A Savvy Consumer’s Guide to Privacy and Identity Theft
Your privacy and identity: why you should care and what you can do to protect yourself from the different types of identity theft and privacy threats
Guide Summary: Consider this your starting place for learning how to take back control of your privacy and protect yourself from the repercussions of identity theft.
# What is privacy?
People talk about protecting our privacy, but what does that really mean in a world where everything is connected? In a world where many people post, text, and tweet every detail of their lives, and tech giants make billions gathering and selling that information? Is privacy even possible?
In a word, privacy is choice: having the power to choose who can contact or observe you and to control how your personal information is collected, used, and shared. If you post personal photos or your innermost thoughts online, that’s your choice. But you should also be able to choose who you’re sharing that personal information with, whether it’s other individuals, advertisers, or organizations. Privacy is also a way to protect yourself, your family, and your future from identity theft and fraud that can threaten your financial, emotional, and even physical well-being.
Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.
Is privacy even possible in the digital age?
Yes, privacy is possible. It just takes some knowledge and effort in this digital world. In this guide, we’ll explore why privacy matters now more than ever, and how to tell when your privacy is at risk. We’ll explain how you can protect your privacy at home, online, and on the go, and we’ll show how to prepare for the times when your privacy is breached (because we know that breaches happen).
With knowledge and preparation, you'll be able to protect what's personal and share, as you choose, with confidence.
# Why privacy is important — even in a world of oversharing
In this connected world, privacy matters more than ever because other people can use your personal information in ways that weren’t possible before.
Advertising sells your privacy to the highest bidder
Before the digital age, advertisers reached customers by advertising in newspapers or magazines or buying commercial slots on TV or radio. It was easy to skip the ads or get a cup of coffee during a commercial break. Now we’re barraged with targeted ads as we browse the internet, stream content, or play online games. Because companies track our behavior and gather our personal information, the ads can be carefully tailored to pull us in, and some of those tailored “ads” are actually scams aiming to trick us out of money or personal information.
Your private info is fodder for fraudsters
When the IRS kept tax filings in file cabinets or locked away in old-style computers, people could pretty much count on their tax refund arriving in their mailbox. With electronic filing, criminals have figured out how to claim tax refunds using stolen personal information, and tax return fraud costs consumers and the U.S. Treasury more than $6 billion annually, according to the U.S. Government Accountability Office. Stolen information can also be used to commit Social Security, Medicare, and Medicaid fraud.
Information is power for scammers, crooks, and predators
Con artists and predators leverage personal information to manipulate their victims. A college student’s vacation pictures and friends list can provide enough information to scam grandparents out of their savings. Security flaws in digital assistants or other connected devices can help crooks to invade a home or predators to approach children.
Privacy is Safety
In social terms, privacy is a matter of personal preference. You may be an introvert or an extrovert, a couch-surfing hermit by nature or an outgoing party animal. But in today’s world, data privacy isn’t just a personal preference. It’s a matter of personal safety.
# What are the different types of identity theft?
When your personal information is exposed—through data breaches, spyware on a device, phishing attacks, a lost phone or laptop, accidental over-sharing online. . . even simple mail-theft or a stranger looking at your device or documents over your shoulder—you are at risk of everything from annoying credit card fraud to identity theft that can be life-altering. Here are some of the most common types of identity theft and fraud:
- Financial identity theft is the most common form of identity theft, and it can be a lot more trouble than just replacing a credit card. In this type of theft, bank account numbers, credit cards, or personally-identifying information can be used to wipe out your accounts, take out loans, or get new credit cards. You could be held financially responsible for purchases, loans, rentals or other transactions made in your name. Unpaid bills could damage your credit rating, making it impossible for you to get a home, auto, or college loan or to rent housing.
- Medical identity theft happens when criminals sell your personal medical information or make fraudulent claims against your health policy. If your medical identity is stolen, you could be charged for medical services received by someone impersonating you. You could be denied medical services if those bills exceed the limits of your medical coverage. And someone else’s information could end up in your medical file, putting you at risk for life-threatening misdiagnosis or mistreatment.
- Insurance identity theft isn't limited just to medical insurance. Thieves can use your personal information to make fraudulent auto, homeowners, disability, or life insurance claims and file for benefits or reimbursement from insurance companies. This could impact your deductible or even insurance eligibility in the future.
- Employment fraud occurs when imposters use your personal information to gain employment, to pass a background check they might not otherwise pass, or to get insider access to a company's assets to commit a crime.
- A stolen Social Security number is one of the most highly-priced pieces of personal information because it is so widely used to prove your identity. This information can be used to claim government benefits, commit tax fraud, and initiate many other types of identity theft.
- Driver's licenses, like Social Security numbers, can be used by identity thieves in many ways. We use them to prove identity for everything from boarding a plane to cashing a check or changing your mailing address. Thieves committing financial and other identity fraud often change mailing addresses in order to hide their activity from their victims.
- Criminal identity theft can actually end you up in court or jail! Criminals sometimes use stolen identities as cover for their illicit activities. When criminals masquerade as you and they get in trouble with the law, it goes on your record, and clearing your name can be difficult when all the evidence points to your identity. You could also be turned down for a job if a background check or online search turned up bad debts or crimes committed in your name.
- Child identity theft is perhaps the most despicable of these crimes, and it's too common. A child's personal identity is a blank canvas for criminal activity – theft of their identity is unexpected and therefore often goes unnoticed. The crime may not be uncovered until the young person is applying for a job or college loan.
- Synthetic identity theft is another crime that affects both adults and children. In this type of fraud, identity thieves steal different pieces of personal information from several individuals and put them together to create one seemingly complete person on paper.
# How to know if your privacy or identity is at risk
Pop quiz: What’s the first sign that your privacy is at risk? Answer: You exist.
Seriously, from advertisers to criminals, there are people and organizations trying to gather and take advantage of American’s personal information from before we’re born, throughout our lives, and even after death. Statistically, it’s almost certain every one of us has had our personal information exposed multiple times. The Privacy Rights Clearinghouse estimates that between 2005 and 2019, more than 10 billion records of personal information have been exposed. To put that in perspective, in September 2020 the world population was 7.8 billion. And Interest.com determined that the average American had their personal information stolen at least 4 times in 2019 alone.
No matter how careful you are, you can’t prevent corporate data breaches. Even if you’ve never used a computer in your life, your information lives in computers connected to the internet. Hackers are always looking for ways to steal information, so you can’t guarantee the security of the companies you do business with or the applications or devices that you use, from your laptop and phone to the smart security camera in your home. And you can’t be sure who companies are selling your information to. So, assume that your privacy is always at risk.
Watch for warning signs of identity theft
Given your privacy is constantly at risk from simply surfing the web, using social media, and shopping online, how can you find out quickly if someone is misusing your personal information? There are a number of ways to spot the signs so you can take action and defend your identity as soon as possible. Here are the basics:
- Read financial statements and medical explanations of benefits (EOBs) carefully, watching for transactions or treatments that don’t look right.
- Review your credit score and credit report regularly, watching for sudden changes and loan or credit applications that you didn’t make.
- Monitor for other signs that your personal information has fallen into the wrong hands. For example, you can use haveIbeenpwned to find out if your online accounts and passwords have been exposed in a data breach. Or you can buy an identity protection plan that monitors public records and the dark web (where criminals buy stolen personal information) and alerts you when there are signs your identity is being misused.
- Watch for news of data breaches that might affect you, so you can be extra alert. Large companies sometimes set up web pages where you can find out whether your information was part of a breach. If you get a breach notification letter that offers identity protection, take advantage of the offer.
To paraphrase the saying so often misattributed to Thomas Jefferson, “Eternal vigilance is the price of privacy.” But the effort pays off. By catching identity theft or fraud early, you can greatly limit the potential damage and make it easier to restore your identity to a clean, pre-theft condition.
# How to protect against identity theft and other privacy risks
While you can’t prevent data breaches, there’s a lot you can do to protect your privacy and identity from being misused, whether by criminals or by companies gathering personal information you don’t want them to have. To keep your information secure, first, you need to think about physical and digital security. Then, keep your wits about you, especially online.
Key steps to take for personal information security
Here are some security basics:
- Document security: While a big data breach can lead to thousands or millions of cases of identity theft, a discarded financial statement, lost phone, or stolen personal documents can cause huge harm to the one individual affected. To protect personal documents, don’t leave them in sight when you’re away from your desk. Keep financial statements in a locking file cabinet and keep important documents such as passports and Social Security cards in a safe. Use a shredder when you discard financial statements and other personal papers.
- Device security: Make it tough for anyone else to get information from your phone, laptop, or other devices if they are lost or stolen. Make sure every device has a lock-screen password, turn on encryption, and set up a device-finder and remote wipe capability to delete personal information before a thief can get to it.
- Network security: Home networks can be hacked, so secure your routers to keep intruders from spying or stealing information via your home networks and connected devices. And avoid accessing accounts or buying online over public wi-fi networks. If you have to make transactions when on the road, use your mobile phone as a hotspot.
- Account security: Use strong passwords plus two-factor authentication to protect your financial and other accounts. (Consider a password manager to help you keep track of those long passwords.) Two-factor authentication can be as simple as using a PIN or fingerprint ID on your device, but to access medical or financial accounts, entering a security code that’s emailed or texted to you provides stronger protection.
- Personal security: Don’t underestimate the risks of eavesdroppers and shoulder-surfers. Be aware of the people around you when you’re working online in a coffee shop or airport, giving a credit card number over the phone, or entering your PIN in an ATM. And be on alert for skimmers, devices that can be put on card readers to steal account numbers and PINS.
Be vigilant about protecting your privacy
The less information that companies gather on you, the less they can sell to advertisers (or scammers pretending to be advertisers) and the less there is in their corporate databases when a data breach happens. Sometimes you don’t have a choice. For example, you have to supply your Social Security number to open a financial account that pays interest, because that interest has to be reported to the IRS. However, you have choices about how organizations can use the data they gather about you, and you have choices about how information is gathered about you on the Internet.
Here are some things you can do:
- Don’t provide your Social Security number unless you have to. It is needed by employers and financial institutions. It shouldn’t be used as an ID number by medical providers or schools, and if they ask for it, it’s OK to say no.
- Review the privacy notice when signing up for a new financial account, a new software application or new social media platform, or a service such as a cellular, or if a company you do business with sends a new one. Often privacy policies are set up so the company can share your information by default, but you can restrict sharing through a written notice or an online request.
- Use privacy controls on browsers and social media to restrict who can see your information, whether your behavior can be tracked, and what can be shared. If you have kids using social media, use parental controls to protect them, too. Consider switching to a “privacy-first browser” designed to stop unsolicited tracking.
Finally, be informed and speak out. Privacy laws and issues are changing all the time. For example, the use of facial recognition by government and private organizations is becoming more common. Know your rights, and if you think stronger protections are needed, call or write your federal and state legislators and express your concerns. You are your own best advocate.
Don’t be caught by phishing attacks
No matter how good your security and privacy measures are, bad actors will look for ways to get around them, often by fooling you into handing over information. So be wary of phishing (or“social engineering campaigns,” as security experts call them). Criminals will attempt to trick you into supplying passwords, account numbers, Social Security numbers, or other personal information that can be used against you. Phishing can come in the form of emails, texts, online popup ads, phone calls, or spoof websites that look a lot like the real organizations they’re impersonating.
Security software on your devices can help you fight phishing by warning you of suspicious email attachments or downloads and by warning you if you’re about to visit a suspicious website. (They can also help protect your device from computer viruses, spyware, and other malware.)
But the best protection against any kind of con artist, phishers included, is to maintain a healthy level of skepticism. Does the offer seem too good to be true? It probably is. Did a phone call say you’ll be arrested if you don’t call the IRS right away? The IRS doesn’t go around threatening people by phone. Does a text say a family member has an emergency and needs money wired to a foreign country? Call them or another family member to check out the story. (Hint: If it asks you to wire money, it’s a fraud.) There are usually signs when something is fake. Don’t let a supposed opportunity or emergency get you too excited to notice those signs, and always push back if an unsolicited communication asks for personal information.
Protect yourself with privacy and identity coverage
Privacy and identity protection are a numbers game. Every one of us has thousands of bits of personal information in our own hands, in corporate and government databases, in public records, and floating around the internet. And sometimes, no matter how careful you are, some of that information is going to fall into the wrong hands because you can’t prevent data breaches or human error.
Multiply all those bits of information by the number of criminals out there waiting to misuse that information. (No one knows that number, but it’s large). Then figure in the fact that some data, such as a Social Security number, can be used again and again in different kinds of fraud. When you add it all up, identity theft begins to look inevitable. Which explains why identity fraud happens in America about every 2 seconds.
Since you can’t always keep personal information away from bad actors, you need a backup plan to help limit and reverse the damage they can do. The strongest defense against identity theft in progress is an identity protection plan that includes identity monitoring and guaranteed recovery. That way, you’ll get an early warning if there are signs that identity theft is happening or imminent, and you’ll have the help of experts who know how to work with law enforcement, government, and businesses to shut down fraudulent accounts and transactions, clean up records, and clear your name.
# What to look for in privacy and identity protection
You’re a responsible person. You do everything possible to avoid car accidents, home fires, or health problems, but you also have auto, home, and medical insurance to protect you when the worst happens. So, consider this: your odds of identity theft are 50 times greater than having a house fire. (A 2019 study by Javelin Strategy & Research found that about 1 in 20 people nationwide were affected by identity fraud, and consumers lost more than $1.9 billion to identity theft and fraud.) And your identity is the key to your financial assets, your ability to work, get housing, and even medical care. Why wouldn’t you invest in an identity protection plan that can alert you to identity theft risks, help stop criminals faster, and provide expert help to recover your identity?
A complete identity theft protection plan should include monitoring services to spot identity theft early, and recovery services, so you get the professional help you need to quickly restore your identity, plus identity theft insurance to reimburse you for recovery expenses. The most important thing is to choose the right plan. So, here are some things to consider.
Proactive privacy protection technology
To protect your identity, you need to first protect your privacy. And since technology puts our privacy at risk, we need technology to help us protect it. A good privacy and identity protection plan should offer proactive privacy technology that monitors your privacy on multiple fronts and also gives you the big picture.
Some features to look for are:
- Technology for safe web browsing, including applications to block tracking, private searches, and VPNs to help you connect safely over public Wi-Fi networks.
- Password monitoring to tell you if your passwords have been compromised and when you need to change them.
- Assistance in deleting your information from the files of online data brokers.
- A privacy dashboard that continuously monitors your online presence and gives you assistance and feedback to help you improve your privacy.
Proactive alerts and monitoring
As we mentioned above, identity protection can include monitoring to alert you quickly if your identity is at risk. The more damage identity thieves do before they’re detected, the more there is to undo, so early detection is a huge advantage. An identity protection plan should include:
- Credit monitoring with at least one and, ideally, all three major credit bureaus, to alert you of changes in your credit profile that might indicate criminal activity.
- Change of address monitoring to warn you if someone’s having your mail redirected.
- Social Security fraud monitoring to warn you when your Social Security number has been exposed.
- Dark web monitoring that alerts you if your passwords, account numbers, Social Security number, or other personal information are posted on the dark web for criminals to use.
- Fraud alerts via email or mobile apps to tell you immediately when something’s wrong and, ideally, what action you need to take.
If you have any social media accounts, you should also consider social media monitoring to scan your social media profiles and your social media connections and alert you to malicious content or links, account impersonation or takeover, scams, fraud, and inappropriate content.
Guaranteed identity recovery
When you’re shopping for an identity protection plan, the quality of the recovery services is the most important thing to consider. Speed and expertise matter for several reasons. First, the sooner a thief is stopped, the less damage there will be to fix. Second, a surprising number of businesses have no clear process for handling identity fraud when it’s reported, making it difficult to get problems resolved and delaying recovery of money, your credit rating, and/or your reputation. Third, once your personal information is in criminal hands, problems can crop up again and again, eating up your time and resources. Fourth, if your medical identity is stolen, reporting identity theft can actually trigger HIPAA privacy laws, cutting off your access to your own medical records.
If your identity protection provider has an expert team of recovery advocates, they’ll know exactly who to call and how to work with law enforcement, government, medical providers, and businesses to shut down fraudulent accounts and transactions, clean up records, and clear your name. They’ll keep watch on your behalf for future problems and deal with them right away. And if they’re committed to restoring your identity completely, you shouldn’t have any significant losses or any need to file an insurance claim and wait for payment. Some providers will even help with situations as common, yet stressful, as a lost wallet, saving you considerable time and hassle.
And that brings us to how expert recovery helps with the non-financial side of identity theft: emotional distress. According to the Identity Theft Resource Center, the majority of identity theft victims surveyed reported feelings of anxiety, depression, lack of trust and safety, and powerlessness. The stress of identity theft affected their sleep, their health, and their relationships. Whereas we know, from experience, that identity theft victims who are able to hand recovery over to a competent, committed team of recovery experts express relief and renewed peace of mind. You want a recovery team that will work on your behalf to fix current problems and prevent new ones, letting you concentrate on your job, your health, and your life.
No other crime requires a victim to report it, tell their story, and keep track of a multitude of different organizations that are handling the different occurrences. We can’t imagine treating victims of violent crime in this manner, but we do it to cybercrime and identity crime victims as a normal part of the process.”
Identity theft insurance
Most identity protection plans offer insurance to cover any out-of-pocket expenses for recovering your identity. The coverage is typically up to $1 million, which is great. Typical out-of-pocket recovery expenses are in the hundreds of dollars, but it’s great to know that the coverage is there if you need it.
Be wary of plans that only offer insurance — without an expert-led identity recovery service. Without coverage, it takes 100-200 hours on average to undo the damage of identity theft by yourself. And 50% of victims who tried still had issues after five years!
Choosing the best personal privacy and identity protection
When you’re shopping for identity protection, do your research, just as you would with an insurance provider. Compare the plans side by side:
- Does the provider lead with the insurance benefit? If so, how will they support you in actually resolving the damage and recovering your identity?
- What monitoring is included: credit, Social Security, web, social media?
- If there’s web monitoring, how many sources do they scan?
Price is also a factor, but the deciding factor should always be the quality of the identity recovery service.
- Look at their experience. How long have they been in this business and how many people do they cover?
- Look at their guarantees. Do they guarantee 100% recovery?
And look at customer testimonials. If a provider can show you a history of 100% identity recovery and satisfied customers, that's a provider you could choose with confidence.