You did WHAT with my SSN?

For what it is worth, I think your discomfort is totally legitimate. She SHOULD have been more sensitive to you. And, I am darn impressed with the steps you took (calling her). And as the last comment states, not sure what else can be done. Except for them to know that you will be sure to let others know your dissatisfaction with your experience. When business is, or should be, highly prized in this economy, you would think they would be doing hand stands to keep you happy. This kind of customer service usually has me steamed. I happen to believe my money is worth more than that type of attitude would indicate!

That is irresponsible, especially for a bank employee. I have issues with my insurance company. They still use my ss for my identification number and I must furnish it everytime I see a dentist.

From a customer-service standpoint, Linda's entire interaction with you was poor and her response to your security concerns decidedly flat-footed.

From an identity theft point of view, while it certainly doesn't engender any warm-and-fuzzy feelings knowing your (misspelled) name and SSN are in a spiral-bound notebook, the odds are your name and SSN have found their way onto other scraps of paper over the years without incident. At this point it's rare that identity theft happens from people stealing briefcases or people going through trash. Your greater risks for identity theft are organized groups stealing databases, or friends/relatives who have access to your home or mail. (43% of identity theft is done by someone who knows you, like a drug-addicted relative.) http://www.idtheftmostwanted.org/artman2/publish/lib_survey/Press_Releas...

I think you should find a different bank. No professional financial institution handles customers' financial data in such a careless manner - at least not the good ones. Most banks in the 21st century enter your information into encrypted computers.

If that was my situation, I would surely move banks. I understand keeping a hard copy of client information for records is standard procedure, as I do this with my customers all of the time, but social security numbers and other sensitive information should never be stored as a hard copy, and especially not the ONLY copy.

You can call FINRA and report this practice to them. Be sure to tell them the full legal name of the employee and the address of the bank that you go to. I doubt such practices are legal..and if they are, they are surely unethical.

http://www.usbank.com/cgi_w/cfm/about/privacy/consumer_privacy.cfm

Specifically:

"We Protect the Confidentiality and Security of the Information We Gather
We restrict access to personal information about you to those employees we have determined need to know that information to provide products and services to you. We maintain physical, electronic, and procedural safeguards to keep information about you safe."

I work in IT, so data security is an important focus of my job. Like you, I am also slow to tell someone else how to do their job. However, if I had seen the notebook you described, I would have immediately asked for the manager, and watched as he or she shredded that page. I would have then filed a formal complaint with the branch, and coporate offices. If they responded with the same attitude that she took when you politely approached her about this, I would have closed all of my accounts within the week.

Banks and other oganizations are required to report to customers when there has been a data breach that might have contained their personal information. How would she know which customers information had been lost, when she couldn't even remember a conversation from a week earlier.

You guys are so nice to provide feedback! Glad to know that I'm not entirely paranoid. I actually did ask to speak to the manager. I left several messages, and finally drove back to the bank and asked to see her. She was on a conference call and I said that I would wait until she was done. It was pretty clear that the other employees knew what was up, because there wasn't much in the way of cooperation there.

The best I could get was the assistant manager, and he assured me that Linda's behavior was standard and that I had no need to be worried, and that HE wrote down confidential information all the time.

It's tough to switch banks, though, because US Bank holds my mortgage. So it's a matter of refinancing to get a better bank, and that takes some serious time! The manager of the bank hasn't called me back yet, and it has been several days, so... oh, well. Time to move institutions, I guess.

The Gramm Leach Bliley Act is the law related to privacy protection in the private sectors of banking and insurance. It states that there must be policies in place to protect information from foreseeable threats in security. How your bank complies should be outlined in their privacy notice that you should get once a year. This wikipeia page has a pretty good overview: http://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act#Privacy.

This person's methods don't seem in keeping with the Act. As an insurance professional, my company requires me to keep any docs with policyholder info in the office, and to shred them when I'm done with them. Anything that goes out of the office has to be transmitted and received through our secure e-mail or management systems. Every employee and contractor we work with has to sign off that they understand the act and will abide by our privacy regulations.

I hope this helps you understand the potential illegality of Linda's actions. In my opinion, they should violate the bank's privacy and security policies- and if they don't, it would seem the bank is not in compliance with the GLBA.

You have every reason to be concerned. I work for an agency that, while not a bank, takes down customer's SSNs on a regular basis. They can be written down on post-it-notes, notebooks, anything. There are no standards for that.

It is only in the last year or two that we've implemented a clean desk policy requiring that ANY piece of paper with any personal info on it must be shredded or locked up at the end of every day. And WE don't even do the shredding. All shred bins are emptied into LOCKED trash bins that are weekly or monthly picked up by a contracted shredding company.

Many companies are just now starting to understand how easy data like this is to steal. Any janitor, spouse or building maintenance person could walk by and grab hundreds of SSNs off our desks.

So the concept of a clean desk policy is relatively new to a lot of companies. I'd imagine there are a lot of technophobes and dinosaurs out there who simply don't understand the necessity and it's generally seen to be the domain of the IT department.

LOL! It really didn't resemble a starfish, other than being ever-so-vaguely star-shaped. I don't tend to talk with the ellipticals, although I can see why it would appear that way.

Wow, I'd be looking into a new bank, too! Linda's actions do not inspire confidence, and her manager's reaction would be the confirmation that it is time to move my business.

Just wanted to add, legality and personal security issues aside, once you called and let her know you were uncomfortable it was very poor customer service for her to brush aside your concerns. Ridiculous.

Similar situation - I was tempted by the ads into checking my car insurance rates online. I foolishly fed my information onto a form, expecting to have an opportunity to compare rates of a few agencies. None were demonstrably better than my current insurer. Then several months later I got a form letter from a local agent, apologizing because HIS laptop had been stolen from inside his office. He went on to say that the laptop was loaded up with personal information, including SSNs for all kinds of people, even people who were not his clients but who may have requested quotes from him. The tone of the letter was very blase, especially considering that the dreaded theft had already occurred. That's the last time I'll avail myself of the convenience of quick online comparison shopping without knowing who is offering the quote.

File a complaint with your state's attorney general. US Bank is clearly in violation of privacy laws.

You should absolutely be concerned about this behavior - if you don't switch banks, at least file a formal complaint.

In this day and age, there's no excuse for a national financial institution to not have secured software that these types of notes can be entered. Even so, writing things down on paper may make sense at times - when I was in the banking industry, I did write sensitive things down on paper on occasion, but I was a lot more careful than to carry those around with me - the notepad would never leave my locked desk (in a secure building), and I would shred the sheets on a regular basis, once I was done with them.

I've taken the policy of never giving out my social security number to anyone except government offices and never giving out my home address, ever. When asked I simply say, "Oh, I'm sorry, I can't give out my address to strangers."

I didn't even give my address to the DMV. When they demanded it, I pulled out a piece of notebook paper, pen poised, and asked the clerk for her home address, SSN, and home phone number. She grunted and put in my mailing address without further comment.

At one point, when purchasing a trailer, a car dealership demanded my home address. I told them they couldn't possible have a use for it since they wouldn't be coming to my house in person, would they? Of course not. And they can't deliver mail to my house. Why not? We blew up the mailbox for fun. That gave them pause.

It's a new world, demanding every bit of data you won't hold onto with an iron grip, but a lot of times, a simple "I'm sorry, but I can't... what can we do instead?" helps quite a bit. And when that fails, acting weird can do the trick :)

I have worked for home in the past, for a company that often required social security numbers. I was required to lock my computer when away from it and shred or lock up any client identifying information-- that wasn't limited to social security #s. I occasionally had to write down social security #s, but I was required to keep the information secure. Granted, there is no *guarantee* that no one would break in my house and break into my locked drawer and steal information that wasn't shredded, but there really aren't guarantees with most things in life. However, I was required as part of my job to do my part to keep that information safe and secure. If Linda, while going from bank to bank, needed to bring personal information like that with her from place to place, she had to try to keep it secure. If the notebook was in a locked briefcase, she may believe that she *is* doing that. But if she's just got it in her purse or an unlocked briefcase, that's not all she can do.

I haven't ever worked in the banking industry, but I wonder how long she expected to need that information-- from you or from anyone else. I can't imagine needing that information for longer than it would take to fill in an application or look something up on their secure website. Then the paper should be shredded.

Regardless, since you weren't comfortable with your information being on that page, she should have cut your information off the page and shredded your information. Sounds like someone who just isn't that organized, and I wouldn't want my information in the hands of someone like that, for it is quite EASY for it to get lost, misplaced, or mishandled.

The fact that the other people you voiced your concerns to responded defenisvely instead of trying to make the customer happy (I mean, it's not like your request was unrealistic or even DIFFICULT!), speaks very negatively of your local US Bank. Perhaps other branches would treat you (and your private personal information) better, but I don't know that I'd take that risk.

First of all I want to say that I agree that this is an unacceptable way to use and carry customer data.

I work in a business that deals with ssn's all day long and while it is very important to protect these numbers, people in my industry almost become de-sensitized to it.

I give out my ssn only if I called a company that I already do business with and I called them. I would never give it out to someone who called me or to a new business I did not already deal with. Common sense I think.

I also believe that while it would be a pain in the rear to have your identity stolen, God is in control of everything, even my private data. If I am going to have my ssn or identity stolen, that is within His control and He will still provide for us and get us through the situation.

And one last thing, I think the previous poster Wulf and a few others are overly worried. Since when has your address been sensitive data? I understand not giving out your date of birth and ssn but I think some people are far too paranoid. Again, I have a peace with not being overly worried about the small things because God is in control.

I would find a new bank if I were you!

No bank employee should ever be carrying around customer's personal information. I've been working in the banking industry for years, and the only time I write down personal information is when I'm talking to someone on the phone: I might write down their social or account number, but I promptly shred them as soon as I'm finished. All other files and paperwork are kept under lock and key at all times unless they are actually in use, being looked up by an employee. You were right to confront them, unfortunately some people just don't realize or don't care what a security risk people's information can be. In my opinion, the customer's information is more valuable than the cash in the vault: the cash is insured, but what about your credit and reputation? I'm sorry you had to deal with such terrible service!

The bank would fall under the rules of the Banking Modernization Act of 1999 alao known a the Grahm Leach Bliley Act or GLB.

This Federal law specifies what infomration needs to be secured and how to secure it. For instance, banks cannot use just any encryption for email or account information. It must comply with the Federal Information Processing (FIPS) rules. At the very least, SSN infomration printed or written down needs to be "Redacted". This is where only the last 4 digits of the SSN are written or displayed on terminals. Walking around with customer account information or SSN's is currently illegal. Even if it's on a laptop. If the files on the laptop are in compliance with FIPS standards, then that would be in compliance. Written on a note pad in someone's purse is not in compliance.

You bank agent is clearly not in compliance with GLB or FIPS and you can file a complaint with federal government. I wouldn't file with the state AG because GLB and FIPS is specifically Federal. Your state may have additional rules as well and would be quicker to respond than the Federal Gov't.

i THINK YOU over reacted grossly. WE're people, not robots. We take notes, make priority lists, do our jobs. If a 'customer' of mine asked for a sheet of my notebook back, I'd give it to her and she'd be the butt of every joke in my industry for years. Let people do their jobs. This lady was not going to steal your SSN. How naive (yes, too lazy to look up the spelling.) You have no idea how many companies have access to your mortgage info. Ever wonder why you get mailings about new kitchens right after you settle on a house? It's all down there at the courthouse for anyone to read. Many localities keep your SSN on their registered voter list and anyone willing to pay the money to buy the list can get it.