Fact Sheet 18: Online Privacy
http://www.privacyrights.org/fs/fs18-cyb.htm

Copyright 1995-2003. Utility Consumers' Action Network / Privacy Rights Clearinghouse.
June 1995. Revised August 2003

This copyrighted document may be copied and distributed for nonprofit, educational purposes only. The text of this document may not be altered without express authorization of the Privacy Rights Clearinghouse. This fact sheet should be used as an information source and not as legal advice. PRC fact sheets contain information about federal laws as well as some California-specific information. Laws in other states may vary. But in general, our fact sheets are applicable to consumers nationwide. This publication was originally developed under the auspices of the University of San Diego.

Privacy Rights Clearinghouse
3100 - 5th Ave., Suite B
San Diego, CA 92103
Voice: (619) 298-3396
Fax: (619) 298-5681
Contact Us: www.privacyrights.org/inquiryform.html
Web: www.privacyrights.org


--------------------------------------------------------------------------------

Privacy in Cyberspace:
Rules of the Road for the Information Superhighway



If you have access to a computer and a modem, you are licensed to drive on the information superhighway. And you are one of a growing number of online participants.

The Internet offers many benefits. Web sites provide a vast world of information, entertainment, and shopping at our fingertips. Electronic mail, instant messaging, and chat rooms enable us to communicate with friends, family, and strangers in ways we never dreamed of a decade ago.

But the Internet also creates many threats to our personal privacy. Unless you know the "rules of the road," your online activity may lead to significant privacy problems.

This guide is divided into four sections:

Part one: Expectations of privacy in cyberspace
Part two: Online tracking and monitoring
Part three: Tips for safeguarding your privacy online
Part four: Additional resources

PART ONE: EXPECTATIONS OF PRIVACY IN CYBERSPACE

What are "online communications?"

"Online communications" are communications over telephone, cable networks, or wireless systems using computers. Examples of online communications include connecting to the Internet through an Internet Service Provider (ISP) such as America Online or Earthlink, or accessing the Internet from a public library or community computer center. Mobile access to the Internet is increasing via hand-held PDAs, pagers, and other devices. (For a directory of ISPs, see Additional Resources at the end of this guide.)

The Internet raises some unique privacy concerns. Information sent over this vast global network may pass through dozens of different computer systems on the way to its destination. Each of these systems is operated by its own administrator and may be capable of capturing and storing online communications. Furthermore, your online activities can potentially be monitored by your Internet Service Provider (ISP) and by web sites that you visit.


What level of privacy can I expect in my online activity?

Often the level of privacy you can expect from an online activity will be clear from the nature of that activity. Sometimes, however, an activity that appears to be private may not be. There are virtually no online activities or services that guarantee absolute privacy. This guide informs you about ways to maximize the privacy of your online activities and avoid common pitfalls.

Public Activities

Many online activities are open to public inspection. Engaging in these types of activities does not normally create an expectation of privacy. In fact, according to federal law, it is not illegal for anyone to view or disclose an electronic communication if the communication is "readily accessible" to the public (Electronic Communications Privacy Act, 18 USC § 2511(2)(g)(I)).

Newsgroups. For example, a message you post to a public newsgroup or forum is available for anyone to view, copy, and store. In addition, your name, electronic mail (e-mail) address, and information about your service provider are usually available for inspection as part of the message itself.

Most public postings made on the Internet are archived in searchable files, for example, http://groups.google.com. Thus, on the Internet, your public messages can be accessed by anyone at anytime -- even years after the message was originally written. Before you post a message to a public forum, ask yourself if want an employer or family member to be able to read your posting in years to come. (See Additional Resources at the end of this guide.)

Listserves. Other public activities may allow your message to be sent to multiple recipients. Online newsletters and "listserves" are sent to a mailing list of subscribers. If you wish to privately reply to an individual who has posted a message in an online newsletter or listserve, be sure you address it specifically to that person's address, not to the newsletter address. Otherwise, you might find that your message has been sent to everyone on the mailing list.

Subscriber directories. You should not assume that your service account information will be kept private. Most ISPs provide online member directories that publicly list all subscribers to the service. Some of these directories may list additional personal information. Most service providers will allow users to remove their information from these directories upon request. Be aware that some service providers may sell their membership lists to direct marketers.

Domain registration. Many individuals obtain their own website name, called domain names, for example, www.XYZfamily.org. Domain registrations are public information. Anyone can look up the owner of a domain name online by using a service such as www.checkdomain.com or www.internic.net/whois.html. To see how easy it is to find out who owns a web address, use this service to check our domain name, privacyrights.org. Don’t use personal e-mail or home address information when you register for a personal domain name. Just be sure you can be reached when the service sends you the annual reminder to update the domain name.

"Semi-Private" Activities

The presence of security or access safeguards on forums or services can lead you to believe that communications made within these services are private. Some forums are restricted to users who have a password. While communications made in these forums may initially be read only by the members with access, there is nothing preventing those members from recording the communications and later transmitting them elsewhere.

One example of this kind of activity is the real-time "chat" conference, in which participants type live messages directly to the computer screens of other participants. Often these activities are described as "private" by the service provider. However, chat room users may capture, store, and transmit these communications to others outside the chat service. Additionally, these activities are subject to the same monitoring exceptions that apply to "private" e-mail (see next section). For chat safety tips, visit the Cyber Angels web site at www.cyberangels.org/101/chat/

"Private" Services

Virtually all online services offer some sort of "private" activity that allows subscribers to send personal e-mail messages to others. The federal Electronic Communications Privacy Act (ECPA) makes it unlawful under certain circumstances for someone to read or disclose the contents of an electronic communication (18 USC § 2511). This law applies to e-mail messages.

But, ECPA is a complicated law and contains many exceptions. It makes a distinction between messages in transit and those stored on computers. Stored messages are generally given less protection than those intercepted during transmission. Here are some exceptions to the ECPA:

The online service may view private e-mail if it suspects the sender is attempting to damage the system or harm another user. However, random monitoring of e-mail is generally prohibited.

The service may legally view and disclose private e-mail if either the sender or the recipient of the message consents to the inspection or disclosure. Many ISPs require a consent agreement from new members when signing up for the service.

If the e-mail system is owned by an employer, the employer may inspect the contents of employee e-mail on the system. Therefore, any e-mail sent from a business location is probably not private. Several court cases have determined that employers have a right to monitor e-mail messages of their employees. (See PRC Fact Sheet 7 on employee monitoring, www.privacyrights.org/fs/fs7-work.htm.)

Services may be required to disclose private information in response to a court order or subpoena.

The USA PATRIOT Act, passed by Congress after the terrorist attacks of September 11, 2001, reduces the checks and balances of ECPA regarding law enforcement access to records about online activity. And it expands the types of records that can be sought without a court order. For additional information about the USA PATRIOT Act, visit the web sites of the Electronic Frontier Foundation, www.eff.org, the Electronic Privacy Information Center, www.epic.org, the Center for Democracy and Technology, www.cdt.org, and the American Civil Liberties Union, www.aclu.org.
To summarize: Your e-mail message may be handled by several different online services during delivery. The administrator of each of these systems may view e-mail under the exceptions to the ECPA, explained above. Law enforcement can access your online records without your consent. Additionally, an e-mail message may be disclosed to the ISP if either the sender or recipient consents.


PART TWO: ONLINE TRACKING AND MONITORING

Can online services track and record my activity?

Yes. Many people expect that their online activities are anonymous. They are not. It is possible to record virtually all online activities, including which newsgroups or files a subscriber accesses and which web sites are visited. This information can be collected by a subscriber's own ISP and by web site operators.

Cookies. When you "surf" the web, many web sites deposit data about your visit, called "cookies," on your hard drive When you return to that site, the cookie data will reveal that you’ve been there before. The web site might offer you products or ads tailored to your interests, based on the contents of the cookie data.

Most cookies are used only by the web site that placed it on your computer. But some, called third-party cookies, communicate data about you to an advertising clearinghouse which in turn shares that data with other online marketers. Your web browser and some software products enable you to detect and delete cookies, including third-party cookies. (For additional information about cookie blocking, see Additional Resources at the end of this guide.)

Web Bugs. A web bug is a graphic in a web site or an "enhanced" e-mail message that enables a third party to monitor who is reading the page or message. The graphic may be a standard size image that is easily seen, or it may be a nearly invisible one-pixel graphic. E-mail messages that include graphic displays like web sites are known as enhanced messages, also called stylized or HTML e-mail. The web bug can confirm when the message or web page is viewed and record the IP address of the viewer. The IP address is a multi-digit number that uniquely identifies a computer or other hardware device (such as a printer) attached to the Internet.

You can defeat web-bugs by reading your email while offline, an option on most email programs. You can also install a software program that detects web bugs. To learn more about web bugs, visit www.bugnosis.org. This site offers a free bug detection program. Many software products that detect and delete third-party cookies are also able to detect web bugs. The latest version of Microsoft Internet Explorer enables users to turn off third-party cookies and disable web bugs.

Marketing uses and "spam." Records of browsing patterns are a potentially valuable source of revenue for online services and commercial web site operators. Direct marketers can use such data to develop targeted lists of online users with similar likes and behaviors. Such data can also lead to unsolicited e-mail, known as "spam." Additionally, browsing data may prove embarrassing for users who have accessed sensitive or controversial materials online.

Browsers. It’s important to be aware of the information transmitted to remote computers by the software you use to browse web sites. The major browsers are Netscape Navigator and Microsoft Internet Explorer.

Most web browsers invisibly provide web site operators with information about your ISP as well as information about other web sites you have visited. Some web browsers, particularly if they have not been updated with security fixes, may be tricked into reporting the user’s default e-mail address, phone number, and other information in the "address book" if the browser also handles your e-mail. (See the demonstration in Additional Resources to learn more about the information transmitted by your browser.)

Privacy policies and web seals. The Federal Trade Commission urges commercial web site operators to spell out their information collection practices in privacy policies posted on their web sites. Most commercial web sites now post policies about their information-collection practices. Look for a privacy "seal of approval," such as TRUSTe (www.truste.org), on the first page of the web site. TRUSTe participants agree to post their privacy policies and submit to audits of their privacy practices in order to display the logo.

Other seals of approval are offered by the Council of Better Business Bureaus (BBB), www.bbbonline.org, the American Institute of Certified Public Accountants, WebTrust, www.cpawebtrust.org, and the Entertainment Software Rating Board, www.esrb.org/privacy.


Workplace monitoring. Individuals who access the Internet from work should know that employers are increasingly monitoring the Internet sites that an employee visits. Be sure to inquire about your employer's online privacy policy. If there is none, recommend that such a policy be developed. (See the PRC Fact Sheet 7 on employee monitoring, www.privacyrights.org/fs/fs7-work.htm, and Fact Sheet 12 on responsible information-handling practices, www.privacyrights.org/fs/fs12-ih2.htm.)

Law enforcement access. In order for law enforcement officials to gain access to subscriber transactional records, they usually must obtain a court order demonstrating that the records are relevant to an ongoing criminal investigation (Communications Assistance for Law Enforcement Act, 18 USC § 2703(d)). This provision prevents "fishing expeditions" by government officials, hoping to find evidence of crimes by accident. But, as described in Section One above, the USA PATRIOT Act, passed into law in November 2001 in the aftermath of the September 11 terrorist attacks, has weakened these provisions.

Can an online services access information stored in my computer without my knowledge?

Yes. Many of the commercial online services such as AOL automatically download graphics and program upgrades to the user's home computer. The subscriber is notified of these activities. But other intrusions are not so evident. News reports have documented that some services have admitted to both accidental and intentional prying into the memory of personal computers. Companies typically explain that they collect information such as users’ hardware, software and usage patterns to provide better customer service.


It is difficult to detect these types of intrusions. You should be aware of this potential privacy abuse and investigate new services thoroughly before signing on. Always read the privacy policy and the service agreement of any online service you intend to use.

Can hackers get into my computer?

An increasing number of users are accessing the Internet via high-speed cable modems and telephone-based DSL connections. When you are using a broadband "always-on" service, you are particularly vulnerable to attacks by hackers. We advise that you install a firewall device that monitors your network activity and allows only the activities you have authorized. You should also check with your provider’s website for instructions on securing your computer by removing unnecessary services and installing security updates to protect your computer. A free firewall software product is provided by Zonelabs, www.zonelabs.com.

What is spyware and how can I know if it’s on my computer?

Spyware is any software or hardware device that reports your activity. "Adware" spyware is installed by software companies as an additional source of income. "Monitoring" spyware was originally intended for parents and employers to monitor computer activity, including file access and keystroke logging, to protect against improper usage by children and employees. "Diagnostic" spyware is used by software companies to log errors and usage habits to improve the next generation of software. The user is usually not aware that spyware has been installed – hence, its name. The Additional Resources section at the end of this guide lists programs that locate and remove spyware.

What about cybercafes, airports, and other publicly-available Internet terminals?

We advise that you do not use public terminals to access your bank account, check your credit card statement, pay bills, or access any other personally or financially sensitive information. Publicly-available Internet terminals are not likely to be closely supervised to ensure online privacy and security. They are used by many individuals every day. Ask the company that operates the public terminal how often they check their computers for spyware. Find out if they have installed a program that clears Internet caches, deletes cookies, erases surfing history, and removes temporary files. If the program does not automatically activate when users logoff, find out how you can run the program before you end your session.

PART THREE: TIPS FOR SAFEGUARDING YOUR PRIVACY ONLINE

What can I do to protect my privacy in cyberspace?

When you are sitting alone at your computer, "surfing the Net", sending electronic mail messages and participating in online forums, it's easy to be lulled into thinking that your activities are private. Be aware that at any step along the way, your online messages could be intercepted and your activities monitored in the vast untamed world of cyberspace.

1. Your account is only as secure as its password. Create passwords with nonsensical combinations of upper and lower case letters, numbers and symbols, for example tY8%uX. Do not use the same or variations of the same password for different applications. One way to create a password that is easier to remember is to use the first or last letters in a favorite line of poetry. Intermingle these letters with numbers and punctuation marks. "Mary had a little lamb" becomes m*ha2ll or y!dae5b.

Change your password often. Don't let others watch you log in. Don’t print your password on a post-it note and attach it to your video monitor. If you must write down or record your password, take steps to secure or disguise the information.

2. Look for the privacy policy of the online services you use. Most Internet Service Providers (ISP) have adopted privacy policies that they post on their web sites and other user documentation. When you surf the web, look for the privacy policies posted on the web sites you visit. Also look for a privacy "seal" such as TRUSTe or BBBOnline. If you are not satisfied with the policy, or if there is no policy or seal logo posted, avoid using the site.

3. Check your browser’s cookie settings. We’ve come a long way from the days when browsers hid their cookie activity and gave users no options. Now you may accept or reject all cookies, or you may allow only those cookies generated by the website you are visiting. Be aware that when you use cookie management options, you might delete cookies for websites you trust. You may want to set a security level for trusted websites while blocking cookie activity for all others.

4. Shop around. Investigate new services before using them. Post a question about a new service in a dependable forum or newsgroup. Use a search engine such as http://groups.google.com to find archived discussions and newsgroup postings about the service that you are considering. Bad reputations get around quickly in cyberspace. If others have had negative experiences with a service, you should get the message.

5. Assume that your online communications are not private unless you use encryption software. But most encryption programs are not user-friendly and can be inconvenient to use. If you do not use encryption, at least take the following precautions: Do not provide sensitive personal information (phone number, password, address, credit card number, Social Security number, your health information, date of birth, vacation dates, etc.) in chat rooms, forum postings, e-mail messages, or in your online biography.

6. Be cautious of "start-up" software that registers you as a product user and makes an initial connection to the service for you. Typically, these programs require you to provide financial account data or other personal information, and then upload this information automatically to the service. These programs may be able to access records in your computer without your knowledge. Contact the service for alternative subscription methods.

7. Note that public postings made on the Internet are often archived and saved for posterity. It is possible to search and discover the postings an individual has made to Usenet newsgroups and blogs (web logs). (See http://groups.google.com.) Ask yourself if you want an employer, family member, or a marketer to be able to link you to your public postings. Use a pseudonym and a nondescriptive e-mail address when you participate in public forums. Consider obtaining an e-mail address from one of the free web-based e-mail services such as www.hotmail.com or www.yahoo.com. Create a non-identifying e-mail address and use it when you participate in newsgroups and other public forums.

8. The "delete" command does not make your e-mail messages disappear. They can still be retrieved from back-up systems. Software utility programs can retrieve deleted messages from your hard drive. If you are concerned about permanently deleting messages and other files on your program, you should use a file erasing program such as the freeware program at http://cleanup.stevengould.org or the cleanup features of general utility software such as Norton's (http://www.symantec.com/sabu/ncs/) CleanSweep.

9. Your online biography, if you create one, may be searched system-wide or remotely "fingered" by anyone. If for any reason you need to safeguard your identity, don't create an online "bio." Ask the system operator of your ISP to remove you from its online directory.

10. If you publish information on a personal web page, note that marketers and others may collect your address, phone number, e-mail address and other information that you provide. If you are concerned about your personal privacy, be discreet in your personal web site.

11. Be aware of the possible social dangers of being online: harassment, stalking, being "flamed" (emotional verbal attacks), or "spamming" (being sent unsolicited messages). Women can be vulnerable if their e-mail addresses are recognizable as women's names. Consider using gender-neutral e-mail addresses and pseudonyms.

12. If your children are online users, teach them about appropriate online privacy behavior. Caution them against revealing information about themselves and your family. (See the Additional Resources section at the end for details.)

13. Use only secure web sites when you transmit sensitive personal information over the Internet. When you provide your credit card account number to a shopping site, for example, be sure that the transmission is secure. Look for the unbroken padlock at the bottom right of the screen. Also make sure the web address has the letter ‘s’ after http in the address bar at the top of the page. For additional online shopping tips, read the PRC’s e-commerce guide at www.privacyrights.org/fs/fs23-shopping.htm

14. Be aware that online activities leave electronic footprints for others to see. Your own ISP can determine what search engine terms you use, what web sites you visit, and the dates, times, and durations of your online sessions. Web site operators can often track the activities you engage in by placing "cookies" on your computer. They can learn additional information if they ask you to register on their site. Your web browser also can transmit information to web sites.

You can avoid leaving tracks when you surf the web by using "anonymizing" services. Take advantage of privacy protection tools, often called privacy-enhancing technologies (PET). Discussed here are encryption, anonymous remailers, anonymous surfing services, and storage protection software. You can find Additional Resources at the end of this guide.

Encryption. Encryption is a method of scrambling an e-mail message or file so that it is gibberish to anyone who does not know how to unscramble it. The privacy advantage of encryption is that anything encrypted is virtually inaccessible to anyone other than the designated recipient. Thus, private information may be encrypted and then transmitted, stored, or distributed without fear that it will be read by others. Strong encryption programs such as PGP (Pretty Good Privacy) are available online.

Anonymous remailers. It is relatively easy to determine the name and e-mail address of anyone who sends e-mail or who posts messages on public forums. Anonymous remailers are intermediaries that receive e-mail, strip off all identifying information, then forward the mail to the appropriate address.

Anonymous surfing services. By combining the functions of remailers, disposable email addresses, and proxy servers, these ISP services mask your identity by acting as an agent to transfer data between an Internet website and your browser.

Storage security and protection software. Software security programs help prevent unauthorized access to files on your personal computer. For example, one program encrypts every directory with a different password so only the person who knows the password can open it. These programs may include an "audit trail" that records all activity on the computer's drives. Steganos Security Suite is an example, at www.steganos.com/en/sss/features.htm


PART FOUR: ADDITIONAL RESOURCES

Several nonprofit public interest groups advocate on behalf of online users. They also provide extensive information about privacy issues on their web sites.

Center for Democracy and Technology
1634 I St. N.W. #1100, Washington, DC 20006
Voice: 202-637-9800.
E-mail: info@cdt.org.
Web: www.cdt.org

Computer Professionals for Social Responsibility
P.O Box 717, Palo Alto, CA 94302
Voice: 415-322-3778
E-mail: cpsr@cpsr.org
Web: www.cpsr.org.

Electronic Frontier Foundation
454 Shotwell St., San Francisco, CA 94110
Voice: 415-436-9333
E-mail: eff@eff.org
Web: www.eff.org.

Electronic Privacy Information Center
1718 Connecticut Ave. N.W., Suite 200, Washington, DC 20009
Voice: 202-483-1140
E-mail: info@epic.org
Web: www.epic.org.

PrivacyActivism
Voice: 415-225-1730
E-mail: info@privacyactivism.org
Web: www.privacyactivism.org

Privacy Foundation
University of Denver, Mary Reed Bldg.
2199 South University Blvd.
Denver, CO 80208
Voice: 303-871-4971
E-mail: info@privacyfoundation.org
Web: www.privacyfoundation.org

Privacy Rights Clearinghouse
3100 - 5th Ave., Suite B, San Diego, CA 92103
Voice: 619-298-3396
Contact Us: www.privacyrights.org/inquiryform.html
Web: www.privacyrights.org.
The Federal Trade Commission is the federal government’s primary agency for online privacy oversight. Its web site provides a great deal of information on public policy matters as well as consumer tips.

Federal Trade Commission
600 Pennsylvania Ave. N.W.
Washington, DC 20580
Web: www.ftc.gov/privacy/index.html
Federal government consumer web site: www.consumer.gov
Several public interest groups have sponsored the online Computer Privacy Guide at www.consumerprivacyguide.org. This site offers extensive tips, a glossary of terms, and video tutorials with step-by-step instructions on how to take advantage of privacy settings for the programs you use online.

Free online newsletters discuss a wide variety of cyberspace privacy issues:

Computer Privacy Digest: CPD can be read as a Usenet newsgroup, comp.society.privacy. Or to receive CPD via e-mail, send a request to the newsletter's moderator at: comp-privacy-request@uwm.edu. Visit its web site, www.uwm.edu/Org/comp-privacy.

Privacy Forum: For subscription information, send an e-mail message to privacy-request@vortex.com. Put the words "subscribe privacy" in the body of the message. Visit its web site at www.vortex.com/privacy.

Several of the above-listed public interest groups offer free online newsletters with information about legislative issues, the latest news, publications, international topics, and more. You can subscribe to their newsletters at their web sites as follows:

Center for Democracy and Technology, www.cdt.org/publications
Electronic Frontier Foundation, www.eff.org/effector
Electronic Privacy Information Center, www.epic.org/alert/subscription.html
The following web sites contain additional information on online privacy:

Anonymous remailers. For information about anonymous remailers, the following online resource is helpful: "Anonymous Remailers FAQ," compiled by Andre Bacard, www.andrebacard.com/remail.html.

Anonymous surfing. Several commercial services offer anonymous web-surfing tools, including: www.anonymizer.com, www.freedom.net, and www.ultimate-anonymity.com. These services are reviewed at www.Webveil.com.

Children. If your children are online users, request the free brochure, "Child Safety on the Information Highway," from the National Center for Missing and Exploited Children. Phone: 800-843-5678. Web: www.safekids.com.

Learn more about "parental control" software by visiting the web site "Resources for Internet Parents," www.netparents.org.

The Federal Trade Commission offers extensive resources for children and parents. Visit www.ftc.gov/bcp/conline/edcams/kidzprivacy/index.html. To learn more about the Children’s Online Privacy Protection Act, go to www.ftc.gov/privacy/index.html. See also PRC Fact Sheet 21, "Children in Cyberspace" at www.privacyrights.org/fs/fs21-children.htm.

Cookies. To learn more about cookies blockers and other types of online filters, visit www.junkbusters.com, www.consumerprivacyguide.org, www.cookiecentral.com, and www.spamblocked.com/proxomitron.


Demonstration. To see a demonstration of the kind of information that can be captured about your computer via your browser when you surf the web, visit www.privacy.net/analyze.

Encryption. To learn more about the commercial encryption program PGP, visit www.pgp.com. For PGP freeware information visit the MIT Distribution Center at http://web.mit.edu/network/pgp.html and the International PGP Home Page at www.pgpi.org.

Glossary. For a comprehensive dictionary of online terms, visit the Center for Democracy and Technology’s www.consumerprivacyguide.org/glossary. The Privacy Foundation web site also provides a glossary of terms, www.privacyfoundation.org/resources/glossary.asp.

Internet Service Providers. For a directory of ISPs, see Boardwatch’s Directory of Internet Service Providers at www.boardwatch.com/ASP/Search/NationalISP.asp.

Opting out. To opt-out of the sharing of cookie data with advertisers, visit the Network Advertising Initiative web site at www.networkadvertising.org.

Privacy-enhancing technologies. The EPIC web site provides a section on software products that you can use to add extra layers of protection when you surf the web, www.epic.org/privacy/tools.html. Also, visit the Privacy Links page of the Privacy Rights Clearinghouse for more software tools and products, www.privacyrights.org/links.htm.

Search Engines. Search engines include: www.google.com, www.northernlight.com, www.dogpile.com, www.lycos.com and www.yahoo.com. They enable you to find a "needle in the haystack" by searching web sites using subject words, personal names, and organization names. To find public forum postings, visit Google to search a 20-year archive of Usenet postings, http://groups.google.com. The web site www.paml.net provides a search engine for many other mail discussion lists that are not necessarily considered public. Participants of such lists are not always aware that their postings are being archived.

Spam. Find tips on how to reduce unsolicited e-mail messages at www.spamcop.net or www.stop-spam.org. The PRC’s Fact Sheet 20 provides a list of additional web sites that provide spam-fighting tips, www.privacyrights.org/fs/fs20-spam.htm. To learn about state spam laws, go to www.spamlaws.com.

Spyware. The Ad-Aware product is a free spyware removal utility that scans your computer’s memory, registry, and hard drives for known spyware components and lets you remove them, www.lavasoftusa.com. Other spyware-fighting tools can be found at the PRC’s links page, www.privacyrights.org/links.htm#tools.

Articles of Interest

Americans and Online Privacy: The System is Broken -- June 2003
www.appcpenn.org/reports/2003/turow-privacy-no-cover.pdf
Please note: We have provided the names and web addresses of several commercial and freeware products in this guide. Such mention does not imply endorsement.

Privacy Rights Clearinghouse

Fact Sheet 20: Anti-Spam Resources
http://www.privacyrights.org/fs/fs20-spam.htm

Copyright 1997-2003. Utility Consumers' Action Network / Privacy Rights Clearinghouse
Oct. 1998 / Updated February 2003


This copyrighted document may be copied and distributed for nonprofit, educational purposes only. The text of this document may not be altered without express authorization of the Privacy Rights Clearinghouse. This fact sheet should be used as an information source and not as legal advice. PRC fact sheets contain information about federal laws as well as some California-specific information. Laws in other states may vary. But in general, our fact sheets are applicable to consumers nationwide.

Privacy Rights Clearinghouse
3100 - 5th Ave., Suite B
San Diego, CA 92103
Voice: (619) 298-3396
Fax: (619) 298-5681
Contact Us: www.privacyrights.org/inquiryform.html
Web: www.privacyrights.org
Last Modified: December 17, 2003


--------------------------------------------------------------------------------

Anti-Spam Resources: Halting the Junk E-Mail Juggernaut

There are many fine web sites which contain tips on ways to reduce unwanted e-mail solicitations, also known as "spam" and "junk e-mail." Rather than reinvent the wheel, we list several such sites below. These, in turn, will lead to many more such sites.

In light of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act) that was recently signed into law, this website will be updated shortly with information about how the Act will impact the distribution of spam. In the meantime, the CAN-SPAM Act can be read in its entirety at http://thomas.loc.gov/cgi-bin/query/D?c108...p/~c108kkwbaI::

www.cdt.org/speech/spam/030319spamreport.pdf Center for Democracy & Technology spam report
spam.abuse.net/spam "Fight Spam on the Internet" Scott Hazen Mueller, Editor
www.spamcop.net Julian Haight's Free spam reporting tools, $30/yr email filtering
combat.uxn.com/tracing.html Best interactive explanation of tracing email spam
www.cauce.org Coalition Against Unsolicited Commercial E-Mail
www.tmicha.net Provides free email accounts filtered to remove spam and offers useful information on reducing spam.
www.imc.org/imc-spam "Limiting Unsolicited Bulk Email" Internet Mail Consortium (industry group)
www.moralityinmedia.org/stopSpam.htm Morality in Media, combating pornographic spam
www.spamrecycle.com Forward spam for filtering other spam, $15/yr service
www.spamcon.org SpamCon Foundation (Favors "legit" spam)
www.computercounsel.com Attorneys Practicing Computer Law
www.stop-spam.org/Recommended_Providers/ Recommended ISP providers that fight spam
ddi.digital.net/~gandalf/spamfaq.html alt.spam FAQ or "Figuring out fake E-Mail & Posts"
www.spamhaus.org/rokso/index.lasso ROKSO (Register of Known Spam Operations) These are the 100+ most determined spammers.
www.spamhaus.org/rationale.html List of Software used by Spammers
www.aboutspam.com Bruce Miller, Washington State Spam Consultant
www.junkbusters.com/junkemail.html JunkBusters' Junk Email Headlines
www.sprocket.com/security/stopping-uce.html Technical info on stopping spam
www.sendmail.org/antispam.html Technical info to modify Sendmail to stop spam
cageyconsumer.com/areacode.html Big list of Telephone lookup tools to identify spammers
www.webguardian.com/report.html Free service combating the virtual abuses, web thieves, dishonest catalog companies and computer pirates
www.antispam.org.br Anti-Spam Group in Brazil
www.ftc.gov/reports/spam/030429spamreport.pdf April, 2003 FTC Report--False Claims in Spam
www.dmaconsumers.org/consumers/optoutform_emps.shtml Direct Marketing Association's Opt Out E-mail Preference Service

The following links provides information on the movement to have spam and junk e-mail regulated by federal and state government.

www.spamlaws.com Spam Laws - John Marshall School of Law
law.spamcon.org SpamCon Foundation Law Center
Formally the Suespammers Project

http://www.privacyrights.org/fs/fs7-work.htm

Fact Sheet 7: Workplace Privacy

Copyright © 1993-2003. Utility Consumers' Action Network / Privacy Rights Clearinghouse
Mar. 1993 Revised September 2002

This copyrighted document may be copied and distributed for nonprofit, educational purposes only. The text of this document may not be altered without express authorization of the Privacy Rights Clearinghouse. This fact sheet should be used as an information source and not as legal advice. PRC fact sheets contain information about federal laws as well as some California- specific information. Laws in other states may vary. Overall, our fact sheets are applicable to consumers nationwide. This publication was originally developed under the auspices of the University of San Diego.

Privacy Rights Clearinghouse
3100 - 5th Ave., Suite B
San Diego, CA 92103
Voice: (619) 298-3396
Fax: (619) 298-5681
Contact Us: www.privacyrights.org/inquiryform.html
Web: www.privacyrights.org


--------------------------------------------------------------------------------

Employee Monitoring: Is There Privacy in the Workplace?

Employers want to be sure their employees are doing a good job, but employees don't want their every sneeze or trip to the water cooler logged. That's the essential conflict of workplace monitoring.

New technologies make it possible for employers to monitor many aspects of their employees' jobs, especially on telephones, computer terminals, through electronic and voice mail, and when employees are using the Internet. Such monitoring is virtually unregulated. Therefore, unless company policy specifically states otherwise (and even this is not assured), your employer may listen, watch and read most of your workplace communications.

Telephone Monitoring

Can my employer listen to my phone calls at work?

In most instances, yes. For example, employers may monitor calls with clients or customers for reasons of quality control. However, when the parties to the call are all in California, state law requires that they be informed that the conversation is recorded or monitored by either putting a beep tone on the line or playing a recorded message. (California Public Utilities Commission General Order 107-B, www.cpuc.ca.gov/Published/Graphics/567.pdf) Not every business is aware of this requirement, so your calls might still be monitored without a warning. Federal law, which regulates phone calls with persons outside the state, does allow unannounced monitoring for business-related calls. (See Electronic Communications Privacy Act, 18 USC 2510, et. seq., www.law.cornell.edu/uscode .)

An important exception is made for personal calls. Under federal case law, when an employer realizes the call is personal, he or she must immediately stop monitoring the call. (Watkins v. L.M. Berry & Co., 704 F.2d 577, 583 (11th Cir. 1983)) However, when employees are told not to make personal calls from specified business phones, the employee then takes the risk that calls on those phones may be monitored.

Privacy Tip: The best way to ensure the privacy of your personal calls made at work is to use your own mobile phone, a pay phone, or a separate phone designated by your employer for personal calls.

If I wear a headset, are my conversations with co-workers subject to monitoring?

Yes. The conversations you have with co-workers are subject to monitoring by your employer in the same way that your conversations with clients or customers are. If you wear a headset, you should use the same care you would if you were talking to a customer or client on the phone. Some headsets have "mute" buttons which allow you to turn off the transmitter when you are not using the telephone.

Can my employer obtain a record of my phone calls?

Yes. Telephone numbers dialed from phone extensions can be recorded by a device called a pen register. It allows the employer to see a list of phone numbers dialed by your extension and the length of each call. This information may be used to evaluate the amount of time spent by employees with clients.

Employers often use pen registers to monitor employees with jobs in which telephones are used extensively. Frequently, employees are concerned that the information gathered from the pen register is unfairly used to evaluate their efficiency with clients without consideration of the quality of service.

Computer Monitoring

If you have a computer terminal at your job, it may be your employer's window into your workspace. There are several types of computer monitoring.

Employers can use computer software that enables them to see what is on the screen or stored in the employees' computer terminals and hard disks. Employers can monitor Internet usage such as web-surfing and electronic mail.


People involved in intensive word-processing and data entry jobs may be subject to keystroke monitoring. Such systems tells the manager how many keystrokes per hour each employee is performing. It also may inform employees if they are above or below the standard number of keystrokes expected. Keystroke monitoring has been linked with health problems including stress disabilities and physical problems like carpal tunnel syndrome.


Another computer monitoring technique allows employers to keep track of the amount of time an employee spends away from the computer or idle time at the terminal.
Is my employer allowed to see what is on my terminal while I am working?

Generally, yes. Since the employer owns the computer network and the terminals, he or she is free to use them to monitor employees.

Employees are given some protection from computer and other forms of electronic monitoring under certain circumstances. Union contracts, for example, may limit the employer's right to monitor. Also, public sector employees may have some minimal rights under the United States Constitution, in particular the Fourth Amendment which safeguards against unreasonable search and seizure.

There may be some additional rights for employees in California given specific statutes of that state. See the paper by Los Angeles attorneys John Caragozian and Donald Warner, Jr., titled "Privacy Rights of Employees Using Workplace Computers in California," published in 2000.

How can I tell if I am being monitored at my terminal?

Most computer monitoring equipment allows employers to monitor without the employees' knowledge. However, some employers do notify employees that monitoring takes place. This information may be communicated in memos, employee handbooks, union contracts, at meetings or on a sticker attached to the computer.

In most cases, employees find out about computer monitoring during a performance evaluation when the information collected is used to evaluate the employee's work.

Electronic Mail and Voice Mail

Is electronic mail private? What about voice mail?

In most cases, no. If an electronic mail (e-mail) system is used at a company, the employer owns it and is allowed to review its contents. Messages sent within the company as well as those that are sent from your terminal to another company or from another company to you can be subject to monitoring by your employer. This includes web-based email accounts such as Yahoo and Hotmail as well as instant messages. The same holds true for voice mail systems. In general, employees should not assume that these activities are not being monitored and are private. Several workplace privacy court cases have been decided in the employer’s favor. See for example:

Bourke v. Nissan, www.loundy.com/CASES/Bourke_v_Nissan.html
Smyth v. Pillsbury, www.loundy.com/CASES/Smyth_v_Pillsbury.html
Shoars v. Epson, www.law.seattleu.edu/fachome/chonm/Cases/shoars.html
When I delete messages from my terminal, are they still in the system?

Yes. Electronic and voice mail systems retain messages in memory even after they have been deleted. Although it appears they are erased, they are often permanently "backed up" on magnetic tape, along with other important data from the computer system.

My employer's electronic mail system has an option for marking messages as "private." Are those messages protected?

In most cases, no. Many electronic mail systems have this option, but it does not guarantee your messages are kept confidential. An exception is when an employer's written electronic mail policy states that messages marked "private" are kept confidential. Even in this situation, however, there may be exceptions. (See Smyth v. Pillsbury.)

Is there ever a circumstance in which my messages are private?

Some employers use encryption to protect the privacy of their employees' electronic mail. Encryption involves scrambling the message at the sender's terminal, then unscrambling the message at the terminal of the receiver. This ensures the message is read only by the sender and his or her intended recipient. While this system prevents co-workers and industrial "spies" from reading your electronic mail, your employer may still have access to the unscrambled messages.

Workplace Privacy Protections

What about my employer's promises regarding e-mail and other workplace privacy issues. Are they legally binding?

Not necessarily. Usually, when an employer states a policy regarding any issue in the workplace, including privacy issues, that policy is legally binding. Policies can be communicated in various ways: through employee handbooks, via memos, and in union contracts. For example, if an employer explicitly states that employees will be notified when telephone monitoring takes place, the employer generally must honor that policy. There are usually exceptions for investigations of wrong-doing. If you are not already aware of your employer's workplace privacy policies, it is a good idea to become informed.

In Smyth v. Pillsbury, the employee’s termination was upheld by the court, even though the company had a policy of allowing e-mail use for personal communications. In this case, the employee had sent messages to co-workers that were deemed highly inappropriate for workplace communications. (Smyth v. Pillsbury, C.A. NO. 95-5712, U.S. District Court for the Eastern District of Pennsylvania, Jan.18, 1996, Decided, Jan. 23, 1996, Filed. www.Loundy.com/CASES/Smyth_v_Pillsbury.html )

Are there any laws that deal with workplace privacy?

Currently there are very few laws regulating employee monitoring. If you are concerned about this issue, contact your federal legislators, especially the members of the House and Senate Labor committees in Congress. (See PRC Fact Sheet No. 18 "Privacy in Cyberspace," www.privacyrights.org/fs/fs18-cyb.htm.)

Are there organizations that assist employees regarding workplace privacy?

Yes. There are several groups that are actively involved in workplace monitoring issues and that advocate stronger government regulation of employee monitoring activities.

National Work Rights Institute
166 Wall St.
Princeton, NJ 08540
(609) 683-0313
Web: www.workrights.org

9 to 5, the National Association of Working Women
231 W. Wisconsin Ave. No. 900
Milwaukee, WI 53203
(414) 274-0925
Hotline (800) 522-0925
Web: www.9to5.org

Workplace Fairness

www.workplacefairness.org
Affiliated with the National Employment Lawyers Association, www.nela.org
American Civil Liberties Union
125 Broad Street, 18th Floor
New York, NY 10004-2400
(212) 549-2500
Publications Ordering: 1-800-775-ACLU (2258)
Web: www.aclu.org

The American Civil Liberties Union (ACLU) also has information related to workplace privacy issues that are not discussed in this fact sheet. Some of the issues of growing concern involve psychological testing, drug testing, polygraph or lie-detector testing and off-the-job surveillance of employees. Visit the ACLU’s Web site at www.aclu.org.

Labor groups are taking a stronger interest in workplace monitoring. If your union represents employees’ interests regarding workplace monitoring, please contact the Privacy Rights Clearinghouse so we can include information in this publication. Contact Us: www.privacyrights.org/inquiryform.html

Privacy Rights Clearinghouse

http://www.privacyrights.org/fs/fs25a-JobSeekerPriv2.htm

Fact Sheet 25a: Avoiding Online Job Scams
Copyright © 2004 Pam Dixon, www.worldprivacyforum.org
July 2004
Posted on Privacy Rights Clearinghouse web site with permission of Pam Dixon.


This copyrighted document may be copied and distributed for nonprofit, educational purposes only. The text of this document may not be altered without express authorization of Pam Dixon, pdixon@worldprivacyforum.org and the Privacy Rights Clearinghouse. This fact sheet should be used as an information source and not as legal advice.
Privacy Rights Clearinghouse
3100 – 5th Ave., Suite B
San Diego, CA 92103
Voice: (619) 298-3396
Fax: (619) 298-5681
Contact us: www.privacyrights.org/inquiryform.html
Web: www.privacyrights.org


--------------------------------------------------------------------------------

Avoiding Online Job Scams:
Critical Tips for Job Seekers
Job seekers who use online job search web sites must be careful to avoid a type of job scam in which the applicant is asked to accept payment to his or her own bank account. These are known as payment-forwarding or payment-transfer scams.
Payment-transfer scams involve a con artist who pretends to be an employer. The con artist uses a job ad to lure an unsuspecting job seeker, or they may use information from a resume they have found online. Such con artists can be quite convincing, and may even steal company names and corporate logos to convince victims that they are legitimate employers.
After the con artist has won the job seeker's trust, the con artist tricks the job seeker into giving up bank account numbers. The reasons given for this can be clever. One ploy is to tell the job seeker they can only deliver paychecks by "direct deposit."
The "job" a job seeker will be asked to do involves forwarding or wiring money from a personal bank account, a PayPal account, or from Western Union to another account. The other account is often overseas. As part of their pay, the job seeker is instructed to keep a small percentage of the money as their payment. Sometimes the payment for making the money transfer is as low as $15. Sometimes it is as high as several hundred or several thousand dollars. Almost always, the money the victims are transferring is stolen, and therefore, the victims are committing theft and wire fraud. Usually, this kind of scam involves at least two or three victims.
There are many variations of payment-forwarding scams. Following are very simple tips that will go far to protect you from falling victim. Again, this scam can be quite clever and refined.
1. Never give personal bank account, PayPal account, or credit card numbers to an employer.
2. Never agree to have funds or paychecks direct deposited to any of your accounts by a new employer.
3. Never forward, transfer, or "wire" money to an employer.
4. Do not transfer money and retain a portion for payment.
Legitimate employers do not need job seekers' bank account numbers. While direct deposit of a paycheck is a convenience, if that is the only option an employer offers, then job seekers should not accept the job. A legitimate employer will give job seekers the option of direct deposit, but not demand that it be used. Job seekers should wait until they have met the employer in person before agreeing to a direct deposit option.
While some jobs may require an employee to make money transfers for employers, legitimate employers making this request will go to extraordinary efforts to check the job seeker prior to making the hire. This would involve meeting the job seeker in person and conducting rigorous interviews. This kind of job hire would not be made via email or even the telephone or a single meeting. Job seekers need to draw a line and understand that transferring money for employers is off-limits, period.
Known Red Flags

Payment-forwarding scams contain certain "red-flags" that should alert you to fraudulent job ads. Here are the known red flags:
Request for bank account numbers.


Request for Social Security number (SSN).


Request to "scan the ID" of a job seeker, for example, a drivers' license. Scam artists will say they need to scan job seekers' IDs to "verify identity." This is not a legitimate request.


A contact email address that is not a primary domain. For example, an employer calling itself "Omega Inc." with a Yahoo! email address.


Misspellings and grammatical mistakes in the job ad.


Monster.com lists descriptive words in job postings that are tip-offs to fraud. Their list includes "package-forwarding," "money transfers," "wiring funds," "eBay," and "PayPal." World Privacy Forum researchers also found that the terms "Foreign Agent Agreement" often appears in contracts and emails sent to job seekers.

Please see Appendix A (http://www.worldprivacyforum.org/jobscamreportpt1.html#appendixA) in the World Privacy Forum report for examples of what the emails and contracts for this kind of money transfer scam look like. The Timeline (http://www.worldprivacyforum.org/jobscamtimeline.html) has multiple examples of what the fraudulent job ads look like.
Most Effective Steps for Victims of Job Scams

Unfortunately, not everyone will escape job fraud in time. Job seekers who are victimized by payment-forwarding scams are advised to take the following steps.
1. Close all bank accounts at the bank where the scam took place. It is a good idea to change banks to avoid "social engineering" attempts by the con artists to fool bank workers into giving out new account information.
2. Order a credit report from all three credit bureaus every 2 to 3 months. Watch the reports for unusual activity. If you have given your SSN to the fraudster, we advise that you place fraud alerts on your three credit reports – Experian, Equifax, and TransUnion. For information on how to establish fraud alerts, read Privacy Rights Clearinghouse Fact Sheet 17a on identity theft, http://www.privacyrights.org/fs/fs17a.htm.
3. Victims of payment-forwarding scams should contact their local Secret Service field agent. The Secret Service handles complaints of international fraud. Fraud victims should also file a police report with local law enforcement officials as well.
4. Victims should report the company name, the job posting, and all contact names to the job sites where the scam was posted.
5. Victims should permanently close all email addresses that were associated with the job fraud.

Visual examples of what the fraudulent jobs look like, and what these scams look like in action are at http://www.worldprivacyforum.org/umabtips.html
Resources

First Report on Bogus Job Ads

The original consumer report relating to payment-forwarding job scam, issued in December 2003 by the World Privacy Forum, may be found at http://www.worldprivacyforum.org/consfraudalert1.html.


FTC Complaint Line

Call this number to file a complaint about fraudulent jobs posted on an online job search web site. (877) 382-4357.

To file a complaint online, go to www.ftc.gov.


Fact Sheet with Privacy Tips for Online Job Seekers

Fact Sheet 25, "Online Job Search Web Sites: Tips to Safeguard Your Privacy," http://www.privacyrights.org/fs/fs25-JobSeekerPriv.htm

Consumer Agencies in Your Area

To find a consumer agency near you, visit the U.S. government's Consumer Assistance Directory at www.consumeraction.gov/state.shtml

Credit Bureaus

To order your credit reports:
Equifax: (800)-685-1111

Experian: (888) 397-3742

TransUnion: (800) 888-4213


To place a fraud alert on your credit reports:

Equifax: (800) 525-6285

Experian: (888) 397-3742

TransUnion: (800) 680-7289

Fact Sheet No. 6a: Facts on FACTA


Copyright 2004. Privacy Rights Clearinghouse / Utility Consumers' Action Network
August 2004

This copyrighted document may be copied and distributed for nonprofit, educational purposes only. The text of this document may not be altered without express authorization of the Privacy Rights Clearinghouse. This fact sheet should be used as an information source and not as legal advice. PRC fact sheets contain information about federal laws as well as some California-specific information. Laws in other states may vary. But in general, our fact sheets are applicable to consumers nationwide.
Privacy Rights Clearinghouse
3100 5th Ave., Suite B
San Diego, CA 92103
Voice: (619) 298-3396
Fax: (619) 298-5681
Contact PRC: http://www.privacyrights.org/inquiryform.html
Web: http://www.privacyrights.org

Fact Sheet No. 6: How Private Is My Credit Report?

Copyright 1992 - 2004. Privacy Rights Clearinghouse / Utility Consumers' Action Network
Nov. 1992. Revised August 2004
This copyrighted document may be copied and distributed for nonprofit, educational purposes only. The text of this document may not be altered without express authorization of the Privacy Rights Clearinghouse. This fact sheet should be used as an information source and not as legal advice. PRC fact sheets contain information about federal laws as well as some California-specific information. Laws in other states may vary. But in general, our fact sheets are applicable to consumers nationwide. This publication was originally developed under the auspices of the University of San Diego.
Privacy Rights Clearinghouse
3100 5th Ave., Suite B
San Diego, CA 92103
Voice: (619) 298-3396
Fax: (619) 298-5681
Contact PRC: http://www.privacyrights.org/inquiryform.html
Web: http://www.privacyrights.org

(there's a lot of info so see the link)

http://www.privacyrights.org/ar/ChronDataBreaches.htm

A Chronology of Data Breaches
Reported Since the ChoicePoint Incident

The data breaches noted below have been reported because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver's license numbers. A few breaches that do NOT expose such sensitive information have been included in order to underscore the variety and frequency of data breaches. However, we have not included the number of individuals affected in such breaches in the total because we want this compilation to reflect breaches that expose individuals to identity theft as well as breaches that qualify for disclosure under state laws.

The catalyst for reporting data breaches to the affected individuals has been the California law that requires notice of security breaches, the first of its kind in the nation, implemented July 2003.
www.privacyrights.org/ar/SecurityBreach.htm
www.privacy.ca.gov/recommendations/secbreach.pdf


continue here http://www.privacyrights.org/ar/ChronDataBreaches.htm

PRC Privacy Update
September 26, 2006 – No. 4:4
========================================
In this issue . . .

[1] Our New Online Guide: Revised, Revamped, and Required
Reading for Internet Users
[2] Privacy Tip: Your Cell Phone Can Continue Talking Even
After You Get Rid of It
[3] Alert: Keep Your Internet Searches Private
[4] Warning: Zabasearch E-mail Is Misleading

=========================================
[1] Our New Online Guide: Revised, Revamped, and Required
Reading for Internet Users

The Internet has become the phone book, the dictionary, the
postal service … in short, a necessity of daily life. Our
newly revised online guide addresses the Internet’s sweeping
presence in our lives.

Fact Sheet 18 now tackles everything from blogs to Nigerian
letters, giving you the who, what, where and most importantly,
privacy pointers to guide you in your cyberspace travels. It
takes you on a tour of cyberspace, educating you on how you
can protect yourself at each stop.

Part One explores the ways in which you give information to
other people on the Internet, including signing up for Internet
service, using e-mail, browsing the Internet, using social
networks and instant messages, maintaining personal Web sites
and blogs, and using online banking services.

Part Two looks at how this information can be obtained by others,
including marketers, employers, government officials, law
enforcement, and criminals.

Part Three offers tips for protecting your privacy. Part Four
provides additional resources.

This comprehensive guide aims to give you peace of mind when
using the Internet. In the physical world you are aware when
you are buying something from a street bazaar as opposed to
a shopping mall and can make decisions accordingly. In the
online world it can feel like you have blinders on making it
difficult to tell the phony from the legitimate. After reading
our guide you should be able to travel in cyberspace with your
eyes wide open.



=========================================
[2] Privacy Tip: Your Cell Phone Can Continue Talking Even
After You Get Rid of It

It may not seem like common sense to clean your trash before
you throw it away, but with technology that is exactly what
you should do. Before you sell, donate or discard your cell
phone, make sure that your personal information has been
permanently deleted.

According to Trust Digital, a mobile security software company,
many phone manufacturers use “flash” memory chips to store
information. These chips are similar to those used in digital
cameras and some music players.

Manufactures welcome this type of memory chip because it is
inexpensive and durable. However, it takes longer to permanently
erase information.

Owners of expensive phones, such as Blackberries, Treos and other
PDAs, are more likely to try and resell or give away their old
models. Unfortunately, these phones tend to contain sensitive
personal data, including client contact information, e-mails,
spreadsheets and other files.

The PRC recommends:

- Follow the steps listed in your phone manual for
“safely deleting” or “permanently deleting.” The instructions
often involve complicated or repetitious key strokes. If you
are not confident that the instructions offer the type of security
you are looking for, call your phone company and ask about the
proper data deletion procedures.

- Consider not storing sensitive information on your phone.
Most people do not own cell phones for longer than a few years,
which may mean it is not the ideal place to keep passwords,
account numbers, and other valuable information.

- If your personal or work phone contains job-related files
or sensitive corporate information, check with your employer
about data deletion procedures.

To read the full alert, visit:
www.privacyrights.org/ar/CellDelete.htm

========================================
[3] Alert: Keep your Internet Searches Private

Internet users were shocked to learn that the search queries of
over 600,000 individuals were exposed online by AOL recently.
Although the personal names of AOL users had been replaced with
numbers, apparently for a research project, reporters and others
were able to determine the identities of several people. Search
terms revealed medical conditions, illegal activities, illicit
interests, financial information, even Social Security numbers.

The retention of search logs is a common practice of search
engine companies, not only AOL, but also the other major services
such as Google, MSN, Ask, and Yahoo. But a little-known search
engine has made a name for itself by bucking the trend.

Ixquick, a search engine based in the Netherlands, promises it
will permanently delete all users’ personal search details from
its log files. With this privacy policy, established in June 2006,
Ixquick stands heads taller than its peers. www.ixquick.com

To date, the other search engines store users’ search details for
at least some time. Google stores search data indefinitely. Other
popular search engines, including MSN, Ask, and Yahoo also have
policies indicating that they store user data for an undefined
period of time.

Ixquick will delete a user’s IP address and has designed a cookie
that will not identify an individual user. It says it deletes all
personal information within 48 hours.

Switching to Ixquick does not mean you have to give up the other
search engines. Ixquick is a metasearch engine, which means that
it returns the top-ten results from multiple other search engines.
It uses a star system to rank its results -- by awarding one star
for every result that has been returned from another search engine.
Thereby, the top search results are the ones that have been returned
>from the maximum number of search engines.

To read the full alert, visit:
www.privacyrights.org/ar/Ixquick.htm

=========================================
[4] Warning: Zabasearch E-mail is Misleading

An e-mail message warns of a “new” database being available to
the general public free of charge that displays your personal
information (name, address, phone number, birth date). This message
has been circulating through the Internet for several years. It
contains some accurate and some inaccurate information.

The database that this e-mail message is warning about is Zabasearch.
It is not a new database; it has been in existence for years, as
have many dozens of other similar sites. Our Web site includes a
fact sheet about public records that explains how and why all these
companies can (and do) access and distribute your information.
www.privacyrights.org/fs/fs11-pub.htm

The e-mail message tells recipients that they can receive information
about removing their name by sending Zabasearch an e-mail at
info@zabasearch.com. However, even if you follow their instructions
and request removal from their data files, they will continue to
regularly refresh their data. Your contact information will likely
reappear when they purchase the next batch of public records (i.e.,
property ownership documents, court records, marriage license,
divorce decree, bankruptcy filing, and in some states voter
registration).

If you want to opt-out of these databases, please review our
entire listing of some of the largest on-line information resellers
and then contact each of them individually to attempt to opt-out
(request name removal) from those that permit it. Following is a
direct link to this listing of information brokers on our Web site:
www.privacyrights.org/ar/infobrokers.htm This guide will be revamped
and updated in the coming months.

Reader Beware! If you do choose to opt-out, please think carefully
before you give the databases any additional personal information
as part of the opt-out process. Read our above-mentioned guide
before taking the step to actually opt-out.

Be sure to contact your elected officials and the Federal Trade
Commission to complain that your personal information is available
online and that you often have no power to delete, correct, or
control it. Here is a link to the FTC website: www.ftc.gov and
click on the "complaint" box at the top of the page. Also, if a
company posts a privacy policy stating that they will remove your
information upon request and then fails to do so, we encourage you
to file a complaint against them both with the FTC and the Better
Business Bureau (you can do so using their on-line complaint form
available at www.bbb.org).


About the Privacy Rights Clearinghouse

The PRC is a non-profit consumer information and
advocacy organization, based in San Diego, CA.

To contact PRC staff:

Beth Givens, Director
bgivens@privacyrights.org

Tena Friery, Research Director
tfriery@privacyrights.org

Patricia, Consumer Advocate
patricia@privacyrights.org

Paul, Consumer Advocate
Paul@privacyrights.org

Leslie Flint, Legal Research Associate
and newsletter editor
lflint@privacyrights.org

For more information about our nonprofit organization,
go to: www.privacyrights.org/about_us.htm

PRIVACY RIGHTS CLEARINGHOUSE
3100 5th Ave., Suite B
San Diego, CA 92103
Voice: 619-298-3396
Fax: 619-298-5681
Web: www.privacyrights.org
=================================

To read the full fact sheet, visit
www.privacyrights.org/fs/fs18-cyb.htm .

Sabu

PRC Privacy Update
December 6, 2006 – No. 4:5
========================================
In this issue . . .

[1] Contact the FTC: Speak Out About Pre-Recorded
Telemarketing Calls
[2] Privacy Resolutions: Make 2007 Prosperous and
Private!
[3] Advice: Add These Tips to Your Shopping List
[4] Alert: FTC Sends Claims Forms to ChoicePoint
ID Theft Victims
[5] Donations: Help Make the Holiday a Happy One
for the PRC

=========================================
[1] Contact the FTC: Speak Out About Pre-Recorded
Telemarketing Calls

Did you put your telephone number on the national
Do-Not-Call Registry (DNC), but still get sales calls
from companies you’ve never heard of? Quite likely many
unwanted sales calls you get today are not made by a live
person. Instead many companies use auto-dialers, programmed
to start a recorded message the minute you answer the phone.
But, the calls that probably really get your dander up are
the “dead air” calls, when you run to catch the phone but
are met with silence.

Even if you signed up for DNC list, FTC rules allow companies
that claim an “established business relationship” (EBR) to
still call you. You have an EBR, the FTC says, if you purchased
something within the previous 18 months or even inquired about
a product or service within the previous three months. With a
claimed EBR, a company can still call you, but the FTC did not
say the company could leave a prerecorded message. And, the FTC
rules still allow a percentage of “dead air” calls.

In November 2004, the FTC announced a proposal to grant a
telemarketing industry petition to allow prerecorded messages
for sales calls based on an EBR. The PRC, joined by the Utility
Consumers’ Action Network (UCAN), filed comments strongly opposing
this move. (www.privacyrights.org/ar/FTC-TSREBR.htm)

Just recently in October 2006, the FTC issued another request
for comment saying it had decided against allowing prerecorded
messages for established clients. The agency indicated it was
strongly swayed by comments from over 13,000 consumers and
consumer advocates.

The FTC is again asking the public to weigh in with opinions
on prerecorded messages and “dead air” (abandoned) calls.
Specifically, the FTC is asking for comments, among other things,
on whether it should include an explicit prohibition on prerecorded
telemarketing calls. The agency also wants to know if a “reasonable”
consumer would consider prerecorded telemarketing sales calls abusive
to privacy rights. And, the latest proposal still allows a percentage
of sales calls to be “dead air” calls.

If you agree with us that consumers should not be subject to
prerecorded sales calls or “dead air” calls, you can send the FTC
a sample letter, available at:
www.privacyrights.org/ar/FTCprerecletter.htm .
The deadline is coming right up, December 18.

To read the entire proposal, along with questions on specific
issues, go to www.ftc.gov/opa/2006/10/fyi0662.htm. For more
information on the DNC Registry and to register your telephone
numbers, see the FTC’s site at,
www.ftc.gov/bcp/conline/pubs/alerts/dncalrt.htm

========================================
[2] Privacy Resolutions: Make 2007 Prosperous and Private!

We at the PRC wish you a happy, prosperous and private new year.
For 2007, resolve to do what you can to guard against identity
theft and stop unwanted intrusions via your mailbox, telephone,
or fax machine. When it comes to privacy, there are no guarantees.
But the following resolutions are a good way to start off the
new year.

1. Check your credit reports. You are entitled to a free
report from all three national credit bureaus once every 12 months.
If you ordered your reports in 2006, mark your calendar for the
appropriate month in 2007. For more information, see the Federal
Trade Commission's Facts for Consumers at
www.ftc.gov/bcp/conline/pubs/credit/freereports.htm.

2. Review credit card and bank account statements frequently.
Online access to your accounts means you don’t have to wait for
the statements to come in the mail. If you do access your accounts
online, be sure to use your home computer rather than one open to
public access such as found at Internet cafes.

3. Never respond to unsolicited e-mails or telephone calls
that ask for your Social Security number, account numbers or other
personal information.

4. Do shred all documents that contain personal information. Use
a cross-cut shredder.

5. Sign up for the National Do-Not-Call List to limit unwanted
telephone solicitations. (888) 382-1222 or www.donotcall.gov

6. Stop pre-approved credit and insurance offers. (888) 5-OPT-OUT
/ (888) 567-8688 or opt out online at www.optoutprescreen.com.

7. Review privacy notices from your bank or other financial
institution and take a few minutes to opt-out.

8. Be a “squeaky wheel.” If you receive unwanted faxes, complain
to the Federal Communications Commission (www.fcc.gov). If you
receive unwanted telemarketing calls or if pre-recorded sales calls
are left on your answering machine, complain to the Federal Trade
Commission (www.ftc.gov)

9. Check your computer and make sure you’ve installed the latest
firewalls.

10. Open all mail, especially envelopes that include only a P.O.
Box as a return address. Credit card companies that send you
replacement cards or convenience checks may try to disguise the
mailing by including only a limited return address.

For more tips on preserving your privacy and protecting your
identity in 2007:

-- PRC Fact Sheet 1, Privacy Survival Guide,
www.privacyrights.org/fs/fs1-surv.htm
-- PRC Fact Sheet 1(a), Privacy Basics and Opt-Out Strategies,
www.privacyrights.org/fs/fs1a-basics.htm

============================================
[3] Advice: Add These Tips to Your Shopping List

The holiday season is filled with generosity, but don’t let
the hustle-bustle of shopping distract your from common sense
precautions. Keep the following tips in mind as you do your
holiday shopping.

1. Print Online Shopping Receipts. Print a confirmation of your
order, order number, and any tracking information and keep it
handy until the item is received.

2. Clean out your purse. Pickpocketing increases during the
holiday season. Avoid carrying any unnecessary cards or bills
in your purse or wallet. NEVER carry your Social Security card
on your person.

3. Check return policies. Be aware that if a store participates
in The Return Exchange, you or your gift recipient may encounter
some restrictions in returning the item. For more information,
read http://www.privacyrights.org/ar/ReturnExchange.htm

4. Use a credit card, especially when shopping online. In the
event of fraud, Federal law offers more protection for credit
cards than debit cards.

5. Watch fees and expiration dates. Be aware of possible fees
and expiration dates when purchasing gift cards. Some cards
deduct money if not used in a certain amount of time. In
California, the law prohibits expiration dates on gift cards.

===========================================
[4] Alert: FTC Sends Claims Forms to ChoicePoint ID
Theft Victims

Last year, data broker ChoicePoint announced it had sold personal
information to people who turned out to be identity thieves. To
settle a lawsuit brought by the FTC resulting from this incident,
ChoicePoint agreed, among other things, to pay $5 million to
reimburse victims.

The FTC has the names of more than 1,400 victims who incurred
out-of-pocket losses resulting from ChoicePoint’s security lapse.
The FTC has now announced it has launched a redress program to
reimburse victims. Claims forms, the FTC says, have been mailed
to all known victims. Victims who do not receive the FTC’s mailing
can download a claims form at www.ftc.gov/choicepoint .

Claims for reimbursement must be returned and postmarked no later
than February 4, 2007. According to the FTC’s release, the amount
victims are reimbursed depends on a number of factors, including
the total number and amount of claims received.

For further details, read the FTC’s news release.
www.ftc.gov/opa/2006/12/choicepoint.htm


===========================================
[5] Donations: Help Make the Holiday a Happy One
for the PRC

-- “Thank you so much for the tremendous amount of information
you provided me with.”

-- “I teach financial management classes for the military and
I talk about ID Theft. Thanks for these awesome resources.”

-- “I received your message. Thank you so much for the information.
At least now I have some steps to follow to correct the problem.
I would have never had the time to find all of the great information
you've given me. Once again, Thank You.”

Each year the Privacy Rights Clearinghouse assists thousands
of individuals who have complaints or questions about a wide
variety of issues. With only 2 full-time and 3 part-time staff
members – and a small budget -- we are not bashful in saying
that we accomplish a great deal with our limited resources.

PRC has a “live” person available to answer phoned inquiries.
Consumers can also send in inquiries through e-mail. In addition
to our one-to-one assistance, our Web site is rich with tips and
problem-solving advice. It is accessed by at least 1.5 million
users a year.

This past year, as the media, legislators and the public became
aware of numerous data breaches, the PRC was the organization
everyone turned to. The PRC’s chronology of data breaches was
featured in The New York Times and is linked to by over 600 Web
sites. www.privacyrights.org/ar/ChronDataBreaches.htm

The PRC is a non-profit organization established 14 years ago
in 1992. We are based in San Diego, California, and are funded
primarily from foundation grants and contributions from individuals.

We invite you to support our ongoing work by making a tax-
deductible donation to us this holiday season. You may contribute
in one of two ways -- by using our online Donate Now feature (click
on the “Donate Now” button on our home page, www.privacyrights.org )
or by printing out our donation form and mailing a check,
www.privacyrights.org/Donation-Form.PDF.

Be assured that 100% of your donation will support our consumer
education and policy work. Also, please know that we do not
release the names of individual donors to others.

Thank you! And happy holidays!

=========================================
Send Us Your Privacy Questions and Complaints

Do you have a privacy question for the PRC?
Send us your inquiry:
www.privacyrights.org/inquiryform.html

=========================================
Subscription Information

To SUBSCRIBE, send an email to:
privacyupdate-subscribe@topica.email-publisher.com

To UNSUBSCRIBE, send an email to:
privacyupdate-unsubscribe@topica.email-publisher.com

If you have any suggestions or questions about this
newsletter, please contact: the editor, Leslie Flint
lflint@privacyrights.org.

========================================
About the Privacy Rights Clearinghouse

The PRC is a non-profit consumer information and
advocacy organization, based in San Diego, CA.

To Contact PRC staff:

Beth Givens, Director
bgivens@privacyrights.org

Tena Friery, Research Director
tfriery@privacyrights.org

Patricia, Consumer Advocate
patricia@privacyrights.org

Paul, Consumer Advocate
paul@privacyrights.org

Leslie Flint, Legal Research Associate
and newsletter editor
lflint@privacyrights.org

For more information about our nonprofit organization,
go to: www.privacyrights.org/about_us.htm

PRIVACY RIGHTS CLEARINGHOUSE
3100 5th Ave., Suite B
San Diego, CA 92103
Voice: 619-298-3396
Fax: 619-298-5681
Web: www.privacyrights.org

PRC PRIVACY UPDATE
March 3, 2007¬, No. 5:1
========================================
In this issue . . .

[1] Junk Faxes: Our New Fact Sheet 5a Explains How to Avoid Them
[2] The Top Privacy Issues of the Day: PRC Releases New Report
[3] The Latest on Financial Privacy: PRC Updates Its Fact Sheet 24(d)
[4] Recent Alerts from the PRC: “Protect Mail at Tax Time” and
“Be Aware of Electronic Checks”
[5] Save the Date: CA’s 3rd Annual Identity Theft Summit to be held
on April 11
[6] Please Donate to the PRC
=========================================

[1] Junk Faxes: Our New Fact Sheet 5a Explains How to Avoid Them

Until recently, the law on fax advertising was simple and
straightforward: No one could send a fax advertisement without
your prior consent. Of course, this did not stop the deluge
of unwanted faxes touting hot stocks, mortgage offers, and
vacation deals. Now, adding to the frustration about fax
senders that simply ignore the law, Congress has created
an exception for fax advertisements sent when you have
an “established business relationship,” or EBR, with the sender.

Details of the Junk Fax Prevention Act of 2005 (Junk Fax Act)
(Pub.L. No. 109-21, 119 Stat 359) are spelled out in rules adopted
by the Federal Communication Commission, www.fcc.gov (FCC). The
junk fax rules were effective as of August 1, 2006.

A business now has the green light to send a fax advertisement
in numerous situations. For example, you may include your fax
number on an application, contact information form or membership
renewal form. Or, you may include your fax number on your own
Internet postings. An EBR doesn’t mean you have ongoing business
dealings. A “prior” relationship is enough, and a simple inquiry
about a product or service signals approval to get junk faxes.

And, unlike the EBR exception for telemarketing calls that
expires 18 months after a purchase or three months after an inquiry,
the EBR for unwanted faxes has no defined “shelf life.” Under FCC
rules, once established, the EBR exists until you (or the sender)
terminate the “relationship.

If you are bothered by junk faxes, you should know about the new
opt-out requirements for senders. You should also know what you can
do to limit your exposure to unwanted fax advertising. PRC Fact
Sheet 5a offers the following tips:

• Be selective when including your fax number on an application,
inquiry or any other form that could be used to claim an EBR. When
in doubt, leave it out.

• If you advertise or maintain a Web site that includes your fax
number, note that you do not accept unsolicited fax advertisements.

• Follow the opt-out instructions given on the first page of the
fax.

• Don’t expect unwanted faxes to stop because an EBR “expires.” You
have to take steps to terminate any relationship.

• Remember, the burden to prove an EBR is on the fax sender. Still
it is wise to keep your own records of application forms or
advertisements noting that you do not accept unsolicited faxes.

• Keep copies of unwanted faxes in case you decide to complain or
file a lawsuit.

For more on the new FCC rules, see the recently published Fact
Sheet 5a, Junk Faxes: No Relief in Sight,
www.privacyrights.org/fs/fs5a-JunkFax-061219.htm

Also see PRC Fact Sheet 5, Telemarketing: How to Have a Quiet
Evening at Home, www.privacyrights.org/fs/fs5-tmkt.htm

[2] The Top Privacy Issues of the Day: PRC Releases New Report

Some people are more concerned about privacy than others. But,
nearly all of us have at least one “hot button” privacy issue.
You may be concerned about your child’s use of the Internet,
identity theft, or an employer’s intrusive background check. Or,
you may shudder to read stories about the latest technology that
tracks, monitors, and records your every move.

Whatever your privacy issue happens to be, you will find it discussed
in PRC Director Beth Givens’ latest report on the privacy concerns
of the day. Givens’ report, Privacy Today: A Review of Current
Issues highlights and summarizes 19 key privacy issues affecting
consumers today and tomorrow.

To read Givens’ report, go to
www.privacyrights.org/ar/Privacy-IssuesList.htm

[3] The Latest on Financial Privacy: PRC Updates Its Fact
Sheet 24(d)

Since July 2001 banks and other financial institutions have
been required to send customers annual privacy notices about how
information is collected and how it is used. Under the federal
Gramm-Leach-Bliley Act (GLB), companies also must give customers
the means to opt out, that is stop sharing of personal information
with some outsiders.

Newly updated and revised Fact Sheet 24(d) examines the latest
developments in the effort to make privacy notices more understandable.
It answers questions that have arisen as a result of consumers’
increased awareness of the privacy notices and the right to opt out.
The revised fact sheet also discusses California’s stronger financial
privacy law and the protected court battle that followed.

Revised Fact Sheet 24(d) can be found at
www.privacyrights.org/fs/fs24d-FinancialFAQ.htm

[4] Recent Alerts from the PRC: “Protect Mail at Tax Time” and
“Be Aware of Electronic Checks”

January 1 to April 15 each year is tax season. For identity thieves,
this can also be hunting season, especially those who want to steal
your mail. During this time, you are either receiving documents
necessary to file your return or preparing to file the return, often
by mail. Tax documents often include personal information such as
full Social Security number, account numbers, employer’s name and
income. This is precisely the kind of personal information identity
thieves hope to get by stealing your mail.

PRC’s Alert, It's Tax Time. Take These Extra Precautions with Your
Mail, offers timely tips on how to protect yourself against identity
theft from the loss of mail with sensitive content. The alert offers
suggestions for guarding important mail that will serve you well at
tax time – and throughout the year. The alert offers the following
additional tip for when you are ready to mail your tax return:

Mail it at the Post Office or at an official USPS blue mail collection
box before the last collection time. Do not put such mail into a
mailbox if there are no more pickups that day.

To read this alert, visit the PRC Web site at
www.privacyrights.org/ar/PostalW2.htm

PRC’s Alert, The Case of the Disappearing Check: What Is Electronic
Check Conversion? explains why some paper checks are not returned
at the end of the month. Check processing has moved into the
electronic age. Merchants and creditors may now choose to process
checks electronically rather than move paper checks through the
banking system. This is called “electronic check conversion,” and
it is the information on the check -- not the paper itself --
that is important to electronic banking.

Payments you make by signing your name to a paper check can move
through the banking system at breakneck speed, sometimes clearing
your bank in a matter of hours, not days. In the age of electronic
banking, diligence is required in guarding personal information
included on paper checks and monitoring accounts for fraud or
simple errors. Also, along with electronic check processing comes
new rules for resolving disputes.

To read this alert, see
www.privacyrights.org/ar/ElectronicCheck.htm .

[5] California Identity Theft Summit – Save the Date

Mark your calendar for Wednesday, April 11, 2007. The third annual
California Identity Theft Summit will address privacy in the online
world, from public policy issues to practical tips on ways
consumers can protect against identity theft and cyber criminals.
The Summit is free and is sponsored by the California Department
of Consumer Affairs, Office of Privacy Protection, and District
Attorneys Association joined by consumer services agencies.

For more information, visit the Summit’s Web site,
www.idtheftsummit.ca.gov/

===========================================

[6] Please Donate to the PRC

The PRC is a non-profit organization established 15 years
ago in 1992. We are based in San Diego, California, and are funded
primarily from foundation grants and contributions from individuals.

We invite you to support our ongoing work by making a tax-
deductible donation. You may contribute in one of two ways –
by using our online Donate Now feature (click on the “Donate Now”
button on our home page, www.privacyrights.org )
or by printing out our donation form and mailing a check or money order,
www.privacyrights.org/Donation-Form.PDF.

Be assured that 100% of your donation will support our consumer
education and policy work. Also, please know that we do not
release the names of individual donors to others.

=========================================
Subscription Information

To SUBSCRIBE, send an email to:
privacyupdate-subscribe@topica.email-publisher.com

To UNSUBSCRIBE, send an email to:
privacyupdate-unsubscribe@topica.email-publisher.com

========================================
To Contact PRC staff:

Beth Givens, Director
mailto:bgivens@privacyrights.org

Tena Friery, Research Director
mailto:tfriery@privacyrights.org

Paul Stephens, Policy Analyst & Consumer Advocate
mailto:paul@privacyrights.org

For more information about our nonprofit organization,
go to: www.privacyrights.org/about_us.htm

PRIVACY RIGHTS CLEARINGHOUSE
3100 5th Ave., Suite B
San Diego, CA 92103
Voice: 619-298-3396
Fax: 619-298-5681
Web: www.privacyrights.org


Sabu

The Privacy Rights Clearinghouse (PRC) has published a new
guide on consumer payment methods.

Entitled “Paper or Plastic:
What Have You Got to Lose?”, the guide explains the advantages
and disadvantages of paying by debit card (check card), credit
card, check, gift card, check, and other forms of payment:

http://www.privacyrights.org/fs/fs32-paperplastic.htm

Sabu

Pharmacies Are Profiting At Your Expense – Your Help Is Requested

The Privacy Rights Clearinghouse (PRC) has been in the forefront
in asserting that pharmacies -- and their marketing partners, the
big pharmaceutical companies -- act improperly when using the
medical information in customer prescriptions to mail letters or
call customers in order to sell more drugs.

In the case of Albertsons, a supermarket powerhouse operating in
33 states that owned the Sav-On, Osco and Jewel-Osco pharmacies
(until recently sold), it proceeds with such programs without
customer permission while converting personal prescription
information into a highly sophisticated, retrievable database.
It does not inform the customer’s doctor about what it is doing.

The database allows Albertsons to personally identify you by name,
telephone number, address and drugs prescribed. This allows
communications to be sent based on your medical condition as implied
by the information in your prescription. Albertsons developed a
highly profitable business in this way, filling more than 100 million
prescriptions a year, based on your confidential medical information
combined with your name and address.

PRC filed a lawsuit to put an end to these practices. It alleges
that Albertsons’ activities in retrieving your confidential medical
information to sell more drugs by sending personally addressed
communications to your home, without your consent, violate your
privacy.

In fact, thousands of Albertsons customers received letters or
calls asking for the renewal of your prescription or suggesting
you try a new drug. This may have occurred years ago with the
communication often designed as a “refill reminder” from your
“friendly family pharmacist”.

If this happened to you or someone in you family, please let
us know. It could be very helpful to the outcome of the lawsuit.

-----------------
Privacy Rights Clearinghouse is a nonprofit consumer information
and advocacy organization based in San Diego, CA. To contact
PRC, see: http://privacyupdate.c.topica.com/maahd9KabAaEYbSJHU9b/
or call (619) 298-3396.

# # #

Sabu

IN THIS ISSUE:
- Ten Tips for Safe and Private Holiday Shopping
- An Update on the Do Not Call List
- Security Freezes Are Now Available Nationwide

TEN TIPS FOR SAFE AND PRIVATE HOLIDAY SHOPPING

As the holidays approach, consumers are more likely to be
visiting crowded stores and malls. Scam artists and fraudsters
know this, so they are likely to be lurking there too. Privacy
Rights Clearinghouse is pleased to offer these helpful tips to
protect yourself during this often hectic holiday season:

1. Clean out your wallet, purse, or pocketbook. Remove unnecessary
credit cards, debit cards, your Social Security card, and other
unneeded documents that could compromise your identity if lost or
stolen while shopping. Keep them locked up in a safe place.
Pickpockets will be out in force during the holiday season. The
more documents that you carry with you, the more difficult and
time-consuming it will be to report and recover from your loss.
If the worst should happen, and your wallet, purse, or pocketbook
is stolen, see our “Identity Theft Victims Guide” at
http://www.privacyrights.org/fs/fs17a.htm

2. Make sure that the credit card receipts that you receive from
merchants do not contain your full account number. Under federal
law, all electronically printed credit and debit card receipts must
shorten (truncate) the account information to no more than the last
five digits of the card number. The receipt must also not include
the card’s expiration date. This only applies to electronically
printed receipts, not to handwritten or imprinted ones. It does not
apply to transaction records retained by the merchant.

3. Some states have laws that dictate what kind of information
merchants cannot ask for or write down when a consumer pays with a
check or credit card. For example, in California, when a consumer
pays with a credit card, the merchant cannot record any personal
information other than what is on the front of the credit card.
When a consumer pays by check, the merchant cannot record the
credit card number. For more information and exceptions to the
law, see “Paying by Credit Card or Check: What Can Merchants Ask?”
at http://www.privacyrights.org/fs/fs15-mt.htm

4.Be aware of a store’s return policy. Some retailers require a
state issued ID or license when you return or exchange merchandise.
Typically, stores swipe the shopper's driver's license when a return
is being made, and if the store's “return limit” is exceeded, the
customer's return is denied Retailers do this to keep better track
of possible return fraud. Some retailers maintain their own database
while others use shared databases. A number of national merchants
outsource the collection of return and exchange data to a company
called The Return Exchange. If you make repeated returns or exchanges,
you may not be able to do so again at a later date.

5. If you decide to purchase a gift card, be aware of expiration
dates, fees, and what will happen if the card is lost. Many states
have passed laws regulating gift cards. Often these laws set the same
standards for gift certificates, the paper equivalent of gift cards.
However, these laws generally do not give you a right to recover from
a lost or stolen card. Rather, most state laws cover such things as
service fees, expiration dates, and exempt the cards from unclaimed
property laws. For a list of state laws governing gift cards, visit
the National Conference of State Legislators’ Web site,
www.ncsl.org/programs/banking/GiftCardsandCerts.htm .

In California, most gift cards cannot have expiration dates or
service fees. However, the California gift card law is complex and
does not apply to all gift cards. For additional information, please
see our online information on Gift Cards, Prepaid Cards, and Stored
Value Cards at
http://www.privacyrights.org/fs/fs32-paperplastic.htm#5

6. Don’t use a debit or check card to pay for your purchases.
These cards typically put consumers at much greater risk than credit
cards because they offer fewer consumer protections in the event of
a loss. And because these cards access funds directly from your bank
account, your money will remain missing while you and your bank sort
out any theft, which could mean bounced checks, late fees, and
numerous other problems. Some crooks have learned to use “skimming”
devices to steal card information off merchant card-swipe machines.
Debit or check cards pose a substantially greater risk to consumers
in the event that a card swiping device is “skimmed.” We discuss
the shortcomings of debit cards in great detail in our guide “Paper
or Plastic: What's the Best Way to Pay?” at
http://www.privacyrights.org/fs/fs32-paperplastic.htm

7. Don’t forget to take simple precautions to protect your personal
safety. Men can carry their wallets in a front pocket, which is
less susceptible to pickpocketing. Women can place their purse strap
over their head and across their chest. When shopping at night, park
in a well-lit area. Be careful getting into and out of your car at
the shopping mall -- people are sometimes targeted by muggers when
doing so.

8. When shopping online, make sure that the Web site uses encryption
technology before you provide your personal information. Encryption
scrambles the information you send, such as your credit card number,
in order to prevent computer hackers from obtaining it en route. You
can tell when you are on a secure web page several ways. If you look
at the top of your screen in the address bar where the Web site address
is displayed, you should see https://. The "s" that is displayed
after "http" indicates that web site is secure. You may not see the
"s" until you are actually on the order page on the Web site. Another
way to determine if a Web page is secure is to look for a closed
padlock displayed at the bottom of your screen. If that lock is open,
you should assume it is not a secure site. Finally, if you use the
Firefox browser, the entire address bar will turn yellow if you are
on an encrypted page. In Internet Explorer 7, the address bar will
turn green if the page is encrypted.

9. The safest way to shop on the Internet is with a credit card.
In the event something goes wrong, you are protected under the federal
Fair Credit Billing Act. You have the right to dispute charges on
your credit card, and you can withhold payments during a creditor
investigation. When it has been determined that your credit was used
without authorization, you are only responsible for the first $50
in charges. You are rarely asked to pay this charge. We recommend
that you obtain one credit card that you use only for online payments
to make it easier to detect wrongful credit charges. Make sure your
credit card is a true credit card and not a debit card, a check card.
A debit or check card exposes your bank account to thieves. Your
checking account could be wiped out in minutes. Further, debit and
check cards are not protected by federal law to the extent that credit
cards are. For additional information, please see our online guide
“Paper or Plastic: What's the Best Way to Pay?” at
http://www.privacyrights.org/fs/fs32-paperplastic.htm.

10. Finally, be sure to check out a Web site’s privacy policy before
providing any personal information online. You can also learn what
type of information is gathered by the Web site, and how it is — or
is not — shared with others by reading its privacy policy. A link
to the privacy policy is often found at the bottom of the site’s home
page. You can also look for online merchants who are members of a
seal-of-approval program that sets voluntary guidelines for privacy-
related practices, such as TRUSTe (www.truste.org), Verisign
(www.verisign.com), or BBBonline (www.bbbonline.org).

For additional information, please see our Fact Sheet “Online
Shopping Tips: E-Commerce and You” at
http://www.privacyrights.org/fs/fs23-shopping.htm.

AN UPDATE ON THE DO NOT CALL LIST

Registrations on the Federal Trade Commission’s (FTC) popular Do Not
Call list were set to expire in 5 years. For individuals that registered
at the list’s inception, the 5 year expiration would have occurred in
2008. The FTC has now decided that it will not drop any telephone
numbers from its Do Not Call Registry based upon the five-year
expiration period pending further action to make registration permanent.

When the Do Not Call list was developed, the FTC adopted a five-year
re-registration mechanism and said that the list – which now contains
more than 145 million phone numbers – would be periodically purged of
disconnected or reassigned numbers. This was done to ensure that the
Registry was as accurate as possible. The Registry now includes a
scrubbing program that removes disconnected and reassigned numbers
each month.

The FTC has pledged to continue its efforts to maintain the
Registry’s accuracy and ensure the continued success of the Do Not
Call program. It recently levied substantial penalties against
several companies alleged to call individuals on the Do Not Call
list. Bedmaker Craftmatic has agreed to pay $4.4 million to settle
claims that it called consumers at home despite their inclusion on
the Do Not Call registry. The Craftmatic penalty is the second-largest
to date behind DirecTV's $5.3 million fine in 2005.

SECURITY FREEZES ARE NOW AVAILABLE NATIONWIDE

As of November 2007, the three credit bureaus -- Equifax, Experian
and TransUnion – began offering security freezes nationwide. A
security freeze is stronger and more effective than placing a fraud
alert on your credit report, because it prevents anyone from accessing
your credit file for any reason unless you instruct the credit bureaus
to unfreeze your report. Most businesses will not issue credit without
first reviewing the applicant’s credit report or credit score. If an
individual’s credit report is frozen and a fraudster applies for credit
in that individual's name, a creditor would deny the application,
preventing an instance of identity theft.

The procedures and costs for placing a security freeze vary from
state to state (in some states, security freezes are free for identity
theft victims). Non-victims who want to activate the security freeze
must pay a fee in most states. When applying for credit, the consumer
can lift the freeze so that legitimate applications for credit or
services can be processed.

For state-by-state information on security freezes, visit this
Consumers Union Web page:
http://www.consumersunion.org/campaigns/le...03484indiv.html

The Web site of the California Office of Privacy Protection provides
information on how to establish a security freeze in California:
http://www.privacy.ca.gov/sheets/cis10securityfreeze.pdf.


For additional tips on avoiding identity theft, see our fact sheet
“Reducing the Risk of Identity Theft” at
http://www.privacyrights.org/fs/fs17-it.htm.


###


Sabu

ALERT: IT'S TAX TIME: TAKE THESE
EXTRA PRECAUTIONS WITH YOUR MAIL

During the month of January, check your mailbox for information
>from organizations (both individuals and businesses) that
have made taxable payments to you during the previous year.
These information notices will arrive on IRS approved forms,
but will be sent to you directly by the organization providing
you with taxable income.

The most well-known information return is the IRS W-2 form
which reports your taxable wages. Another common information
return is the IRS Form1099 series which reports payments of
interest, dividends, unemployment compensation, Social
Security benefits, and income from pensions, profit sharing plans,
Individual Retirement accounts, and real estate transactions.
Generally, issuers of information returns must provide copies to
recipients by January 31.

While these information notices are essential for preparing your
taxes, they also are a treasure trove for identity thieves. A
typical information return notice has your non-truncated Social
Security number as well as the name of your employer, your bank,
mutual fund, or stock broker. Some payers also include your
account numbers on the notice, creating a gold mine for identity
thieves.

Here are some suggestions to help prevent these notices from getting
into the wrong hands:

- Use a mailbox that locks or consider having your mail sent to a
Post Office Box.
- Try to retrieve your mail as soon as possible after it has been
delivered. Never leave it in your mailbox overnight.
- If you go on vacation, have your mail held at the Post Office, or
have a trusted neighbor retrieve it.
- If you have moved during the year, notify any payers of your new
address. Do not rely solely on the Postal Service change of address
service.
- If you share a mailbox with roommates, make sure that you (not
your roommates) receive all mail that is addressed to you.

Here is an additional tip for when you are ready to file your tax
return. Mail it at the Post Office or at an official USPS blue
mail collection box before the last collection time. Do not put
such mail into a blue mailbox if there are no more pickups that day.
In other words, don't leave your mail in a collection box overnight.
(Thieves have actually been known to steal the entire box by chaining
it to a pickup truck, yanking it off its moorings, lifting it into
the truck bed, and speeding off into the night.)

Never leave important outgoing mail in your mailbox or at any
other unsecured location for your letter carrier to pickup.
Anyone might come along and steal your mail along with your
personal information.

###



Sabu

Alert: Spring Cleaning Your Personal & Financial Records

Now that tax season is over, many people are wondering which
personal and financial records they need to save for tax
and other purposes. Some of us are packrats and like to
save everything forever. Others can’t wait to discard
unwanted papers.

So what’s the best way to decide whether to save or discard a
record? Here are a few tips and information sources to help
you decide what records you need to keep and for how long.

How long should you keep tax records? The IRS has 3 years in
which to audit your income tax return. However, this limit
does not apply if you failed to report more than 25 percent
of your gross income (the limit then is 6 years). There are
no time limitations if you filed a fraudulent return or if
you failed to file a return.

You don't have to keep everything for tax purposes. For
example, you can throw away pay stubs after you check them
against your W-2 Form. However, you should save any cancelled
checks or receipts that relate to an entry on your tax return
or a potential future tax return (such as when you sell property
at a capital gain or loss). For example, keep receipts for
home improvements until you sell your home, since certain expenses
can lower the capital gains tax that you might have on your profits.

For a complete guide to tax recordkeeping, see IRS Publication 552,
Recordkeeping for Individuals at http://www.irs.gov/pub/irs-pdf/p552.pdf
or call 1-800-TAX-FORM (800-829-3676) to obtain a free paper copy.
Before you discard anything that you are not sure about, double check
with your accountant, attorney, or tax preparer. You can also call
the IRS for free assistance at 1-800-829-1040.

If your state has an income tax, you should also check with your
state’s taxing authority to see if they require you to hold your
records for a longer period of time. For example, in California,
the Franchise Tax Board can issue a tax assessment for up to 4 years
after the tax return’s filing date or due date. As a practical matter,
this means that California residents would need to hold onto their
records for an additional year beyond the federal requirements.

Every household also has important records that are not related to
tax filing. Many of these records should be kept indefinitely.
Some of these records should be kept in a safe deposit box. Examples
include birth certificates, marriage certificates, divorce and
adoption papers, citizenship records, and military service papers.
In addition, any papers that serve as proof of ownership should
be saved until the asset is sold. This would include such papers
as deeds for real estate, other mortgage papers, automobile titles,
bonds, and stock certificates. If you have lost any birth certificates,
consider applying for replacements before there is a pressing need.
You can find out where to obtain replacements at
http://www.cdc.gov/nchs/howto/w2w/w2welcom.htm

There’s a short, but handy guide describing how long to keep financial
records at http://www.bankrate.com/brm/news/mtg/20000518h.asp For a
more comprehensive guide to keeping family and household records,
including what to discard, what to put in a safe deposit box,
household inventory records, and home files, see
http://www.pueblo.gsa.gov/cic_text/money/k...keeprecords.htm

One final, but important tip. After determining which personal papers
you wish to discard, be sure to shred any that contain personal
information. Always use a cross-cut or confetti shredder. Never
use a strip shredder. It’s too easy for a crook to piece the
strips together.

Privacy Rights Clearinghouse
Contact: bgivens@privacyrights.org
www.privacyrights.org

====================================================================

Sabu

Alert: Pharmacies Are Still Profiting At Your Expense
Your Help Is Requested

The Privacy Rights Clearinghouse (PRC) has been in the
forefront in asserting that pharmacies -- and their marketing
partners, the big pharmaceutical companies --act improperly when
using the medical information in customer prescriptions to sell
more drugs.

Albertsons, a supermarket powerhouse operates in 33 states
under the Sav-On, Osco and Jewel- OSCO scam labels (until
recently sold). It is proceeding with various programs without
customer permission while converting personal prescription
information into a highly sophisticated marketing database.
PRC has previously discussed how this allows communications to
be sent to you based on your medical condition as implied by
the information in your prescription.
http://www.privacyrights.org/ar/PharmRelease.htm

A separate, but complimentary, lawsuit against Albertsons
(Sav-On, OSCO. Jewel-OSCO pharmacies) and Walgreens is now
being prepared by the same law firm, Finkelstein & Krinsk,
based in San Diego, Calif. The lawsuit is intended to end the
sale of your prescription information to certain companies (for
example, IMS Health, Inc. and/or Verispan, LLC) that buy your
data from pharmacies to identify the prescribing practices of
your doctors or other health care providers. Though the scam
removes personal information from what it sells, the remaining
data is principally sold to pharmaceutical companies that then
target specific prescribers in order to market more of their drugs.

Once able to identify the prescribing doctor and the volume
prescribed by that doctor, he/she can more easily be marketed
(often through visits called "detailing") by the pharmaceutical
companies that commit vast resources to marketing prescription
drugs. In 2000, the pharmaceutical industry spent $15.7 billion
on marketing, $4 billion of which was dedicated to direct-to-
physician strategies. More recent estimates suggest the industry
currently spends between $25 billion to $30 billion per year on
marketing. A 2008 study found that, based on 2004 data, the U.S.
pharmaceutical industry spends nearly 25% of sales dollars on
marketing, versus just over 13% for research and development.
http://www.dddmag.com/news-marketing-expen...investment.aspx .

We believe the information of a person's medical prescription
belongs to that person, not the scam. The practice described
above results in increasing the cost to consumers of their
prescription drugs. It is a big business. IMS Health, for example,
purchases prescription information from approximately 100 different
suppliers. Verispan obtains its information from approximately 30
to 40 suppliers.

If you too believe the activity of selling your prescription data
is wrong, we want to hear from you if you live in California and
have your prescription(s) filled by Sav-On or Walgreens in California.

Privacy Rights Clearinghouse is a nonprofit consumer information
and advocacy organization based in San Diego, CA.
Web: www.privacyrights.org .
Contact: http://www.privacyrights.org/about_us.htm#contact
Or call (619) 298-3396.
###

Sabu

PRESS RELEASE

June 3, 2008
Embargoed 10 a.m. Pacific / 1 p.m. Eastern

Contact:

-Marc Rotenberg, EPIC: +1 202-483-1140 x106, rotenberg@epic.org
-Beth Givens, Privacy Rights Clearinghouse: +1 619-298-3396, bgivens@privacyrights.org
-Pam Dixon, World Privacy Forum: +1 760-436-2489, pdixon@worldprivacyforum.org


Consumer and Privacy Groups Urge Google to Post a Link to Its Privacy Policy From Its Home Page


SAN DIEGO, WASHINGTON, D.C. -- A coalition of privacy and consumer organizations from California to Washington, D.C. have urged Google to post a prominent link on its homepage to its privacy policy. In a letter released Tuesday, the groups say this is required by California law and is the widespread practice of commercial web sites.

The organizations include the California-based Privacy Rights
Clearinghouse, the World Privacy Forum, Consumer Action, the Electronic Frontier Foundation, the ACLU of Northern California, and the Consumer Federation of California.

Google has come under criticism recently for failing to post a homepage link to its privacy policy, saying that it did not want to clutter its homepage. But several experts, including the head of the California Office of Privacy Protection, have said that Google should include the link.

According to the consumer organizations, "Google's reluctance to post a link to its privacy policy on its homepage is alarming."

The groups wrote to Google’s CEO Eric Schmidt, "We urge you to comply with the California Online Privacy Protection Act and the widespread practice for commercial web sites as soon as possible.”

Marc Rotenberg, Executive Director of the Electronic Privacy Information Center in Washington, D.C., said, "This is not rocket science. And the word 'privacy' is not got going to take up a lot of space on the Google homepage."

Pam Dixon, Executive Director of the World Privacy Forum in San Diego, California said, "Consumers should be able to access Google's privacy policy with just one click from its homepage -- this is an industry-wide best practice that Google is not exempt from.”

Beth Givens, Director of the San Diego-based Privacy Rights Clearinghouse said, Google’s homepage will easily accommodate this important seven-letter word.”

EPIC, the World Privacy Forum and the Privacy Rights Clearinghouse will hold a press conference Tuesday at 10 a.m. Pacific / 1 pm. Eastern to discuss the letter.

Press Conference Date & Time:
Tuesday, 10 a.m. Pacific / 1 p.m. Eastern, June 3, 2008
Call-in number: 1-218-339-2699
Access code: 145425#

A SPECIAL NOTE FOR TV REPORTERS: Please contact Beth Givens to arrange a specific time for an interview, starting at 10:45 a.m. Pacific Tuesday.


For more information:

The Letter to Google is available at:

http://www.worldprivacyforum.org
http://www.epic.org
http://www.privacyrights.org

About EPIC:


EPIC is a public interest research center in Washington, D.C. EPIC was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values.
http://www.epic.org.

About the World Privacy Forum:

The World Privacy Forum is a non-profit public interest research group based in San Diego, California. It focuses its work on in-depth longitudinal research and consumer education in the area of privacy.
http://www.worldprivacyforum.org.

About the Privacy Rights Clearinghouse:

The Privacy Rights Clearinghouse is a non-profit, San-Diego based consumer education and advocacy organization. The PRC was established in 1992.
http://www.privacyrights.org


Sabu

Straight Talk about Identity Theft Monitoring Services

Hardly a day goes by without hearing about someone becoming a
victim of identity theft or learning about another data breach.
The exposure of Social Security numbers (SSNs) and other personal
information can increase consumers’ risk of identity theft. The
Privacy Rights Clearinghouse’s Chronology of Data Breaches
documents over 230 million records that have been compromised
due to security breaches since January 2005.
http://www.privacyrights.org/ar/ChronDataBreaches.htm

Faced with these alarming statistics, many consumers have turned
to credit monitoring services for protection. Identity theft
monitoring services may sound like a good way to protect your
good credit and your good name. However, many of these services
are overpriced and are not worth the money that they cost.

How effective are these services in protecting consumers from
identity theft? Do their costs justify the protection provided?
Are there effective alternatives available to consumers at
lower cost?

The Privacy Rights Clearinghouse has issued a new guide to
these services entitled “Straight Talk about Identity Theft
Monitoring Services.” This Fact Sheet examines these issues
and more. The guide is available online at:
http://www.privacyrights.org/fs/fs33-CreditMonitoring.htm

====================================================================


Sabu

ALERT: What Have They Got on Me?

- Will you be a good employee?
- Are you likely to wreck your car?
- Is your checking account frequently overdrawn?
- What prescription drugs do you take?
- Are you in poor health?
- Will you default on your mortgage?
- Does your home have water damage?
- Will you trash the apartment or vacate with rent unpaid?

Most consumers know of their right to free annual credit reports
from the three national credit bureaus (Experian, TransUnion and
Equifax). But did you know that the same federal law that lets
you see your credit reports entitles you to much more?

The Fair Credit Reporting Act gives you the right to free copies
of numerous so-called specialty consumer reports. These
specialty reports are designed to help businesses predict
the answers to the questions posed above. They report on such
matters as your medical conditions, insurance claims, check
writing history, rental history, and employment history.

The companies that compile these reports are consumer reporting
agencies, just like the three credit bureaus. In fact, these
specialty consumer reporting agencies operate much like the
credit bureaus. They collect information about you from a variety
of sources and sell them to businesses. However, their focus may
not be on your credit worthiness, but on other kinds of information
about you that may be useful to business.

Privacy Rights Clearinghouse’s newly revised publication “The
Other Consumer Reports: What You Should Know About ‘Specialty’
Reports” helps you navigate the maze of these lesser-known
consumer reporting agencies. We explain the kinds of information
that these companies collect about you and your rights to obtain
that information. “What have they got on me?” You can find out
by reading our online guide at
www.privacyrights.org/fs/fs6b-SpecReports.htm .


The Privacy Rights Clearinghouse is a nonprofit consumer education
and advocacy program, based in San Diego, Calif., and established
in 1992.

Privacy Rights Clearinghouse
Contact: Beth Givens or Paul Stephens
Phone: (619) 298-3396
Online: http://www.privacyrights.org/about_us.htm#contact


# # #


====================================================================

Sabu

ALERT: Will I Be Able to Return That Unwanted Holiday Gift?
The Retail Equation (formerly The Return Exchange)

Return policies vary tremendously from one retailer to another.
But, one thing that you may notice is that more retailers
require a license (or government-issued ID) when you return
or exchange merchandise. Retailers say they do this to keep
better track of possible return fraud. Many major national
retailers now outsource the collection of return and exchange
data to a California-based company called The Retail Equation
(formerly known as The Return Exchange) (TRE).
www.theretailequation.com.

TRE is contracted by retailers to gather and store their return
information and analyze the data to develop return policies for
those retailers. When a consumer wants to make a return, the
retailer will swipe the person’s driver’s license (or other
government-issued ID). As customers return merchandise, TRE
compares variables such as return frequency, dollar amounts
and/or time against a set of rules that form the retailer’s
return policy.

If you make repeated returns or exchanges to a specific merchant,
you may not be able to do so again at a later date. Refused
returns generally fall into two categories.

- First, returns that break the retailer’s basic return
policy (such as a return without a receipt, a return after the
allowed return period, or multiple returns beyond the quantity
of returns allowed by the retailer within a given period).

- Second, returns that make a consumer’s overall return behavior
appear to be return abuse.

TRE states that it does not share its data among retailers. Access
to information in their returns database is limited to the consumer,
TRE, and the retailer that provided the data to TRE. If the shopper
has returned merchandise to several companies, a merchant will only
see the returns for that specific retailer.

TRE does not actually set the return policies for participating
retailers. The company gathers and supplies the data that subscribing
retailers use to make return authorization decisions, and helps them
determine their own return policies.

Depending upon state law, retailers may be required to post their
return policies, but they may not be required to accept merchandise
returns. Most retailers post their return policies in their stores,
on their Web sites, and/or on their receipts. Much of this may be
governed by state law. For example, read the California Attorney
General's statement on returns.
http://ag.ca.gov/consumers/general/refund_policies.php

You can order a copy of your Return Activity Report from TRE. This
report is a history of all your return transactions posted in those
stores that use TRE. The report lists return activity information
including the stores you have returned to and, for each return, the
date and time, whether it was with or without a receipt, and the
dollar amount.

You may obtain a copy of your return activity report by sending an
email to: ReturnActivityReport@TheRetailEquation.com. You should
include your name and a phone number where TRE can reach you. When
TRE calls, the company will ask for your driver’s license number and
state, to enable a database search. (TRE states that they prefer to
call consumers to avoid sending personal information via e-mail.)

So, whether you are buying a gift for someone else, or something
for yourself, be aware of the store's return policy. Don't let a
restrictive return policy make an unwanted item a "final sale."

###


Sabu

VALENTINE E-CARDS MAY DELIVER MORE THAN JUST LOVE!

With Valentine’s Day soon upon us, you may be receiving
so-called “e-cards” in your email inbox. Some may come from
anonymous senders or secret admirers. They might appeal to
your curiosity and cause you to click on a link, claiming
that the e-card is from a family member, friend, or other
unnamed person.

Watch out! Scammers have jumped on the popularity of e-cards,
viewing them as an opportunity to infect your computer with
malicious software (malware).

Although there are variations in the message and attached
malware, generally the email directs the recipient to click
on a link provided to view the e-card. Upon clicking the link,
the recipient may be taken to a malicious web site.

A legitimate e-card notification will always include the full
name or personal email address of the sender. The sender will
never be identified by a generic term such as a “friend” or
“secret admirer”. Unless you recognize the full name or personal
email address of the sender, the email is likely to be fraudulent,
and you should delete the message. For greater security, we
suggest that if you do receive an e-card from someone that you
know, you can email them and ask if they sent it before you click
on any links in the message.

Some scammers may use the names of legitimate e-card companies.
However, the link in the email may lead to a web site where
malware is downloaded and installed on your computer. This
malware can potentially give the hackers unlimited access to
your computer. With such access, they may view your keystrokes,
steal your passwords, or generate spam.

Here are some additional tips from the FBI that you can use
to avoid becoming a victim of internet fraud:

- Do not respond to unsolicited (spam) email.

- Do not click on links contained within an unsolicited email.

- Be cautious of email claiming to contain pictures in attached
files, as the files may contain viruses. Only open attachments
from known senders.

- Avoid filling out forms in email messages that ask for
personal information.

- Always compare the link in the email to the link that you
are actually directed to.

- Log on to the official web site, instead of "linking" to it
from an unsolicited email.

- Contact the actual business that supposedly sent the e-mail to
verify if the email is genuine.

So this Valentine’s Day, don’t allow a scammer to infect your
computer with a “love bug” (that’s the name of an actual worm or
virus that caused billions of dollars in damage to computers
worldwide).

### Privacy Rights Clearinghouse, www.privacyrights.org


====================================================================

Sabu

PROTECT YOUR SOCIAL SECURITY NUMBER AT TAX TIME

Identity thieves want your Social Security number (SSN) so
they can assume your identity and commit fraud. It’s relatively
easy for someone to fraudulently use your SSN to gain access to
your bank account, credit accounts, and other sources of personal
information. Identity thieves also can establish new credit and
bank accounts in your name, or use your SSN for employment purposes
or to obtain medical care. Therefore, it’s wise to limit access to
your SSN whenever possible.

Privacy Rights Clearinghouse’s newly-revised Fact Sheet 10
“My Social Security Number: How Secure Is It?”
(http://www.privacyrights.org/fs/fs10-ssn.htm) explains how
your SSN is used, when you are required to provide it, when you
should not provide it, and how to protect it. Around tax time,
protecting your SSN takes on even greater importance. The
Information Returns that you receive (Forms W-2 and 1099) as
well as your IRS income tax return (Form 1040) will all contain
your SSN. Each of these forms, if not handled properly, presents
an opportunity for your SSN to be used fraudulently.

Tax season offers consumers a number of methods for completing
their returns. Taxpayers have a choice of filing by mail or
electronically. Consumers may use personal software, professional
services, or old-fashioned pen and paper. Either way you can bet
there is a fraudster ready with a scam. The following tips can
help protect your privacy:

- Pay particular attention to missing or lost W-2 or 1099 forms.
These tax forms contain your SSN. If you are not using a locked
mailbox or P.O. Box, a missing form could be a warning that you
are at risk of identity theft. If you think that you might be a
victim of identity theft, see our Fact Sheet 17a, Identity Theft:
What to Do if It Happens to You, available at:
http://www.privacyrights.org/fs/fs17a.htm

- If you are filing by postal mail, send the mail from a
secure location, preferably before the last scheduled pickup time.
In other words, don't leave your mail in a collection box overnight.
(Thieves have actually been known to steal the entire box by
chaining it to a pickup truck, yanking it off its moorings, lifting
it into the truck bed, and speeding off into the night.). Never
leave important outgoing mail in your mailbox or at any other
unsecured location for your letter carrier to pickup. Anyone
might come along and steal your mail along with your personal
information. See our Alert at
http://www.privacyrights.org/ar/PostalW2.htm

- If you are filing online, make sure that your spyware and
anti-virus definitions are up to date. Then, check your computer
for viruses and spyware. Be sure that you have a firewall
installed. The Federal Trade Commission offers information
and resources for keeping your computer secure, available at:
http://onguardonline.gov/index.html

- If you are using a walk-in tax preparation service, examine
the facility carefully to see how well your privacy and personal
information will be protected. Can other people overhear your
conversations? Are computer monitors visible to prying eyes?
How will your documents be secured? Are discarded documents
properly shredded?

- If you are using professional tax services, check out their
privacy policy and security practices first. If the professional
tax company maintains a web site that collects personally
identifiable information from California consumers, the law
requires the company to post a conspicuous privacy policy on
its web site stating what information is collected and with
whom it is shared, and to comply with such policy.

- When throwing out old records that are no longer needed for
tax filing (after the IRS record retention period expires), be
sure to shred anything containing your SSN or other personal
information. Home shredders can be purchased in many office supply
stores. Use a crosscut or confetti shredder. Strip cut shredders
should be avoided, as the strips can easily be pieced together.

- Watch out for any e-mail claiming to be from the IRS. It is
most likely a phishing scam. The IRS does not initiate taxpayer
communications through e-mail. If you receive an e-mail from
someone claiming to be the IRS or directing you to an IRS site,
do not reply or click on any links contained in the message.
Instead, go to this IRS web page for more information,
http://www.irs.gov/privacy/article/0,,id=1....html?portlet=5 .

For additional tips on how to protect your SSN and your privacy,
see our guide at
http://www.privacyrights.org/fs/fs10-ssn.htm#17.

###

Sabu

PLANNING A SUMMER VACATION?
BE A PRIVACY-SMART TRAVELER

Many people are scaling back their summer vacation plans
because of the current economic situation. Some are staying
closer to home. Others may be taking shorter vacations.
But it’s important to remember that when you travel, your
risk of exposure to fraud and identity theft may increase.
It’s a fact that people tend to let their guard down while
on vacation. Criminals know this.

Identity theft is often a crime of opportunity. Don’t be
a vacationer who presents a crook with that opportunity.
Your personal information, credit and debit cards, driver’s
license, passport, and other personal information are the
fraudster’s target. A few minutes spent planning before you
travel can help reduce the risk that a fraudster will ruin
your vacation. Here are some tips to help you avoid any
nasty surprises:

1. Clean out your wallet.Remove unnecessary credit cards,
your Social Security card, and other unneeded documents
that could compromise your identity if lost or stolen while
on vacation. If you have a Medicare card, make a photocopy
without the last 4 digits of your Social Security number.

2. Contrary to some advice, it’s best to carry two credit
cards. Carrying too many credit cards will subject you to
additional aggravation if your wallet is lost or stolen.
But there’s a risk in carrying only one credit card if, for
example, your card inadvertently becomes inactivated due to
suspected fraud or if the magnetic strip becomes damaged.
Having this happen while away from home could become a
major headache.

3. Photocopy or make a list of the remaining contents of your
wallet. Keep it in a secure and locked location or with a
trusted individual at home whom you can contact in case your
wallet is lost or stolen.

4. Do not leave your wallet or any documents containing
personal information in your hotel room unattended.Hotel
rooms are not the most secure places.Many people have
access to the room. Use a hotel safe when available.

5. Use traveler's checks or credit cards for payment.Leave
your checkbook in a secure locked place at home.

6. Call your bank and credit card companies to let them know
when and where you will be traveling. Their fraud departments
may then monitor your accounts for unauthorized transactions
during this time,

7. Do not use or carry any debit cards (check cards).
This reduces your vulnerability to having your checking
account emptied while you are on vacation. See our guide at
http://www.privacyrights.org/fs/fs32-paperplastic.htm#2
for an explanation of why debit cards are a very bad choice
for consumers.

8. If you plan on using an ATM card during your vacation, use
one that does not have debit or check card privileges (one
that always requires a PIN and does not contain a Visa or
MasterCard logo). You can ask your bank to change an ATM/debit
card to one that is "ATM only." It's best to use ATM machines
found at banks or credit unions that are in well-lit areas.
Be sure to examine the ATM machine carefully for signs of
tampering. Be on the lookout for anything that looks suspicious.

9. When dining in a restaurant, try to keep an eye on your
credit card when you pay your bill. If the server removes
your card from sight, they may be able to create a "clone"
by using a portable card skimmer that will copy the information
from the card’s magnetic strip.

10. Ask your Post Office or a trusted neighbor to hold your mail
for you. Mail that is left in an unlocked mailbox is a goldmine
for identity thieves. It also sends a signal to potential
burglars that your house is vacant.

11. If you are bringing your laptop with you, be very careful
when using it to access online banking or other password-protected
services from Wi-Fi networks. Be sure to use Wi-Fi hotspots that
are secure. For some Wi-Fi tips from the FBI, see
http://www.fbi.gov/page2/may08/wifi_050608.html

12. If you are using cyber-cafés, hotel business centers, or
other public access Internet facilities, be aware that
keyloggers (software that can track your keystrokes) may
be tracking you. Public access facilities may use servers
that aren’t encrypted. Therefore, never access any sensitive
information from a public computer.

13. Always be cautious with the information you share on
social networking sites. You wouldn't put a sign on your
front door saying "Away on Vacation". When you broadcast your
travel plans on a social networking site, you are doing the
same thing electronically. This information can then be used
by criminals who will know that you will be away from home.

If the worst should happen and you become a victim of identity
theft, be sure to read Privacy Rights Clearinghouse’s Fact
Sheet "Identity Theft: What to Do if It Happens to You" at
http://www.privacyrights.org/fs/fs17a.htm

Read this online at:
http://www.privacyrights.org/ar/Alert-Summ...avel-090603.htm

###


Sabu