All around the world people are falling victim to identity theft. What is identity theft? Well at it’s most simple it is a person (other than you) who has gained access to your personal information.
This takes the form of real theft of things like your passport or Identity Document or Drivers licence, to “virtual” theft of things like usernames and passwords for things like internet banking and social media sites such as YouTube or Facebook.
In effect, a person who has your details can “virtually” become you! They can open banking accounts, withdraw funds, post comments on social media sites – in YOUR name! The list of possibilities is endless.
Now to the conundrum – especially for us South African’s. I recently visited two of my local health clubs (names withheld for the moment) because I wanted to see their facilities with a view to joining one of them.
Now, before I could even see a membership consultant I was obliged to complete a “visitor” form – which included an indemnity (in case a weight stack fell on my head or a barbell rolled over my feet while touring the facility) and asked a whole lot of questions not least of which were:
My full name.
My Physical and Postal Address
My Contact details (telephone numbers, work and home, my cellular and fax numbers..)
My Identity Document Number…
all this on the pretext of “knowing” who had entered their club(s) and for the supposed purpose of enforcing their indemnity!
I think you can see the problem…while I may not agree with the process (and I don’t) what worries me more is the amount of personal data that they collected, which begs the following questions:
How is the staff vetted before they are allowed to record and handle such sensitive information?
Are they even vetted? and if so, by whom?
What happens to that data?
Is it recorded in their IT systems, and if so, who has access to that information and what steps have been taken to safeguard that data and prevent it falling into the wrong hands?
What happens to the original form that I filled out? Is it disposed off and if so, how and by whom?
What should we do about it? In my humble opinion, we the consumer, should refuse to hand over such sensitive information to all and sundry and should ask those pertinent questions before we hand over that amount of information.
So, before you hand out personal details in the future – think…who am I handing this data too and what could they do with it? Does the organization have my interests at heart and have they taken sufficient and reasonable steps to safeguard my personal details!