of computer viruses, spyware, stolen passwords, and "phishing" scams and are not due to information found on genealogy websites. Genealogy websites do not even represent a blip on the radar of this problem.

Q. Banks and credit card companies use my mother's maiden name for identification purposes. Won't having that information available at Roots Web make it possible for someone to steal my identity?

A. Thieves need more than names to get into your bank account. However, you should not use easily found information for identifiers or passwords for your bank, credit card or other financial account information. If you have previously given your mother's maiden name or your birthdate as an account identifier -- call or visit the bank or other institution where you have the account and change the identifying password to one that is not publicly available. Even if you do not post genealogical information on the Internet, your birthdate and mother's maiden name may be publicly accessible in various places and they should not be used for identification purposes. Heed the advice in these articles: .

Safeguard all data which is actually *personal* and should be kept private -- such as your Social Security number, bank account and credit card numbers. Do not include this type of private information in any ofyour genealogical records -- on or off the Internet.

Q. The SSDI (Social Security Death Index) at RootsWeb includes the Social Security numbers of my deceased family members. Won't this put them at risk of having their identities stolen?

A. On the contrary, the publishing of the Social Security numbers and names of deceased individuals enables businesses and other interested parties to verify whether or not a Social Security number is active or whether the account holder is deceased. This actually serves to prevent identity theft by publicly posting a list of deceased individuals. Social Security numbers are not re-used.

Ever since we saw the first "cries of alarm" over someone stealing your identity because you put your real name on one of your e-mails, Richard Pence, a newspaperman and long-time genealogist, has been challenging the various newsgroups and mailing lists to provide him with authenticated information showing that genealogical information was the underlying cause of an identity theft. No one has seriously tried --except Pence claims that he did get an e-mail from someone that claimed "that it actually happened to a neighbor of my cousin." Further questioning revealed that that one statement was the extent of the sender's knowledge about the fate of the neighbor.

Pence reports, "So, although I have made repeated challenges it is now approaching 20 years and no one has provided a documented case("documented" meaning verifiable by police or court records) yet."

[Editor's note: Richard Allen "Dick" Pence is one of the pioneers of computer genealogy. He was among the first to see the value of personal computers for genealogical recordkeeping and began organizing his records with one of the earliest of these machines in 1978.]

Randy's Note: Published with permission of RootsWeb Review. Previously published in RootsWeb Review: 17 January 2007, Vol. 10, No. 3.


mybadcredit said...

Good day, nice blog, good info!
When choosing a secured credit card its very important to make sure the bank reports your card to the major credit bureaus. Not all secured credit cards do this. The secured credit card offered on this page do.

You should also make sure that your new secured credit card offers periodic credit increases. Often times these are unsecured credit increases.
Also, even if you have very bad credit or even no credit, a bad credit credit card guarantees approval. No credit check, No income requirements, no credit history required! You are still guaranteed approval.
There are Secured Credit Cards For People With Bad Credit and list of bad credit credit cards that best address troubled credit situations.
Hope this resource will be useful for your blog and your many readers.
Have a super day!

Anonymous said...

LCSPtk The best blog you have!

Anonymous said...

A. "Identify theft" has become a buzz word,

Wow, you are out of touch and as wrong as it gets...its a very real problem and growing at a rapid pace.
I am living through it now..
My mothers SS# was on Rootsweb less then a week (she just died) and ID thieves had already filed a tax return in her name. I had not even been appointed as executor yet! This was the source for the ID thief without question.
Your giving people the wrong information to promote your cause.
ID theft is very real and happening everyday because of the SSID and sites like roots web. I have worked in the computer security field since 1998 so if any of you think or say otherwise about the problem you need to wake up.