Taking care of trash

Take care of what you throw in the trash. Some RadioShack employees in Texas have allegedly committed an egregious error, showing a careless disregard for protecting sensitive customer data. According to Texas Attorney General Greg Abbott, they “filed” customer records in a garbage dumpster behind their store.

Included in the files were records containing Social Security numbers; credit and debit card information; names, addresses, and telephone numbers; at least one credit application and sensitive credit card information issued to the city of Portland, Texas, where the RadioShack in question is located.

Abbott charged the company with violating a 2005 state law requiring businesses to protect consumer records that contain sensitive information, including Social Security and bank account numbers. The company was also charged with violations under Chapter 35 of the Business and Commerce Code, which requires businesses to develop retention and disposal procedures for their clients’ personal information.

The RadioShack employees’ alleged actions call attention to the fact that a lot of identity theft fraud has its roots in low-tech access to information. Dumpster diving, in fact, is a very common method of access for those intent on using others’ personal and financial information for nefarious purposes. So is mailbox robbing and plain old theft.

Experts recommend that people carefully protect their sensitive information, keep it away from friends, family, employees and co-workers, and check their credit reports regularly and monitor their financial statements. But even if you do all that, there’s no guarantee that your identity won’t be stolen, or your good credit used by someone else.

Take the case of a New York-based insurance company. New York Attorney General Andrew Cuomo recently negotiated a settlement with Administrators for the Professions Inc. over charges that the insurer illegally accessed consumer credit information through major credit rating organizations. Under the settlement, AFP must pay $229,600 in compensation to those consumers whose information was breached.

According to Cuomo, between November 2000 and March 2006, AFP obtained more than 800 consumer credit reports on approximately 400 different individuals from the credit reporting agencies Equifax and TransUnion. An overwhelming majority of the consumers’ credit reports were acquired for purposes not permitted by the federal and state Fair Credit Reporting Acts.

New York officials maintain the company illegally provided credit reports for use as investigative tools in civil litigation, for use in connection with insurance claims, and for satisfying requesters’ personal curiosity, as well as for investigators trying to locate parties in matrimonial and other personal matters, and for individuals looking to acquire information about an estranged spouse.

It could be argued that the RadioShack employees (if the charges prove to be true) were acting out of ignorance or they just didn’t care. It sounds like that argument would not apply to the insurance company, which illegally accessed consumer credit information and provided it to third parties for purposes not allowed under federal and state statutes.

Either way, the damage was done. Even if it is never used, those people whose personal data was placed at risk have been wrongly served. Worst case scenario, their credit reputations might be trashed.