Get the real story on protecting your data

By Liz Pulliam Weston

"Starting July 1st," the e-mail message read, "the four major credit bureaus in the U.S. will be allowed to release credit info, mailing addresses, phone numbers, etc., to ANYONE who requests it."

After seizing your attention with this awful news, the e-mail -- which was probably forwarded to you by a concerned friend or family member -- urges you to dial a toll-free number to opt out of this information-sharing free-for-all. The e-mail probably ends with a plea to forward the e-mail to everyone you know and may include a personal note from the sender, saying something like: "I did this, it just takes a minute and it works!"

A lot of otherwise smart people are falling for this really annoying hoax. Each summer for the past three years, I've been sent this e-mail by readers and even sources, including a financial planner, whose acumen I otherwise respect.

The hoax is irritating in part because it would have taken these folks just a couple of minutes to check one of the many Web sites, such as David Emery's Urban Legends and Folklore, that debunk this and other e-mail myths.

Why this is a hoax

Even worse, these people think they're actually doing something to protect their privacy, when in fact they're missing real opportunities to limit access to their financial data.

If you need the rundown on what's wrong with this e-mail, here's the list:

• It's bunk. The credit bureaus do not and will not release your credit history to "anyone who requests it." The bureaus sell information to lenders, insurers and others -- they don't give it away. The person or business requesting the information must have a legitimate reason for requesting it, as defined by the Fair Credit Reporting Act. Typically, you must either initiate a transaction with the business requesting the information or give it express permission to pull your report.

• July 1 marks a marginal increase in your privacy protections, not a decrease. Something did change on July 1, but it was July 1, 2001, and it didn't have anything to do with your credit history. As of that date, banks, lenders and other financial institutions were required by the Financial Securities Modernization Act to tell you about their data-sharing policies and to give you the chance to prevent having some of your personal information shared or sold.

• It's a real number, but it doesn't do what the e-mail purports. The phone number included in the e-mail connects you to an opt-out service, all right -- but it's an opt-out service for credit-card solicitations. Signing up through the toll-free number (888 5 OPT OUT) simply removes your name from marketing lists the bureaus sell to credit card lenders.

(The opt-out service is worth signing up for, by the way. I noticed a significant decline in the number of credit-card solicitations stuffed in our mailbox since we opted out several years ago.)

What you really can do about it

You're absolutely right to be concerned about the widespread dissemination of your personal financial data. Not only does such information-sharing lead to more e-mail, snail mail and telemarketing spam, but you become more vulnerable to identity theft as more databases collect your information.

That's because identity theft is sometimes an "inside job." Unscrupulous employees collect names, Social Security numbers and other critical information to make fraudulent charges on your accounts or open bogus credit accounts in your name, or they sell it to criminals who do the same. You can't prevent this type of invasion, but you can reduce your odds by limiting, as much as you can, who gets your data.

And that takes work. It's not as easy as dialing a toll-free number. Among the steps you need to take:

• Read the fine print. Financial companies often slip their data-sharing policies in with all the ads and other junk that accompany your bills. These notices seem to be designed to be ignored -- they tend to be small, densely-worded brochures in barely readable type.

  Get the latest from Liz Pulliam Weston. Sign up to receive her free weekly newsletter.

  Preferred format:

  HTMLPlain Text

  Learn more about newsletters

• Take action. Once you've read the policy, let the company know you don't want it sharing or selling your information. Some notices provide some kind of form for you to fill out, but they don't make it easy -- there's usually no addressed, stamped envelope. You'll have to do the work yourself.

• Get active. Some states -- including California, Vermont, New Mexico and North Dakota -- make businesses get your permission before they share or sell your information. In other words, business has to convince you to opt in, rather than your having to "opt out." If you like that idea, contact your lawmakers.

• Pass it on. Bookmark this column and e-mail it to whoever ships you that stupid, misleading e-mail. You can help stop an aggravating hoax and help disseminate real information about protecting privacy.

Liz Pulliam Weston's column appears every Monday and Thursday, exclusively on MSN Money. She also answers reader questions in the Your Money message board.