Privacy and Fraud
By Henry Bagdasarian
When we think about privacy and fraud, many ideas cross our minds especially if we are in the business of information protection and attentive to the identity theft, fraud and privacy risks.
As I was writing this article to analyze the relationships between privacy and fraud, I decided to look up the definition of privacy on the Internet to see what comes up and I discovered that there were many definitions for the word "privacy" and not one really consolidated the full meaning of the word privacy in a short sentence so I had to come up with my own definition.
For me, privacy means in short "keeping private information private" which includes any personal information that we consider as private. You see, private information means different things to different people and it has no value except the value we decide to give it and we must to some extent define the term "privacy" as a society but we’re still struggling about what private information is and how it must be used although we are pretty clear about how to protect our personal information and those of our clients once they are defined. Companies may not always know what exactly constitutes private information or where they are stored within their organizations, but they know how to protect target information if they really want to.
Again, the words privacy and private can mean different things to various people and be defined differently by various privacy regulations and even other countries. In fact privacy may mean nothing in some countries. In addition, what is considered private may be public at any moment. For example, have you checked the Prabook.org website lately? If not, try. Go on the website and type your name and you may be surprised what private information comes up in a public domain. Some of the private information listed on this public website is the private information that you and businesses use to validate your identity such as mothers's maiden name. Once this private information is made public, our entire security mechanism falls apart because our identity validation process becomes corrupted.
Other examples of private information include passwords and medical records. Although some private information such as passwords or medical insurance number can be used to commit medical fraud, unauthorized disclosure of medical records may not always lead to fraud depending on the original purpose of medical information theft. Many of today’s privacy related regulations such as GLBA and HIPAA address the obligations of businesses for keeping certain personal information private, however, they leave some gaps for fully addressing privacy, identity theft and identity fraud. Consumers are left unaware of the risks and remain uneducated for managing the risks on their end of the game. Certain private information which are used so often for validating identities and completing transactions are not fully protected and are sometimes widely exposed to risks. Examples include Social Security Numbers, date of birth, etc.
Luckily, we now have the Red Flags Rule which forces companies to identify and detect potential signs of identity theft which will also address the control gaps left unaddressed by consumers.
In conclusion, privacy must be defined constantly because what is private now may be public tomorrow. Also, we must understand that privacy violations do not always lead to fraud although they can, and, an act of fraud can only sometimes lead to privacy violations. Therefore, privacy and fraud can affect each other from time to time but not always or necessarily.
The biggest risk I see with private information is the intentional loss of its privacy. Once we know what information must remain private, we have the means to protect it. But, what do you do when private information is openly posted on public domains such as www.prabook.org for everyone to see? Why are some companies and websites allowed to post our private information on the internet such as our date of birth, mother's maiden name, spouse's name, spouse's date of birth, father's name, address, etc.?
As we allow the publication of private information to occur on public domains, privacy as we know it will disappear slowly as it becomes less valuable and we become less sensitive to its publicization.
Return from privacy and fraud to home page.