Data Security’s Hidden Problem: Us

Steven Calderon has been raked over the coals enough.

You will discover this in John McCormick and Deborah Gage’s report, Choicepoint:Blur.

Calderon was arrested in front of co-workers at a Fry’s Electronics store in Anaheim, Calif., and jailed for a week. Police had seven arrest warrants, including ones for drunken driving and skipping probation.

Fry’s and police relied on a background report from The Screening Network, owned by a subsidiary of data broker ChoicePoint.

This is the outfit that has found itself under fire ever since it sold personal information on 145,000 Americans to what appear to be Nigerian criminals. The billion-dollar-a-year Alpharetta, Ga., lightning rod for concerns about the insecurity of data kept on Americans and the companies they work for also is on the receiving end of 11 lawsuits in the last five years for misuse of information.

McCormick and Gage found that the security of information is only half of ChoicePoint’s problem. The accuracy of data—the kind that gets someone thrown in jail even if that person didn’t commit rape or molest a child—is going to be a far bigger problem. The nation’s data stores are exploding as federal agencies upgrade systems, hospitals keep body scans and other massive image files, and corporations raise the art of mining data gathered about customers worldwide.

But before you throw a rock through the glass houses of data brokers, it’s time everyone does a personal checkup on the careless ways we handle our personal information, daily.

This Easter, I misplaced a sports wallet I use while cycling, on an annual trip I take to Texas. In it, I kept a credit card, a debit card—and an expired driver’s license, in case some cashier somewhere asks for a photo identification.

No more. If that wallet had actually fallen into someone else’s hands, I would have basically given away my identity, and had no one to blame but myself. I just stash a small amount of cash in that wallet now.

In December, a young woman who works for the Kate Spade fashion design firm left a printout of an e-mail exchange with a co-worker on a Metro-North train. She divulged their names, their phone numbers, where they worked, where they were going to eat that night and when.

In May, a Milford, Conn., man deposited a $200 refund check from the Connecticut Department of Revenue Services at a teller machine near Redding. After detaching the check, he threw the rest of the notice on top of the trash beneath the counter. Face up. On it: His name, home address and Social Security number.

Every day, we open the details of our lives to all comers, because we’re careless.

Carelessness could even afflict Steve Calderon, today. Calderon filed suit against Fry’s over the incident. He was in the awkward position of having to prove he was a different Steve Calderon than the one who fellow employees said, according to court documents, had committed rape and child molestation.

Fry’s and Calderon settled. But has the judge or any lawyer tried to protect this Calderon from the eyes of the “other” Calderon? Or prevent reuse of his personal information by anyone else?

No. Quite the contrary. On file, open to the public, is Calderon’s California driver’s license, Social Security card and a cancelled check, with the routing code for drawing money out of his bank account. A reproduction, with key data obscured, is printed below.

Sure, it’s high time that data brokers get serious about accuracy—and security. But they’re hardly the only ones.

Cops, employers, courts, lawyers, legislators and you and I do, too.