You did WHAT with my SSN?

By Andrea Karim on 14 January 2010 (Updated 4 February 2010) 44 comments

Like many idiots, I bought my house at the peak of the real estate bubble, locking in a 30-year fixed rate mortgage at 6.375%. With escrow and taxes going up every year, and income going down (and no sign of a seller's market on the horizon), I decided recently that I HAD to refinance.

I looked at some online quotes and called my local credit union to see what kind of rates were being offered in general (nothing worth my time). Since I knew my combined credit and payment history put me in fairly good standing, I figured that my current mortgage holder, US Bank, would want a shot at keeping me as a customer. Besides, my local branch employees were known for their stellar service and since I already had a linked checking account set up with direct deposit and everything, staying with the same bank would save me the headache of rearranging everything with the HR department again.

I called the local branch and got the number for their mortgage rep, someone who had been highly recommended by an assistant manager. The mortgage rep, who I will call "Linda" for the sake of this story, spent two days a week at my branch and serviced other branches on other days.

I have to admit, when I first called Linda, I was impressed with her. She was efficient, calm, collected, and totally in control; she had the ultimate phone voice. She understood the bits and pieces of mortgages in a way that I will never hope to. She asked about my current rate, payments, goals, income; all of this was very standard, but her manner was so with-it that I felt like I was in good hands.

And then she asked me what my mortgage number was.

This was not an unreasonable question, and any person who is capable of reciting their own phone number without checking their address book would probably have had no problem providing this info. As for me, well, I can only remember the first three digits of my mortgage number on a good day. Scrambling, I tried to log into my online banking account to refer to the linked mortgage info, only to remember that I had managed to lock myself out of the online account the day before, entering the password incorrectly many times.

"I'm sorry, I don't have the number on me," I stammered.

"That's OK," said Linda, "I can look it up using your social security number. The bank database has all of your account info."

It should be noted that I have a very active imagination, so at this point, I'm picturing Linda sitting behind a large desk in her downtown office, wearing a headset, tapping my SSN into her sleek laptop, which is securely logged into the banking system via ultra-mega locked-down VPN. I also imagine that Linda is brunette. Please don't ask me why. These are details that I literally picture in my head, for no good reason at all.

I half-whispered my social security number over the phone line, always nervous that someone bad will overhear. Linda explained that she would have to send away for a bunch of data from headquarters, but that the mortgage application is usually returned within 24 hours, and that she would call me back early in the next week to schedule an appointment to go over the various mortgage options. I felt relieved. The burden of my mortgage has really been getting to me, and I'm looking forward to the possibility of any financial relief.

Early the next week, I found myself in the bank, making some deposits, and I noticed that Linda's usually-empty desk is occupied with someone who I assumed must be Linda herself. Having not heard back from her yet, I decided that, for once in my life, I was going to be proactive. I walked up to her desk, verified that her name tag read "Linda", and waited for her to finish doing whatever it was she was doing on her (sleekish) laptop. She tapped away, glancing at me as though my presence was not appreciated.

Linda is actually a bottle blond.

"Hi," I said, holding out my hand, "I'm Andrea Dickson, and we spoke on the phone last week about refinancing my mortgage. I was wondering if you had a chance to look at your schedule? Maybe we can set something up while I am here." I am amazed that I say the entire sentence without tripping over my words, as is my tendency.

"Oh," replied Linda, definitely looking less-than-thrilled, "I didn't get your mortgage number from you, so I was unable to retrieve your information. You said you were going to call back, but you never did."

I felt my head tilting to the side in the confused manner used by puppies who are encountering other animals for the first time. I reached into my purse, as though my mortgage number is simply floating around in there.

"No," I said, remembering our conversation, "I gave you my social security number, and you said that you were going to look up my mortgage info."

"Oh, I did say that, that's right." It was clear to me immediately that she hadn't even started the process. She reached into her bag, pulling out what, in my imagination, was surely going to be a leather-bound ledger book, with carefully written data about me and what I had told her thus far about my mortgage. Navy leather, is what I figured.

Not... a lined spiral-bound notebook with... were those doodles?

Linda turned to the back of the notebook, past pages and pages of notes written in large, blocky letters in purple ink, and there on the last page is "my" name, "ANDREA DIXON" along with my social security number, next to a drawing of what Linda apparently thinks a starfish looks like.

It didn't actually occur to me that Linda was going to be writing down my social security information to use at a later time. But something about seeing my personal data in a Gregg Rule Stenobook, alongside the personal information of other customers, seemed galling.

I didn't know what to say. While I hovered, Linda assured me that the information she was sending away for would be back within 24 hours. I contemplated making a scene, but because I am a wuss, I left the bank after pointing out that she had misspelled my name. Linda gave me a look that indicated that she didn't care how I spelled my name. I could tell that this was the beginning of a wonderful business relationship.

Back at my desk, pondering the issue, I decided to call Linda and ask if I could have that piece of paper with my data on it.

I hate confronting people. I hate confronting people. This was my mantra as I waited for Linda to pick up her line.

Linda answered the phone and I explained to her that I felt a little weird about my data, especially my full social security number, being written out in a notebook like that. I told her that I felt that the information was unsecure, and that if I had known that she was going to be writing it down, rather than entering it into a encrypted computer database, I would have called her back with my mortgage number once I located it.

Linda's tone was distinctly irritated. Who was I to question her methods? "I can assure you that your information is safe with me. I never leave my notebook lying around. That's illegal."

"Well," I said, struggling to be polite, "That's good. But I'd still feel more comfortable if you could give me that sheet of paper so I could shred it."

"I have other customer data on the page besides yours," snapped Linda, "Customer information that is as valuable and as important as yours is." This is clearly meant to comfort me; that Linda is being as irresponsible with her other customers' data as she is with mine, that all of us are at risk.

"I honestly don't know what to tell you to make you feel better. I've always kept records like this and I've never lost anyone's information. My briefcase has a lock."

This is good news, because no one has EVER successfully stolen a locked briefcase. It's a well-known fact that all locked briefcases immediately detonate upon being fondled by sinister hands.

"I carry files all over the place that have more customer data than I have for you. I have mortgage application files on me at all times." This is where Linda wants me to know that my piddling little social security number is of no great importance compared to other customers, who have handed over addresses, phone number, spouse names.

"I'm really uncomfortable with this," I say.

"Well, I can't give you the piece of paper. I can't give you another customer's data. If it makes you so uncomfortable, I can always cross out your social security number with a black marker, so if I lose my notebook, no one can read it."

This is a time-tested method of securing data that has NEVER failed. Now I can rest easy, knowing that should Linda misplace the notebook, which will not happen because it hasn't happened yet, no one will EVER be able to flip the page over and read the imprint of my social security number on the backside of the page.

The thing is, I'm sure Linda is a trustworthy employee. I doubt she runs around scrawling my SSN and name on bathroom stalls, and she is doubtlessly fairly careful with her notebook. But Linda could be a trained CIA killer who would rather die than have her personal notebook stolen and still manage to have the darn thing stolen. A briefcase full of files? Easily stolen. A steno book? Much. More. Easily. Stolen.

Wondering if perhaps I was overreacting, I called another branch of US Bank and inquired if it was common practice to write down customer's data in a notebook. Startled, the manager told me that while it was part of a mortgage professional's job to carry files that contained data, such data was not often stored in a notebook. When confonted with this information, my own branch's assistant manager assured me that he uses a notepad to write down all kinds of data from customers, from account numbers to social security numbers, and that he is very careful with how that data is handled. He didn't tell me how these notebooks are disposed of.

This doesn't sit right with me, but I am uncertain as to what exactly it is about the situation that I find so upsetting. Is it that Linda is extremely unfriendly and I am overly sensitive? I'm not even sure if any laws are being broken by Linda as a bank employee. I imagine that if a bank teller at the same institution wrote down my social security number on a piece of paper for the purposes of helping me with something, and then took the paper home, they would be breaking more than one law. 

Truth be told, I can't find any specific laws relating to the banking sector and personal security. HIPAA might protect our personal data as it relates to our health, but the only federal law that might pertain to such activities isn't even a law yet, but still a bill being reviewed in the Senate. So much modern legislation deals with protecting our identities and information from digital breach, but what can we do to prevent employees from writing our social security numbers in giant purple in a notebook while running errands? I doubt Linda has a separate book with back-up notes that she can use to notify me if she DOES lose the notebook and my personal data falls into someone's less-trustworthy hands.

Here's the thing: I don't really know the legal implications behind this. The way that Linda, and apparently the other employees at my bank, are treating customer data may be well within the legal confines of their profession. But it shouldn't be. So much of the laws that are passed in this country are reactive. They deal with how to let customers know once their data has been stolen, usually electronically. I'd like to know what my bank is doing to keep my data FROM being stolen, and "we've never had a problem so far" is not a good method for ensuring data security.

The lesson, of course, is to never give out your social security number unless you absolutely have to, and even then, see if you can push back a bit. Because you simply never know.

What would you do in my situation? Do you think the measures undertaken here are secure enough for YOUR data?

5
Average: 5 (1 vote)
Your rating: None
ShareThis

comments

44 discussions

Add New Comment

CAPTCHA
This test helps prevent automated spam submissions.
Guest's picture
Adam

"Linda" should have understood your concern, recorded the other customers information that was on the same page, shredded the paper and recorded your information with your account number instead. It wouldn't have been hard for her to do that.

Banks do, however, have lots incentives to keep our personal data safe without the government telling them how to do it. No law, regulation, or government employee is going to keep your information safe. If you don't trust your bank, take your business elsewhere, that is their incentive to making sure you feel safe, which is a much greater incentive than some regulation.

Guest's picture
Jennifer

I would contact US Bank's national customer service. They might not do anything or if they get enough complaints about data security they might. As someone who works under HIPAA, I feel the constant pressure to make sure personal health information is kept secure. There was nothing to stop me from writing down such information but if it were seen by a random auditor left unattended on my desk, I would likely be fired.

Guest's picture
NMPatricia

For what it is worth, I think your discomfort is totally legitimate. She SHOULD have been more sensitive to you. And, I am darn impressed with the steps you took (calling her). And as the last comment states, not sure what else can be done. Except for them to know that you will be sure to let others know your dissatisfaction with your experience. When business is, or should be, highly prized in this economy, you would think they would be doing hand stands to keep you happy. This kind of customer service usually has me steamed. I happen to believe my money is worth more than that type of attitude would indicate!

Guest's picture

If I'd been in your shoes, I would've had the exact same reaction. In this day and age, you'd think that businesses (*especially* banks) would be sensitive to customers' desires to keep their information safe and confidential. I would register a complaint with as many people at the bank (at a local and national level) as you can. It's been my experience that people don't always let businesses know when they're unhappy about something because they assume that other people have already done so, and hence, businesses never realize they're trampling the public.

Guest's picture
Guest

That is irresponsible, especially for a bank employee. I have issues with my insurance company. They still use my ss for my identification number and I must furnish it everytime I see a dentist.

Guest's picture
Guest

Most health insurance companies have long stopped the practice of using people's SSN for insurance IDs, but dental insurers often lag the medical plans in these kinds of things. But when using SSN was still a common practice, most insurers allowed you to request a different ID (not using your SSN). I did this several times.

Guest's picture
mjfrombuffalo

From a customer-service standpoint, Linda's entire interaction with you was poor and her response to your security concerns decidedly flat-footed.

From an identity theft point of view, while it certainly doesn't engender any warm-and-fuzzy feelings knowing your (misspelled) name and SSN are in a spiral-bound notebook, the odds are your name and SSN have found their way onto other scraps of paper over the years without incident. At this point it's rare that identity theft happens from people stealing briefcases or people going through trash. Your greater risks for identity theft are organized groups stealing databases, or friends/relatives who have access to your home or mail. (43% of identity theft is done by someone who knows you, like a drug-addicted relative.) http://www.idtheftmostwanted.org/artman2/publish/lib_survey/Press_Releas...

Andrea Karim's picture

It's true that banks have every reason to keep my data safe, and I am reassured by my local bank's track record. And it's probably true that my SSN has been written down on scrap paper than I've ever known about.

I'm actually a bit irked at myself for not being less lazy and simply getting around to finding my mortgage account number. That would have pretty much avoided the whole situation. I'm usually very reluctant to give it out.

Guest's picture
Deborah

I think you should find a different bank. No professional financial institution handles customers' financial data in such a careless manner - at least not the good ones. Most banks in the 21st century enter your information into encrypted computers.

If that was my situation, I would surely move banks. I understand keeping a hard copy of client information for records is standard procedure, as I do this with my customers all of the time, but social security numbers and other sensitive information should never be stored as a hard copy, and especially not the ONLY copy.

You can call FINRA and report this practice to them. Be sure to tell them the full legal name of the employee and the address of the bank that you go to. I doubt such practices are legal..and if they are, they are surely unethical.

Guest's picture
Guest

100% agree with prev. poster, US Bank should no longer be your bank. If you're uncomfortable telling them this in person, call the branch, get the email address of the Branch Manager, and make a scene over email about Linda and about what can be assumed is the bank's privacy practices.

This situation may or may not involve the actual 'breaking of laws', however it is FAR FAR beyond what is acceptable to me, and, I assume, most privacy-minded individuals.

Guest's picture
Jonathan Davis

http://www.usbank.com/cgi_w/cfm/about/privacy/consumer_privacy.cfm

Specifically:

"We Protect the Confidentiality and Security of the Information We Gather
We restrict access to personal information about you to those employees we have determined need to know that information to provide products and services to you. We maintain physical, electronic, and procedural safeguards to keep information about you safe."

I work in IT, so data security is an important focus of my job. Like you, I am also slow to tell someone else how to do their job. However, if I had seen the notebook you described, I would have immediately asked for the manager, and watched as he or she shredded that page. I would have then filed a formal complaint with the branch, and coporate offices. If they responded with the same attitude that she took when you politely approached her about this, I would have closed all of my accounts within the week.

Banks and other oganizations are required to report to customers when there has been a data breach that might have contained their personal information. How would she know which customers information had been lost, when she couldn't even remember a conversation from a week earlier.

Guest's picture
Michele

This is absurd. If it were me, I'd contact Linda's supervisor and alert them of how Linda is handling my data (and other customers' data), and then I'd take my business to another bank.

Who cares if it's illegal? The legality of Linda's conduct is irrelevant. But her conduct is putting you at risk of identity theft. Kick that bank to the curb, but give her boss a courtesy call to explain why.

Andrea Karim's picture

You guys are so nice to provide feedback! Glad to know that I'm not entirely paranoid. I actually did ask to speak to the manager. I left several messages, and finally drove back to the bank and asked to see her. She was on a conference call and I said that I would wait until she was done. It was pretty clear that the other employees knew what was up, because there wasn't much in the way of cooperation there.

The best I could get was the assistant manager, and he assured me that Linda's behavior was standard and that I had no need to be worried, and that HE wrote down confidential information all the time.

It's tough to switch banks, though, because US Bank holds my mortgage. So it's a matter of refinancing to get a better bank, and that takes some serious time! The manager of the bank hasn't called me back yet, and it has been several days, so... oh, well. Time to move institutions, I guess.

Guest's picture
Mary

I agree with all of the statements of your concern and the thread. It is enough to make a person feel "paranoid"!
I use only credit unions after some of my experiences with "banks" per se...as they seem to be more considerate, fair, and are generally members as well.
In as far as feeling it difficult to "confront" I have found it very helpful (I really don't like confrontations either) to separate out what is Yours and what is Mine with businesses and just make the lines clear and keep a cool head on the spot...I agree with the above comment to establish your rights and act on them. I've run away from many such confrontations before I turned 40, they made me feel ill. I built little concentric circles from my most intimate circles out and defined lines as to how much they are allowed into my life. It works for me. I wish you the best and keep up the keen eye you obviously have.
p.s. I just got notice that my athletic club turned me into collections after giving me a full 6 months permission for leave as I am volunteering as an RN in Guatemala....go figure...cause I surely will.

Guest's picture
Cat

The Gramm Leach Bliley Act is the law related to privacy protection in the private sectors of banking and insurance. It states that there must be policies in place to protect information from foreseeable threats in security. How your bank complies should be outlined in their privacy notice that you should get once a year. This wikipeia page has a pretty good overview: http://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act#Privacy.

This person's methods don't seem in keeping with the Act. As an insurance professional, my company requires me to keep any docs with policyholder info in the office, and to shred them when I'm done with them. Anything that goes out of the office has to be transmitted and received through our secure e-mail or management systems. Every employee and contractor we work with has to sign off that they understand the act and will abide by our privacy regulations.

I hope this helps you understand the potential illegality of Linda's actions. In my opinion, they should violate the bank's privacy and security policies- and if they don't, it would seem the bank is not in compliance with the GLBA.

Guest's picture
lynne

I have worked in a company that provided student loans before and as such, was asking people for (and receiving) their social security numbers (and names, and addresses, and many identifying details about them) all day long. procedure where I worked was, in fact, to keep this information on a piece of scrap paper...but then those papers were put into a locked container that had a tiny tiny hole in it every few hours, and then the contents of that container were burned every few days. still a little sketchy, if you ask me, but far better than your bank's behavior.

I think the fact that bankers deal with this type of information all day long makes them a little insensitive to what it means to people. The fact that you clearly stated your discomfort, however, should have meant more to them than their own comfort with their practices. I say find a bank that won't do that and switch.

Guest's picture
Guest

You have every reason to be concerned. I work for an agency that, while not a bank, takes down customer's SSNs on a regular basis. They can be written down on post-it-notes, notebooks, anything. There are no standards for that.

It is only in the last year or two that we've implemented a clean desk policy requiring that ANY piece of paper with any personal info on it must be shredded or locked up at the end of every day. And WE don't even do the shredding. All shred bins are emptied into LOCKED trash bins that are weekly or monthly picked up by a contracted shredding company.

Many companies are just now starting to understand how easy data like this is to steal. Any janitor, spouse or building maintenance person could walk by and grab hundreds of SSNs off our desks.

So the concept of a clean desk policy is relatively new to a lot of companies. I'd imagine there are a lot of technophobes and dinosaurs out there who simply don't understand the necessity and it's generally seen to be the domain of the IT department.

Guest's picture
Maria

I would tail "Linda" after work, wait until she was going into her house, run up and grab her briefcase. After a short chase, I'd turn around and say "SEE! See how easy it is to lose all of this valuable personal information when you keep it in a...notebook...with Dooodles!? HA! I told you so! And - by the way - that DOES NOT even resemble a starfish!"

Andrea Karim's picture

LOL! It really didn't resemble a starfish, other than being ever-so-vaguely star-shaped. I don't tend to talk with the ellipticals, although I can see why it would appear that way.

Guest's picture
Amy

I believe Linda is violating reasonable standards of information security. Whether it's because she doesn't know/realize that's what she's doing (putting equal blame on supervision for not being clear with her) or doesn't CARE that's what she's doing (still equal blame with supervision for not enforcing these important standards), you and other customers are still at risk. The fact that supervision didn't care either points out that none of them 'get it' at that branch, or else USBank as a whole cannot be trusted. I am guessing the branch is being lazy but corporate policy should really govern this--and enforce it.

If she had said she locks up such info in her desk at the end of the day, that might be different... but to carry it around with her?? I think I'd file a formal complaint. But maybe after your refi is approved, if you are worried they will thwart the process!

Guest's picture

Wow, I'd be looking into a new bank, too! Linda's actions do not inspire confidence, and her manager's reaction would be the confirmation that it is time to move my business.

Guest's picture
Mary

Oh, and I have a check back from a bank, Wachovia, which decided that they owed me some funds and mailed me a check for: $00.01 yes, one penny, on paper all the way to Alaska where I live. How much do you think it cost them to send me my refund check? I can hardly calculate that, can anyone else? I'm tempted to cash it...but it's too much fun just to have it.
So, how do these people such as "Linda" get away with such buffoonery?

Guest's picture
Jennifer

Just wanted to add, legality and personal security issues aside, once you called and let her know you were uncomfortable it was very poor customer service for her to brush aside your concerns. Ridiculous.

Guest's picture
reeder

I recently called US Bank's National mortgage number to speak with a loan agent and in order to speak to a loan agent, the "specialist" on the line required my ssn. I told her I don't give that out unless necessary and was it really necessary to give her that information in order to talk to a loan agent about their rates and possibly (POSSIBLY!) attaining a pre-approval. She said it was. I thanked her and said I'd call my local US Bank office.

Keep in mind she was just the receptionist/call director/gate keeper. Not even a loan agent.

I do bank with them but this left me somewhat annoyed. None of the other banks I called had a problem with at least providing apr and even information on their standard debt to income ratios before asking for my social security number.

Guest's picture
Guest

Similar situation - I was tempted by the ads into checking my car insurance rates online. I foolishly fed my information onto a form, expecting to have an opportunity to compare rates of a few agencies. None were demonstrably better than my current insurer. Then several months later I got a form letter from a local agent, apologizing because HIS laptop had been stolen from inside his office. He went on to say that the laptop was loaded up with personal information, including SSNs for all kinds of people, even people who were not his clients but who may have requested quotes from him. The tone of the letter was very blase, especially considering that the dreaded theft had already occurred. That's the last time I'll avail myself of the convenience of quick online comparison shopping without knowing who is offering the quote.

Guest's picture
Guest

First I see the concern, but most security is simply a illusion of security for piece of mind.

For example lets talk home security. While one may feel safe in your home or feel your home is safe while you are away. Any "free" rock can break a window. This may sound simple but IT security is about the same. If someone is good enough and wants something enough they can get it.

In your case the example was at least on US soil, what about the large number of call centers that are being off shored with less than US standards? Many major banks and other companies do this and have access to this type of information.

My overall point of these statements is this that there really is not a lot of options other than paying a service to watch your credit report and etc. Even this is not a guarantee but at least many offer insurance if someone was to steal your identity.

Guest's picture
Kristin P

File a complaint with your state's attorney general. US Bank is clearly in violation of privacy laws.

Guest's picture
Lesa S.

I *know* this is a completely serious topic and must be treated as such. You are just so witty Ms. Andrea I was doubled over in laughter at the picture you paint for us. Certainly however I stand up and take notice. Great article! Peace.

Guest's picture
Joe Enos

You should absolutely be concerned about this behavior - if you don't switch banks, at least file a formal complaint.

In this day and age, there's no excuse for a national financial institution to not have secured software that these types of notes can be entered. Even so, writing things down on paper may make sense at times - when I was in the banking industry, I did write sensitive things down on paper on occasion, but I was a lot more careful than to carry those around with me - the notepad would never leave my locked desk (in a secure building), and I would shred the sheets on a regular basis, once I was done with them.

Andrea Karim's picture

Thanks, Lesa, that's really nice of you to say.

I do plan on filing a complaint with the bank, but will probably have to push back really hard. Everyone at the branch is intent on letting me know that the problem lies with ME, which is is troubling to say the least.

Guest's picture
Wulf

I've taken the policy of never giving out my social security number to anyone except government offices and never giving out my home address, ever. When asked I simply say, "Oh, I'm sorry, I can't give out my address to strangers."

I didn't even give my address to the DMV. When they demanded it, I pulled out a piece of notebook paper, pen poised, and asked the clerk for her home address, SSN, and home phone number. She grunted and put in my mailing address without further comment.

At one point, when purchasing a trailer, a car dealership demanded my home address. I told them they couldn't possible have a use for it since they wouldn't be coming to my house in person, would they? Of course not. And they can't deliver mail to my house. Why not? We blew up the mailbox for fun. That gave them pause.

It's a new world, demanding every bit of data you won't hold onto with an iron grip, but a lot of times, a simple "I'm sorry, but I can't... what can we do instead?" helps quite a bit. And when that fails, acting weird can do the trick :)

Guest's picture
sewingirl

I realize this isn't the issue that it used to be, but 10+ years ago, I worked in the local discount store, and the check cashing policy was that you had to have a phone number to cash a check. Many times, customers refused, on the grounds that they were paying to have an unlisted number, they don't give it out at the store. The manager and I had words on this topic several times, and I did have to turn down some checks. Some customers didn't come back, and some just made sure that they had cash. Nowdays that would be like asking for your pin number, nobody would dare!

Guest's picture
Debra

I have worked for home in the past, for a company that often required social security numbers. I was required to lock my computer when away from it and shred or lock up any client identifying information-- that wasn't limited to social security #s. I occasionally had to write down social security #s, but I was required to keep the information secure. Granted, there is no *guarantee* that no one would break in my house and break into my locked drawer and steal information that wasn't shredded, but there really aren't guarantees with most things in life. However, I was required as part of my job to do my part to keep that information safe and secure. If Linda, while going from bank to bank, needed to bring personal information like that with her from place to place, she had to try to keep it secure. If the notebook was in a locked briefcase, she may believe that she *is* doing that. But if she's just got it in her purse or an unlocked briefcase, that's not all she can do.

I haven't ever worked in the banking industry, but I wonder how long she expected to need that information-- from you or from anyone else. I can't imagine needing that information for longer than it would take to fill in an application or look something up on their secure website. Then the paper should be shredded.

Regardless, since you weren't comfortable with your information being on that page, she should have cut your information off the page and shredded your information. Sounds like someone who just isn't that organized, and I wouldn't want my information in the hands of someone like that, for it is quite EASY for it to get lost, misplaced, or mishandled.

The fact that the other people you voiced your concerns to responded defenisvely instead of trying to make the customer happy (I mean, it's not like your request was unrealistic or even DIFFICULT!), speaks very negatively of your local US Bank. Perhaps other branches would treat you (and your private personal information) better, but I don't know that I'd take that risk.

Guest's picture
Orguy

What? The banksters have been front and center in our massive economic meltdown, and you are shocked, SHOCKED !, to discover bank employees who are careless and incompetent.

Andrea Karim's picture

Yeah, Orguy, I don't think that anyone here is expressing shock (SHOCK!), just a bit of dismay. Also, data security is really not at the heart of the economic meltdown. Nice attempt at correlation, but FAIL.

Guest's picture
Guest

I would suggest that the poster find out the name of the president of the whole bank, and perhaps the chairman/woman of the board, then write a letter (that's right, on paper) outlining exactly what she's explained in this post and send a copy via snail mail, CERTIFIED and RESTRICTED DELIVERY to each of said persons. Be polite, but firm. It'll cost around $6.00 apiece. Certified means you get signed proof of receipt and the restricted delivery means that the individual addressed or their representative must sign for it, not just anybody from the company who shows up at the post office. This combination tends to get attention. I have done this on many occasions (insurance companies, judges -I've gotten parking tickets from cities I've never been to - governors, turnpike authorities, etc) and only one time have I gotten a less-than-satisfactory result. It's pretty amazing the attention my complaints have gotten and I have ALWAYS received a reply. And when you're done with all this, move as much of your financial business elsewhere as you possibly can.

Guest's picture
Sarah

First of all I want to say that I agree that this is an unacceptable way to use and carry customer data.

I work in a business that deals with ssn's all day long and while it is very important to protect these numbers, people in my industry almost become de-sensitized to it.

I give out my ssn only if I called a company that I already do business with and I called them. I would never give it out to someone who called me or to a new business I did not already deal with. Common sense I think.

I also believe that while it would be a pain in the rear to have your identity stolen, God is in control of everything, even my private data. If I am going to have my ssn or identity stolen, that is within His control and He will still provide for us and get us through the situation.

And one last thing, I think the previous poster Wulf and a few others are overly worried. Since when has your address been sensitive data? I understand not giving out your date of birth and ssn but I think some people are far too paranoid. Again, I have a peace with not being overly worried about the small things because God is in control.

I would find a new bank if I were you!

Guest's picture
Margaret

Who cares about the law? Linda did something insecure with your personal data that made you feel uncomfortable, and when you told her so she refused to destroy that piece of paper. That's the bottom line, legal or not.

Guest's picture
Jamie

No bank employee should ever be carrying around customer's personal information. I've been working in the banking industry for years, and the only time I write down personal information is when I'm talking to someone on the phone: I might write down their social or account number, but I promptly shred them as soon as I'm finished. All other files and paperwork are kept under lock and key at all times unless they are actually in use, being looked up by an employee. You were right to confront them, unfortunately some people just don't realize or don't care what a security risk people's information can be. In my opinion, the customer's information is more valuable than the cash in the vault: the cash is insured, but what about your credit and reputation? I'm sorry you had to deal with such terrible service!

Guest's picture
Lisa

The department of Motor vehicles sells all your info from addresses to S.S.# to whatever they have on you. Here is one I don't like either, I went to the local one stop job place in our county. They have a sign in sheet that you have to sign before you can even get a list of any job openings. Here is what they want: name, address, phone , birth date & last 4 digits of social security number. I refused to put it & asked if they had heard that anyone can figure S.S. number out if have last 4 digits & name & birth date. She said no. I told her to look it up on internet . they still make people do that. What if someone can remember numbers good, cause everyone coming in looks at this & signs it. I could easily remember enough for 2 people on it. Not good at all. What you think about that?

Guest's picture
Elgog Partynipple

The bank would fall under the rules of the Banking Modernization Act of 1999 alao known a the Grahm Leach Bliley Act or GLB.

This Federal law specifies what infomration needs to be secured and how to secure it. For instance, banks cannot use just any encryption for email or account information. It must comply with the Federal Information Processing (FIPS) rules. At the very least, SSN infomration printed or written down needs to be "Redacted". This is where only the last 4 digits of the SSN are written or displayed on terminals. Walking around with customer account information or SSN's is currently illegal. Even if it's on a laptop. If the files on the laptop are in compliance with FIPS standards, then that would be in compliance. Written on a note pad in someone's purse is not in compliance.

You bank agent is clearly not in compliance with GLB or FIPS and you can file a complaint with federal government. I wouldn't file with the state AG because GLB and FIPS is specifically Federal. Your state may have additional rules as well and would be quicker to respond than the Federal Gov't.

Guest's picture
Josh

I don't like giving out my SSN either. Being duped as a youngster (12-13) on chat channels I later found myself with charges from Dell computers adding up to around $9000. Luckily It was all removed, but that was scary.

My wifes mother has this site she goes to to look up unreleased money held by the gov. or state or whatever (unclaimed money - legit site I'm sure, but creeps me out some). She asked me for my SSN to look it up and I told her I don't know this website and will not do it. My wife and her mother looked at me like I was crazy. Sorry but your crazy if you think im handing my SSN down to some online company through someone elses computer!@

Anyway I never read blogs much, but yours are interesting. Keep it up!

Josh

Guest's picture
Guest

i THINK YOU over reacted grossly. WE're people, not robots. We take notes, make priority lists, do our jobs. If a 'customer' of mine asked for a sheet of my notebook back, I'd give it to her and she'd be the butt of every joke in my industry for years. Let people do their jobs. This lady was not going to steal your SSN. How naive (yes, too lazy to look up the spelling.) You have no idea how many companies have access to your mortgage info. Ever wonder why you get mailings about new kitchens right after you settle on a house? It's all down there at the courthouse for anyone to read. Many localities keep your SSN on their registered voter list and anyone willing to pay the money to buy the list can get it.

Andrea Karim's picture

Next time, be sure to post your business info so I can be absolutely certain not to frequent your establishment. As the article said, I was not worried about HER stealing my data, I was worried about my unsecured data (and that of every other client she had) by someone else.

And actually, no, my social security number is not "down at the courthouse", but I'd be delighted if you were able to locate it and send it to me as proof.