Subject: PRIVACY Info Source (credit,medical,personal,etc)
Newsgroups: alt.privacy , misc.consumers , alt.answers , misc.answers , news.answers


Archive-name: privacy/info-source
Posting-Frequency: monthly, 13th


If you become aware of any changes or additions (phone 
numbers, procedures, addresses,etc.), please advise so I can 
incorporate the changes. Thanks!
Non-commercial reproduction of this document is permitted with appropriate 
credit given to the author:
Doug Monroe <doug.monroe@att.com>


Hypertext HTML version at URL: 
http://www.eff.org/pub/Privacy/HTML/monroe_priv.html
(thanks to Stanton McCandlish mech@eff.org)

Last Modified: 11/15/95
Last Modifications: Changed URL to hypertext version (above) and
                    general cleanups
		    NY TIMES ref. to Med. Records Confid. Act of 1995
		    PGP link added to Email security info

Disclaimer: The included information is from my own files
and does not necessarily reflect the opinions/attitudes of my employer.

**NEWS**
from NY TIMES 11/15/95-
Hearings on the Medical Records Confidentiality Act of 1995 will be held
Tuesday (Nov. 21, 1995). Sponsored by Sen. Robert F. Bennet (R), Utah.
Seeks to establish "Federal rules for the use and disclosure of health
information"...opposed by "civil liberatarians and patients rights groups
who say that it will facilitate the establishment of large databases of
medical records" ..."authorizing law enforcement authorities and others to
delve into records without patients consent".


Interest in the topics discussed in this file was generated by
reading a book titled "Privacy for Sale" by
Jeffrey Rothfeder Simon & Schuster 1992 ISBN 0-671-73492-X
regarding the demise of privacy in the age of the computer. The
ease with which personal finance, medical histories, credit, etc.
information is obtained, by practically anyone with the time and
or money to find out, is truly alarming. The lack of protection by
the laws of this country is perhaps even more alarming.

The book mentions many organizations but no addresses or phone 
numbers are given. Mr. Rothfeder also gives us some helpful, but 
limited advice which I have tried to expand upon. I have put together 
some additional information which I thought might be helful to those 
interested in inquiring about the quality and quantity of information 
(about themselves) which would be available to others. I would
whole heartedly recommend the book for all consumers to read and
use this information to protect yourself in the abscence of
governmental protection against data abuse.

Sections marked --> are excerpted from pages 207-208 with my comments added:

--> Get a copy of your credit report from all major bureaus and check it for 
    inaccuracies and evidence of unauthorized snoopers.


Address and procedures for the three major credit bureaus:
(also see notes below address section)
TRW
PO Box 2350
Chatsworth, CA   91313-2350
Cost: 1 free report per year, $15.00 thereafter
Procedure: In writing only
Phone:(800) 682-7654
      (800) 422-4879
7/21/94 A. Evans reports via email: TRW will supply credit report
from an automated system by calling 800 392-1122.

Equifax 
PO Box 740241
Atlanta, GA  30374-0241.  FAX request to: (404) 612-2668
Cost:$8.00 (Maryland +$5.00, ME & MT +$3.00)
Procedure: Write or fax
Phone:(800) 685-1111
      (800) 525-6285

Trans-Union
P.O. Box 390
Springfield, PA 19064-0390
Phone:  404-396-0961
        (800) 680-7289
Cost:  $8.00 individual, $16.00 husband & wife
Procedure: Write or call 610-933-1200 (call *only* if denied credit in
last 60 days)

Note: All bureaus will provide free report if you have just been denied 
credit.

Credit reports should include the names of organizations who have accessed
your records. They may not necessarily be the same org. to whom you applied for
credit.

All claim to require the following information to respond to your
request--

  1. Full name including middle initial
  2. Spouse name,  (if you have one.)
  3. Current address.
  4. Date of Birth.
  5. Social Security Number 
  6. Verification of your address (copy of Driv. license or a bill with
     the address clearly indicated).
----------------------
From: Patrick Townson (10/12/93)
...the *top half* of your credit bureau file -- the part
where your name, address, former address, SSN and date of birth are
revealed (as well as frequently your places of employment and
previous employment and sometimes a phone number) is NOT protected under the
Fair Credit Reporting Act. Just the bottom half of the report where
your 'trades' appear is protected. If you don't like it, take it up
with the Congress of the United States. 
-----------------------
From Brenda J. Roder (4/16/93):
When I received my credit reports from trw and equifax, they had separate
addresses to write to, to be excluded from the pre-screening programs.
[This should help eliminate pre-approved cards you never requested,as well
as reduce the amount of mail from direct marketers who target specific
audiences]

Equifax Options
P.O. Box 740123
Atlanta, GA 30374-0123

TRW Credit Marketing
Consumer Opt-Out Service
PO Box 919
Allen, TX 75002
(800) 353-0809

Trans Union
555 W. Adams St.
8th Floor
Chicago, IL  60661
-----------------------
From Jerry N. Alexandratos (11/13/94):
Maryland law now requires the credit reporting agencies to provide, upon 
request, one free credit report per year.  Recent credit denial is not
necessary.  You still must give them *lots* of information about yourself
to get the report- enough to start a file on you if they have not already
done so.  (Addresses for the past 5 years, for example.)
-----------------------
From anon source: (accuracy unknown 3/21/95)
You may also want to [ask the credit bureau(s) to] put a "security alert" 
on your information for added protection. What this does is if a loan 
application comes in to the credit bureau, you must be contacted by phone 
for verification before any loan is issued.
-----------------------
Lots of Consumer Credit info can be obtained from Steve Adam's
consumer-credit-faq lists (part 1-n) at rtfm.mit.edu anonymous ftp
site (also posted to news.answers and misc.consumers) in:
/pub/usenet-by-hierarchy/news/answers/consumer-credit-faq
Also:  FTP to internet.spss.com  in /pub/credit
(ftp://internet.spss.com/pub/credit)
-----------------------

---->Don't share personal information with anyone who does not have
     the right to see it. Don't write SS# or phone #, address, credit
     card numbers if it is not appropriate to do so. Don't give out this
     info over the phone to unknown callers.
 
                     ---------------------------
From Chris Hibbert (hibbert@netcom.com)
    A Social Security Number FAQ is available from the following sites:

    Site                    Location

   rtfm.mit.edu         /pub/usenet-by-hierarchy/news/answers/privacy/
   ftp.cpsr.org         /cpsr/privacy/ssn/Social_Security_Number_FAQ
 
Gopher users can retrieve it from gopher.cpsr.org.  World Wide Web (www) can
find it using the following locator (and probably several others you
could construct from the other directions I've given):
 
   ftp://ftp.cpsr.org/cpsr/privacy/ssn/html/privacy.html
 
You can also retrieve it by sending email to
 
    Address                  Command (omit the quotes)
 
   listserv@cpsr.org    "GET cpsr/privacy/ssn Social_Security_Number_FAQ"
   mail-server@rtfm.mit.edu
                        "send usenet-by-hierarchy/news/answers/privacy/ssn-faq"
 
You can also ask for general help from either of these email servers by
sending a message to the same address with just "help" in the body.

                     ---------------------------
Info about the structure of SSN's and how they are assigned, use anon
ftp to cpsr.org, file is /cpsr/privacy/ssn/SSN-structure.
----------------------------------------------------------------------
Phone Number info:
The below is meant to illustrate just how easy it is to use reverse phone
directories to uncover the name/address associated with a given phone
number--

Info passed on from Blake Patterson (blake.r.patterson@att.com) 1/5/95:
Reverse (telephone) directory services give you the listed name and
address belonging to a telephone number.  Most cannot help with
unlisted phone numbers.  Here are some:
I. The UnDirectory service -- mechanized, low-cost, and quick
 
  You need:  Touch-tone phone and a line that allows 900- calls
  Action:    Dial 1-900-933-3330 and enter any 10-digit US number
  Pay:       $1 per minute (on next phone bill)
  Speed:     Instant lookup. If you're fast: 3 lookups a minute
  Coverage:  Listed numbers in contiguous US + Alaska, Hawaii, AT&T 800
  Available: 24 hours, year round
  Accuracy:  Like CD-ROM data -- better for some areas than others
  Provider:  Clarity Inc, PO Box 8357, Red Bank, NJ 07701
  Contact:   1-908-530-5100  -- leave a message
 
  No presubscription needed. No refund for unsuccessful lookups.
 
II. Telename (I think) -- uses live operators
 
  You need:  Phone and a line that allows 900- calls
  Action:    Dial 1-900-884-1212, give operator number, await lookup
  Pay:       $1.49 first minute, $0.75 per additional minute
  Available: Business hours
  Provider:  Telecompute Corporation, Washington, DC
 
III. Chicago-area lookups only (312- & 708-) -- mechanized, low-cost

  You need:  Touch-tone phone
  Action:    Dial 796-9600 from Chicago phones, or 1-312-796-9600
             Enter Chicago-area phone number
  Pay:       $0.35 for two lookups from Chicago phones;
             Long-distance charge, only, for outside-Chicago callers
  Coverage:  Listed 312- and 708- phone numbers
  Available: 24 hours (?)
  Accuracy:  High -- uses Ameritech's database
  Provider:  Ameritech
 
IV. Published directories
 
  Public-library reference desks often keep reverse directories,
  but only for local cities.  The book for one city costs $150-200.
 
V. CD-ROM phone directories
 
  Widely available.  Many provide only name-to-number lookups,
  not the reverse.

-------------------------------------------------------------------------
 
--->If you don't want junk mail, notify credit reporters, credit
    grantors, and the Direct Marketing Assoc. that you would like to
    be removed from their mailing lists.

See addresses above for credit reporters(TRW, Equifax, Trans Union), 
write to your credit card providers, and write to:

Mail Preference Service
Direct Marketing Assoc. 
PO Box 9008
Farmingdale NY  11735-9008
Request to be listed in the Mail and Telephone "suppression" file.

The Direct Mark. Assoc. can also be reached by phone:
Phone 212 768-7277  ask for Mail Preference Dept. (Better to write, IMO) 
Ask to be listed in the Telephone and Mail "Suppression" file. 
Stay on the line while info is typed in. Call a  month or so later to ask 
if you're listed.
___________________________________

Don't ask your mail carrier to stop delivering "junk" mail. They have a legal
obligation to deliver anything for which postage has been paid.

Do not send back the Business Reply envelope, stuffed full of the junk, back
to the sender. Likewise do not mark "Return to Sender" thinking that these
tactics will send the message that you don't want the mail. Most reply 
mail goes to third party sweatshops for data entry. Therefore, your effort
to notify them in this manner will be for naught.

--------------------------------------

Polk is a Direct Mail Advertising (read "junkmail") list developer,
and someone to whom you can write to get your name off the list:
 
        R.L. Polk & Co.
        List Compilation and Development
        6400 Monroe Blvd
        Taylor, Mich. 48180-1814
______________________________________
Finally, see Chris Hibbert's "junk mail FAQ" 
Look in misc.consumers or alt.privacy; or the ftp site 
rtfm.mit.edu in /pub/usenet-by-hierarchy/news/answers/privacy/junk-mail
--------------------------------------

---> Strike back when somebody has invaded your privacy. Notify the
     offending party that you're outraged and won't do business anymore.
     Tell the tale to anyone with media power--Congresspersons, Bankers
     Assoc., AMA, FTC, BBB, and newspapers.

---> Notify licensing officials if you learn the a private
     investigator has inappropriately gained information about you.

A few more points mentioned:
-->The Physicians Computer Network in Laurence Harbor, NJ is providing 
     free PC's to many physicians. PCN requires that they always be
     connected to the network so they can "scour the patient records of
     the M.D.s looking for interesting tidbits, and pull data for
     marketing lists" Page 193 

Ask your physician if she/he subscribes to this network and avoid
them if they do. 

-->The Medical Information Bureau (MIB) is a vast databank
     containing the summaries of health conditions for more than 12
     million Americans. Insurance underwriters scan MIB files to decide
     how much to charge for a policy, or whether to even issue the
     policy. Page 184

Obviously, inaccurate data can be extremely harmful. Call MIB to
get a form to request that they disclose your medical records to
you (or your physician). 

Medical Information Bureau
PO Box 105
Essex Station
Boston MA  02112
617 426-3660 follow instructions on voice mail.
Cost: free
Procedure: request disclosure form D-2
Canada:
MIB, 330 University Ave. Toronto, Ont. M5G 1R7 (416 597-0590)

Check out an article titled "Open Secrets: Medical Data
Gathered by Firms Can Prove Less Than Confidential", by Ellen Schulz, 
Wall Street Journal 6/9/94

Two more things you can do:

Write to the FBI to inquire about a search of the automated indices to the
central records system files maintained at FBI headquarters.

Federal Bureau of Investigation 
F.O.I.P.A Section		(Freedom of Inf./Privacy Act)
J.Edgar Hoover Bldg                 No charge
9th and E Streets NW
Washington, DC  20535
Phone 202 324-5520
Procedure: Provide Full Name, Date of Birth, Place of Birth, Address
           Request must be signed *and* notarized! or it will be returned
	   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
It takes a *long* time to satisfy these requests. Typically, several months go 
by between the time you make a request and the time you receive any 
notification of documents found (or not found). If documents are found, you
are then notified of the backlog and review period and you must wait until
an analyst makes a decision to send any info to you. Apparently there are
many exemptions under which the FBI can deny disclosure of records. This wait
could be a year or more I'm told. Periodic notifications are not sent. You can
call or write to inquire about the status of a request. The request is given a 
number and it is supplied to you on a form letter early in the process which
acknowledges receipt of your request.

------------------
From Chris Hibbert:
It's probably worth pointing out that there are statutory requirements
for timely responses.  You occasionally have to file appeals to get a
response, but there are organizations that specialize in houding
federal agencies to respond on time, and take them to court when they
don't.  (The biggest is called the Fund for Open Information and
Accountability.) 
-------------------

The Attorney General has specifically excluded NCIC records from the provisions
of the Privacy Act. However, NCIC computerized criminal files are now
maintained within the Identification Division records. If you desire a search 
of the Identification Div. records write to:
FBI Identification Div.
Room 10104
Washington, DC  20537-9700  
Proof of identity required--name, date of birth, and a set of rolled inked
fingerprint impressions placed upon fingerprint cards or forms commonly
utilized for applicant or law enforcement agencies. Processing fee $17.00, in
form of certified check or money order payable to Treasury of the United 
States. Ask for copy of Rules and reg's for Order 556-73 which will explain
procedure to follow for changing correcting, updating records.
-----------------------
There is a Freedom Of Information Act kit available via ftp to:
hyperreal.com  in directory /pub/drugs/politics/misc
The file is called FOIA.kit

- or, search ARCHIE for other FOIA info (lots out there). 
The Kit is very complete and informative!

Additonal FOIA info can be obtrained from 
ftp to cpsr.org in cpsr/foia/citizens_guide_foia.txt
The CPSR ftp site lots of other info of interest too!
Also, try gopher://wiretap.spies.com/00/Gov/foia.cit

The Electronic Frontier Foundation ftp server contains lots of info on
communications technology and privacy issues on ftp.eff.org
-----------------------

Check out the book from your local library or buy (~$22.00), read it, then
CONTACT YOUR CONGRESSPERSON! tell them you are appalled
at the lack of data privacy in America. Encourage them to
support legislation to protect us from information abusers! 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                            MISCELANEOUS
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Additional addresses and info: 
(Thanks to Chris Hibbert)

ChexSystems
Consumer Relations
1550 E. 79th Street
Suite 700
Minneapolis, MN 55425

What is ChexSystems?
They have a database of people who have had bank accounts closed for persistant
bad checks or fraud of one kind or another.  Many banks check with them and
report to them when opening new accounts. People who are refused service 
because of information about them in th
the FCRA, which requires the banks to notify them what information was relied 
on, who supplied it, and then ChexSystem is required to provide a free copy of 
their report to the individual.
 
==========================================
From: Judi Clark (11/16/94)-
The Privacy Rights Clearinghouse
The Center for Public Interest Law
5998 Alcala Park
San Diego, CA  92110
(619)260-4806
(619) 260-4753 (fax)
e-mail prc@teetot.acusd.edu
Hotline: +1 800-773-3348 (Calif. only)
         +1 619-298-3396
URL: http://www.manymedia.com/prc/
 
They have a number of valuable publications online.

==========================================
Privacy Journal
P.O Box 28577
Providence, Rhode Island 02908
(401)274-7861

North America:  $98/year
Overseas:  $125/year
Paid in advance: $35/year

========================================
Privacy Newsletter 
PO Box 8206 
Philadelphia PA 19101-8206 
Phone: 215-533-7373 
E-mail: privacy@interramp.com 
 
USA: $99/year (12 issues) 
Foreign: $149/year (12 issues)
========================================
The CODEX :
"Our purpose is to educate the layperson about the technology,
techniques and equipment used for professional intelligence
gathering." The Codex is published monthly by:
 Codex Publishing, 
 286 Spring Street, New York, New York, 10013. 
 Tel: 212-989-9898 
 Fax: 212-337-0934 
 E-Mail: SpyKing@novalink.com
  
  The annual subscription rate is $ 95.00 for US residents and
  $135.00 foreign subscriptions. All mail sent 1st class.
  To subscribe send a check or money order payable to
  Codex Publishing. Include your name & full 
  mailing address.

========================================
From Deborah Barett (4/17/95):
                Who (Secretly) Reads YOUR E-Mail?
                               by
                     Andre Bacard, Author of
                   "Computer Privacy Handbook"
                       ISBN # 1-56609-171-3
 
Do you like people to (secretly) monitor, store, and redistribute
your business and personal e-mail? How about your electronic posts?
Probably not.
 
[Andre Bacard] has written several privacy FAQs (Three to five page articles
in question & answer format). You can download these for free. To get
info, send this e-mail:
 
     To: abacard@well.com
     Subject: Help
     Message: [ignored]

Web site:
http://www.well.com/user/abacard -  with  links to book info, and
pro-privacy people and groups.

Editors note: see the PGP web pages for info on using PGP for mail
security...http://draco.centerline.com:8080/~franl/pgp/
========================================

There are many local credit bureaus. Bankcard holders of America, a
non-profit consumer education group, publishes a ``credit-check kit'' that
includes the name, address and phone numbers of legitimate credit bureaus
across the country, as well as a pamphlet that explains in details your rights
under the FCRA.  The kit costs two dollars and is available from:

	Bankcard Holders of America
	560 Herndon Parkway Suite 120
	Herndon, VA 22070

   If you disagree with anything on your report, contact the credit bureau.
The FCRA requires the bureau to reinvestigate the facts in the dispute; if you
do not agree with their conclusion, you have the right to include a statement
in the report with your version of the story.

========================================

 Obtain a statement of your earnings from the Social Security
Administration every two years.  This will tell you if someone else is earning
wages under your social security number, which can lead to many difficulties at
retirement.  If you suspect an error, you have three years, three months and 15
days after the mistake is made to challenge it.

   To get your statement, you need to fill out a Request For Earnings and
Benefit Estimate Statement card, which can be ordered by telephone from the
Social Security Administration's toll free number, (800) 772-1213.  Ask
for Form 7004, (Request for Earnings and Benefit Estimate Statement.)

For you net surfers you can download the Social Security Earnings and
Benefits Request form from the following URL:
http://www.ssa.gov/online/ssa-7004.html
 
=========================================
From foo@drycas.club.cc.cmu.edu
Date: 30 Sep 1993 13:05 EDT

If you REALLY want to get some good ammunition of WHY information should
be protected.. read this book:

GET THE FACTS ON ANYONE : How you Can use Public Sources to Check the
                          Background of Any Person or Organization.

By Dennis King, Award-Winning Investigative Reporter

published by Prentice Hall (part of Simon & Schuster) in 1992.

ISBN 0-671-86470-X

One part I really HATED was his discussion of what info is available
with an SSN and how to try to figure out if someone has a fake identity
using it.  I know it IS available, but that does not make it right.

I got the book in my college library, so try borrowing it first if you
can't or don't want to buy it.  The retail price is listed as $15 on
the book cover.

FOO
==========================================
In an effort to illustrate the amount of info available (and its cost), I 
have include a recent (10/93) Usenet post with all refs to poster omitted. 
Followups to this post have indicated that costs might be much lower
than those listed- I point this out only to show that this info -is- available
and at a relatively low cost. -dwm

                           =begin included post=
I wish to announce my recent aquisition of some databases which are
primarily used by skip-tracing, investigative and government agencies
to locate people, any assets they may have, and other pertinent and
personal details of their lives.

These databases are being made available to anyone who wishes to have
access to them. The charges are simply being passed along, 'at cost'
based on what I am paying. 

SOCIAL SECURITY NUMBER TRACING:
===============================

You provide an SSN. I will advise you of all the names which have
been used with this SSN, and the addresses which go with each. Or
it can be the other way around: you supply an exact name and address
(it can sometimes be a former address), and I will supply you with
the SSN used by that person. $60

PEOPLE FINDER:
==============

You provide a name. Any name okay, but very common names will
render a useless list. Middle initials and last known address is
requested if possible.  You'll receive a listing of every person who
has that name, along with other data:

     New address if they moved;
     Telephone number provided the number is published;
     Residence type;
     Length of residence;
     Gender;
     Date of birth;
     Up to four other household members and their dates of birth.

For additional information, People Finder also can provide a neighbor
listing which includes up to ten neighbors, their addresses, phone
numbers and residence types. 

The People Finder database has 120 million names, 80 million house-
holds and 61 million telephone numbers. 

It can be searched by telephone number only: You provide the phone
number, I will respond with the person's profile and neighbor listing.
Ot it can be searched by address only, with the same results.


Cost: $80-$120, depending on how extensive the search is.
People Finder comes with a guarantee: if I cannot produce at least
one person with the name you request plus an address for that
person, then there is no charge.

CONSUMER CREDIT REPORTS:
========================

Consumer Credit reports availale from one bureau,     $60
Consumer Credit reports available from three bureaus, $100

I need two things:

  1. The name and address of the person, plus SSN if possible.
  2. A *signed* statement that your request is for bonafide,
     legal reasons, i.e. you are considering an extension of
     credit to the person, or possibly employing them, etc. I
     cannot proceed without this signed statement.

OTHER DATABASE FEATURES:
========================

Has someone ever filed bankruptcy?  
                            
                                 Any one district               $40
                                 Checking all districts avail.  $160

Commercial Credit reports available on any business in file,    $95
About fourteen million businesses and corporations included.

Criminal History records available at $75-100 per jurisdiction you
request searched. I need the exact name, SSN and DOB  of the person. 

Death Records can be provided in various formats:

      By SSN only - is the holder of that SSN deceased or not?  $30
      By name - a more detailed account of their demise         $40

Drivers Records can be pulled but the exact name and DOB
is essential; otherwise if you have the full driver's license
number, the search can be reversed, providing a name and DOB
plus address. (Then use People Finder address trace on them.)   $65

Education and degree verification is possible, and frequently
used to expose those people who are not what they claim to be.  $35

Real Property Asset Locator database                            $75
I can do this, but need to know *which* areas to search. 

Who is the real owner of the corporation with which you are
having a dispute?  The name(s) and address(es) of the officers
of corporations are available in many places. Sometimes you
get their home address and phone number in the process.         

           If you know what state the corporation is based in   $45
           If you wish to have a search of 30 states done       $165

Would you like to know if someone is getting workers comp money?
           
            If you know what state they are likely to get it
            from, I can verify it  (only in selected areas)     $63


Uniform Commercial Code filings by state                        $52

VIN (vehicle identification numbers) checked by state           $50

                         =end included post=
-----------------------------------------------------------------------
George Galdiano <ggaldia@utdallas.edu> prepared a very nice Microsoft 
Word document, accompanied by an Excel spreadsheet to help consumers:
* get your name off junk mail lists
* contact credit bureaus
* contact Medical Information Bureau
* handles disputes 
* contact the Social Security Admin.

This resource kit can be obtained via anon ftp to: ftp.rahul.net in the
directory /pub/jag/privacy/
-----------------------------------------------------------------------
                                  END
-----------------------------------------------------------------------