What kind of personal information should I never give out and what are exceptions?
August 31, 2006 3:15 PM   Subscribe

The (hopefully) 256-bit password that encrypts all the personal documents on your computer.
posted by aye at 3:20 PM on August 31, 2006

Passwords to non-security risk stuff that are the same as the passwords to more sensitive info, i.e. don't let anyone log into your NYTimes reader account if the password is the same as that for your bank account.

And ask for/choose security questions that are not public record or easily found instead of "mother's maiden name" or "town you were born in".
posted by lalex at 3:50 PM on August 31, 2006

I make up fake cities for "where were you born". My mother also has a fictious name. I make up favorite colors. I try to be consistent. When I go to a store that insists on getting my phone number for some B.S. reason, I make one up.

Does it help? I don't know, but it seems safer.
posted by 6:1 at 3:54 PM on August 31, 2006

Look at it from a data sales perspective. Certain data is valuable because it gives the data owner abilities they might not otherwise have.

Be careful of combinations that can uniquely identify anyone and thereafter be used to cross-correlate data with other databases: postal code + name, address + name, birthday + full name, name + mother's maiden name, and phone number + name. These are called "primary keys" or "alternate keys" in database lingo.

Be really careful of things that can be used as a way of stitching different user databases together easily: social security and social insurance numbers, driver license and national ID numbers, and, to a lesser extent, credit card and bank account numbers. These are called "foreign keys" in database lingo. Once a data owner has a Social Security Number hooked up to your user record, it makes all the data they have easy and profitable to sell to other people who have Social Security Numbers.

Either kind of data can be used to buy nearly everything else about you, these days, if someone wants it bad enough.

My ears tend to perk up when someone's asking for my Social Security Number when they don't need it.
posted by maschnitz at 3:56 PM on August 31, 2006 [1 favorite]

When I go to a store that insists on getting my phone number for some BS reason, I make one up.

Me too. Especially for supermarket loyalty cards -- all the data for mine is bogus. But once, when I was annoyed that a department store (Macy) requested my SSN as part of an application for store credit, I made up a number; and the clerk typing in my form looked up from her terminal and told me that number wasn't correct, and waited for me to try again. (The second time, I got it right... but now, I seldom use that card.)
posted by Rash at 4:38 PM on August 31, 2006

Rash: that was probably because SSN, SIN and credit card numbers can have a formula applied to them to see if they could be valid.

The formula for Canadian SIN's is available on the net quite openly, and I wrote a little java class to generate SINs in a few minutes. Actually validating the SIN with the federal government is rare, and unlikely at a POS or front end validation on a web form.
posted by utsutsu at 4:56 PM on August 31, 2006

When I go to a store that insists on getting my phone number for some B.S. reason...

... I say, "No, you can't have my phone number." Works every time.
posted by frogan at 5:20 PM on August 31, 2006

I say "Do I have to give it?" and they always say no. It's so that they can sell more stuff to you, but they say it like it's non-optional so you'll give it. I always have a second of doubt that it might be to verify my credit card, but that's silly, signature or zip code do that.
posted by crabintheocean at 7:32 PM on August 31, 2006

"Can I have your phone number?" "I don't have one."

I try desperately to not give out my year of birth or my mom's maiden name. SSN can be more difficult, since most credit cards require it as well as banks.

Also - be aware- when you file a lawsuit (or are sued), and the suit includes any personal info (SSN, DoB, etc.), if it is filed with the Court/Clerk, it becomes public record. (This is true in NYS. Not sure about other states or the feds, but I'd make the guess that it's pretty standard.) Hopefully now that this is way too easy to correlate someone will come up with a standard where you can redact it before it is filed publicly or somesuch.
posted by Meep! Eek! at 7:40 PM on August 31, 2006

Simplify: cut down to one card for credit card transactions, one card for debit card transactions, and cash. Pay cash if you wish to leave a smaller purchase "fingerprint." Otherwise pay debit or credit, whichever is (a) cheapest and (b) one you won't abuse.
posted by five fresh fish at 9:34 PM on August 31, 2006

And, er, why are you being commonly asked for private personal information? I can't remember the last time that happened to me. Probably a twenty years ago, getting a driver's license.
posted by five fresh fish at 9:36 PM on August 31, 2006

five fresh fish: And, er, why are you being commonly asked for private personal information?

Many credit card companies want the info to identify you, online or off. Ditto if you're using a bank. For the longest time my (medical) insurance carrier used our SSN as our account number, printed on the front of the card which was required to be shown, sometimes photocopied, every time you went to a doctor.

Your SSN and your mother's maiden name are often used as magic words to prove you're who you say you are. Why this is has long escaped me. Many, if not most, of the people you know will be aware of your birth date. Possibly your mother's maiden name. SSNs are really not that difficult to get a hold of if you really want them. With the advent of information sniffers and the internet, it's really time for a new system to be put into place, but old institutions and their patterns take forever to change.
posted by Meep! Eek! at 8:41 AM on September 3, 2006

« Older Will a Vivitar 100-400 f4.5-6....   |   Where can I find typographic c... Newer »