My SSN number is publicly available...should I be worried?
April 7, 2014 11:01 AM Subscribe
I found my SSN and my wife's SSN #'s listed on a document accessible to anyone at the County courthouse. As near as I can tell it wasn't available until recently...should I be concerned?
I was doing some reseach on land records this morning at the courthouse. On a whim I thought I'd check the records for our home. The county apparently started scanning all the deeds of trust in the last year and ours was there available to anyone, the document we signed when we bought the house. The document required our SSN #'s under our signatures. I didn't think about it at the time, but now it's out there for anyone to find. I checked our record a few years ago when we refinanced and it did not show this scanned document.
Should I ask the county to redact this? Should I be worried about it at all? I didn't think to look to if anyone else's had this information..
I was doing some reseach on land records this morning at the courthouse. On a whim I thought I'd check the records for our home. The county apparently started scanning all the deeds of trust in the last year and ours was there available to anyone, the document we signed when we bought the house. The document required our SSN #'s under our signatures. I didn't think about it at the time, but now it's out there for anyone to find. I checked our record a few years ago when we refinanced and it did not show this scanned document.
Should I ask the county to redact this? Should I be worried about it at all? I didn't think to look to if anyone else's had this information..
Most people don't go to the trouble of going to the courthouse to look for identities to steal, so I wouldn't worry about it.
But what's going to happen if the county suddenly decides to post the information to the web, in the interest of public access to government documents?
They should redact it at that point, but will they?
I'd ask for it to be redacted now, to be safe.
posted by Bentobox Humperdinck at 11:32 AM on April 7, 2014 [1 favorite]
But what's going to happen if the county suddenly decides to post the information to the web, in the interest of public access to government documents?
They should redact it at that point, but will they?
I'd ask for it to be redacted now, to be safe.
posted by Bentobox Humperdinck at 11:32 AM on April 7, 2014 [1 favorite]
Yeah definitely contact the county ASAP, start looking at your credit reports as well.
posted by edgeways at 11:32 AM on April 7, 2014
posted by edgeways at 11:32 AM on April 7, 2014
I would ask them to redact them, to have your full names, addresses, and SSN's online for anyone to see is a huge liability when it comes to identity theft. I'm thinking whoever decided to scan the records in didn't really think it all the way through and they might want to look at their policy on that.
posted by julie_of_the_jungle at 11:33 AM on April 7, 2014
posted by julie_of_the_jungle at 11:33 AM on April 7, 2014
Best answer: I would certainly contact them and ask them to redact any personal information. There may even be a law or regulation requiring this redaction. For example, for filings in federal court (so it would not apply to county land records), Federal Rule of Civil Procedure 5.2 requires the redaction of social security numbers and birth dates.
I would also check your credit histories using annualcreditreport.com to confirm that no one has accessed this information and used it. If someone did use your information to compromise your identity, it would be good evidence to have a record of your request for redaction and any follow up you did on hand.
posted by Bailey270 at 11:39 AM on April 7, 2014
I would also check your credit histories using annualcreditreport.com to confirm that no one has accessed this information and used it. If someone did use your information to compromise your identity, it would be good evidence to have a record of your request for redaction and any follow up you did on hand.
posted by Bailey270 at 11:39 AM on April 7, 2014
Consider getting a credit freeze if the County refuses to redact the document or takes two years to get to it.
posted by cnc at 12:04 PM on April 7, 2014
posted by cnc at 12:04 PM on April 7, 2014
I wouldn't personally be worried that someone has abused your personal information, though it's certainly possible. I would contact the county and make sure they get that information redacted (and a timeline as to how quickly it would happen).
From an ethical standpoint, I think your discovery of this problem unfortunately means you have an obligation to make sure this isn't happening to other people. This means asking what the county will do to make sure this data is removed from all filings that are similar to yours, and following up at a later date. If they drag their feet, a news outlet would be more than happy to take the story and run with it - just make sure you document all your interactions with the county.
posted by antonymous at 12:37 PM on April 7, 2014 [1 favorite]
From an ethical standpoint, I think your discovery of this problem unfortunately means you have an obligation to make sure this isn't happening to other people. This means asking what the county will do to make sure this data is removed from all filings that are similar to yours, and following up at a later date. If they drag their feet, a news outlet would be more than happy to take the story and run with it - just make sure you document all your interactions with the county.
posted by antonymous at 12:37 PM on April 7, 2014 [1 favorite]
I can't readily find anything which specifies what the court house has to do to protect your privacy, but HIPAA and Gramm-Leach-Bliley both cover this for certain industries (HIPAA for health care and GLB for financial institutions -- insurance companies are both so I have had training in both these laws in the past). But I would think this is covered under some law.
Some places to start looking:
http://epic.org/privacy/ssn/
https://www.privacyrights.org/my-social-security-number-how-secure-it
posted by Michele in California at 4:10 PM on April 7, 2014
Some places to start looking:
http://epic.org/privacy/ssn/
https://www.privacyrights.org/my-social-security-number-how-secure-it
posted by Michele in California at 4:10 PM on April 7, 2014
On the one hand, yes, some concern is warranted. On the other, no, your information probably wasn't stolen, at least not this way.
There is a Driver's Privacy Protection Act (which has caused, at least locally, police departments to black out names on arrest reports, even a dog's name), but unfortunately that does not regulate SSNs. For various historical reasons those are pretty much up to you to protect in most spheres, and of course numerous entities require you to give yours to them. Various states, however, may have more stringent privacy laws.
As it happens, my city just screwed up -- they had electronically submitted some information to a third party (based on an undisclosed public records request), and while most of the information was for businesses identified by EINs, a few hundred were for individuals using their personal SSN. This wasn't discovered until the second submission, and the city proactively cleaned up after itself, and is offering subscriptions to a privacy protection service for those affected. (It's pretty ironic, as the affected party is my recently-late father -- but this could affect my still very much around mother, so we're taking it.) If you have any friction with the county over this issue -- they may not be up to current best practices, may have differing state law requirements, etc. -- feel free to use that as an example to live up to.
posted by dhartung at 1:09 AM on April 8, 2014
There is a Driver's Privacy Protection Act (which has caused, at least locally, police departments to black out names on arrest reports, even a dog's name), but unfortunately that does not regulate SSNs. For various historical reasons those are pretty much up to you to protect in most spheres, and of course numerous entities require you to give yours to them. Various states, however, may have more stringent privacy laws.
As it happens, my city just screwed up -- they had electronically submitted some information to a third party (based on an undisclosed public records request), and while most of the information was for businesses identified by EINs, a few hundred were for individuals using their personal SSN. This wasn't discovered until the second submission, and the city proactively cleaned up after itself, and is offering subscriptions to a privacy protection service for those affected. (It's pretty ironic, as the affected party is my recently-late father -- but this could affect my still very much around mother, so we're taking it.) If you have any friction with the county over this issue -- they may not be up to current best practices, may have differing state law requirements, etc. -- feel free to use that as an example to live up to.
posted by dhartung at 1:09 AM on April 8, 2014
Response by poster: As a follow-up to this I heard back from the county's chancery clerk and said they will make sure it is redacted.
posted by dukes909 at 4:38 AM on April 8, 2014 [1 favorite]
posted by dukes909 at 4:38 AM on April 8, 2014 [1 favorite]
« Older Do I apologize, or do we all just pretend this... | First amendment, corruption, and McCutcheon Newer »
This thread is closed to new comments.
Absolutely call the county to have this redacted, get a timeframe and definitely follow up on it yourself and make some noise if you don't see it done. You may be asked to send the request in writing and/or have it notarized, which is fine.
posted by griphus at 11:32 AM on April 7, 2014 [3 favorites]