Secret CIO: Privacy Smart And Customer Stupid

It was a beautiful summer morning, and I was looking forward to spending most of it doing odd jobs around the house. Taking a day off from work to do whatever you want soothes the soul and brightens even the gloomiest of dispositions. I decided to download my personal E-mail before starting on my project list. What happened next changed my mood and my plans.

My electronic mailbox spewed forth the usual assortment of spam, ads, and jokes forwarded by friends. One item really caught my attention. It was a missive from one of the three major credit bureaus. I was puzzled; I read it again and then a third time. It was a confirmation for a credit report request. Alarmed, I confirmed at a phone site that the contact number on the E-mail was legitimate and dialed it immediately. I was worried. Was someone trying to get my credit history or steal my identity?

The first time, I took the wrong option (none seemed to fit) in voice-mail jail and was disconnected when I punched "zero" in frustration, hoping to reach a human. When I called back, I was lucky and reached a real person after a 10-minute wait. Patiently, I explained the situation to a very polite man. He sympathized with me and apologized for the way his company had treated me. "Gee," I thought, "you're talented at your job." To show that I could give equally good phone sensitivity, I responded with, "It must be really hard to listen to complaints all day when it's not your fault that people have problems."

After a few more similar exchanges, he explained that as much as he'd like to help me, he wasn't permitted to tell me who was using my E-mail address. He did, however, say there was no risk to me since it wasn't my credit report being requested and it wasn't being mailed to my house. Evidently someone had signed up on the Web site using an incorrect E-mail address, namely mine. Heartened by his response--I had imagined the worst--I asked him to notify the person by phone or mail that the wrong E-mail address was entered. He said that, because of the bureau's privacy restrictions, there was no way customer service could contact a person without having permission to access his or her account--and there was no way to get that permission without contacting the person.

Being a helpful guy, he suggested I phone my Internet service provider. I said the ISP couldn't do anything without knowing the real E-mail address of the person, information the credit bureau wouldn't release. He allowed that was so. I also pointed out that by having my E-mail address assigned to another person, I would be barred from using my own E-mail address on his site. He sighed sympathetically. I added that if his credit bureau sent a confirming E-mail that required a response before activating an online user, there would be no such problems as the one we were discussing. He said he didn't know which department decided those things.

Because Don Quixote was a great man, I'll call the corporate headquarters of said powerful credit bureau and pursue the impossible dream of removing my E-mail address from its system and installing a rational verification process.

Of course, now that I've righteously explained the flaws in their procedures, I think I'd better find out exactly what our own are when I get back to work tomorrow.

Herbert W. Lovelace shares his experiences as CIO of a multibillion-dollar international company (changing most names, including his own, to protect the guilty). Send him E-mail at [email protected].