At C/Net, Daniel Terdiman wrote a good blog post about a lax data security habit many consumers are guilty of. On January 1, Daniel received several "Happy birthday" messages from Facebook and from several people connected with him on Facebook. Daniel's actual birthday is not January 1st. Here's what's up:
"When I signed up for Facebook, I entered my birthday, as I often do on Web sites that ask for it, as January 1. I do that because it's easy for me to remember, because it's sort of close to my real birthday, and most importantly, because there's no way I'm giving a Web site my real birthday. Hello! Identity theft, anyone? In the past, this has never come back to me in any way... But with a site like Facebook... it obviously does come up, and it makes me wonder. Do most people put in their real birthday? Don't they worry about the consequences?"
I agree with Daniel. Regardless of what companies claim, data breaches happen. Plus, a consumer's birth date is a highly valuable piece of sensitive personal data which identity thieves love to steal. Why? Consumers' real birth dates are a way for identity thieves to distinguish between several people with the exact same name -- especially when buying and selling stolen personal data.
And, identity thieves can use real birth dates to answer challenge questions when trying to break into consumers' banking and financial accounts -- by phone or online (if a Web site is foolish enough to use birth date as a challenge question during sign-in).
My rule of thumb: if a company's web site is not giving me a paycheck, then they don't get my real birth date. While there are public databases (e.g., drivers registration, property records, etc.) that include consumers' birth dates, I still have a choice about when and where to disclose my sensitive personal data.
My advice to consumers: