Custom Search

December 31, 2009

PC World's identifies the top ten security nightmares from the past ten years

Interesting article from PC World about the Top Ten Computer Security Nightmares of the past decade.  Scary how far we've come in the past ten years.  Here's the article - http://www.pcworld.com/article/185227/top_10_security_nightmares_of_the_decade.html

PC World has been around forever ... at least in terms of the computer age.  I remember my first computer.  It was actually my dad's.  Not sure the year, I was just a kid.  But he subscribed to PC World back then.  And they would print the BASIC code (BASIC was an early computer language) for a simple computer program.  My ten year old self would spend hours typing in every line of the program.  One small mistake and the program would not run properly.  All that work, just to make the screen flash different colors ... or to repeatedly print my name in alternating colors.  Those were good times.  Wish my Dad was here now to see what the computers he first turned me on to can do.

December 28, 2009

Countrywide settles class action lawsuit for mere "slap on the wrist"

What a crock.  Countrywide, who allowed a rogue employee to steal the personal information of over 17 million of its customers (me included), has achieved preliminary court approval for its settlement of a class action lawsuit filed against it.  The proposed settlement - Countrywide (now owned by Bank of America) - gives each of the potential victims a wopping settlement of ... drum roll please ... free credit monitoring!  Whoo whoo, go cash that voucher in quick, its worth sooooo much more than your good name!  Can you smell the sarcasm?!

What a joke of a settlement.  I for one will be opting out.  Don't know if I will sue separately yet or not, may even be past the statute of limitations, but I am definitely not going to accept free credit monitoring in settlement of anything.

Oh, the settlement does provide for up to $50,000 for anyone that can prove their identity was stolen as a result of Countrywide's data breach but, surprise surprise, no one's been able to meet Bank of America's burden of proof on that one yet.  Not that $50,000 is much for an identity theft victim.  I fairly routinely get multiples of that for my clients. 

Shirley Norton, a spokeswoman for Bank of America, said the settlement is “in the bank's best interest” to avoid additional legal expenses. "We look forward to moving ahead with the settlement,” Norton said.  I bet they are, given the favorable terms of the settlement for BOA.


Luckily, there is a fairness hearing set for July.  Maybe someone can step forward and convince U.S. District Judge Thomas Russell of Kentucky to stop this lunacy and reinstate the lawsuit so the injured consumers can get some real relief.

Red Flags Rule just can't seem to reach the checkered flag

In 2003, Congress passed amendments to the Fair Credit Reporting Act.  One of the changes was a requirement for business that met a certain definition to implement procedures to prevent identity theft.  The procedures were dubbed the "Red Flags Rule".  Congress gave the businesses that met the definition of creditor until November 2008 (yes, five whole years, longer than a term in office for the President) to create and implement the Red Flags Rules.  Shouldn't be too hard, just some common sense things to watch out for that might indicate that an identity thief is trying to pull a fast one. 

Apparently, the creditors sat on their hands for the first five years, because right at the deadline, the creditors started seeking an extension of the deadline to implement the Red Flags Rule.  And they got the extension.  And another one, and another one and (I think) another extension (quite frankly, I've lost count).  The latest Red Flags Rule implementation date was January 1, 2010.  That was the new date, until Congress just extended it yet again ... this time all the way to June 1, 2010.  So this law, seven years after it was enacted, has yet to take effect. 

The Red Flags Rule is supposed to get companies to train all their employees (not just their handful of "fraud specialists" who aren't even contacted until after the proverbial excrement hits the fan) on how to spot the warning signs of identity theft (i.e. the red flags that would tip off a person of normal intelligence).  From my 10 plus years of representing consumers in litigation against banks, credit card companies and the credit bureaus, I have learned one important, nearly universal fact ... the vast number of people that work for corporations check their common sense at the door when they report to work every morning.  Most corporate clones are paid the same no matter the quality of their work.  So most don't go out of their way to do a good job.  As said by the main character of the movie Office Space, they just simply work hard enough not to get fired. 

What's worse is that these corporate cronies follow the all mighty "policies and procedures" of their corporate employers, which are usually written by corporate higher ups with no idea how things are done at ground level.  I swear, I think if the corporate policy said to murder all customers who complained of a certain widget, the streets would be filled with blood.  I know the employees possess common sense, they just seem to leave it at home.  The bottom line is ... most corporate employees just don't care about what they are doing. 

This is why, time and time again, I see corporate employees ignore the obvious signs of identity theft, signs even my most under educated clients easily spot and, as a result, prolong the nightmare that is identity theft.  For this reason, the prevention procedures required by the Red Flags Rule are critical to consumers all across the nation.  Yet, these consumers, lacking the beneft of the lobbyists employed by the corporate sector, are repeatedly getting the shaft by the continued delay allowed by Congress.  Maybe by the time my 2 year old gets his first credit card, some measure of the Red Flags Rule might be implemented.  But, unlike my 2 year old when he's mad, I'm not holding my breath.

December 23, 2009

Department of Justice's nationwide effort nabs another identity thief

A Tennessee federal grand jury has indicted an alleged identity thief as a part of the Department of Justice's nationwide effort to identify and prosecute those responsible for mortgage and other fraud against lending institutions. 

Jerome Henderson, Jr. of Clarksville, Tennessee was indicted last week for aggravated identity theft, bank fraud and social security number misuse.  According to the indictment, from March 2005 to May 2007, Henderson submitted multiple fraudulent loan applications to various lenders and financial institutions for the purchase of property in the Nashville area.  The indictment further alleges that Henderson forged documents as part of his scheme, including false social security numbers, a forged Army Contractor Badge, forged W-2 forms, and other forged documents, which he attached to mortgage loan applications and submitted to lenders. In addition, Henderson created false bank statements that showed fictitious direct deposit amounts into accounts bearing his name, and containing a bogus physical address.

Henderson faces up to 32 years in prison and a $1,000,000 fine.

December 22, 2009

Identity theft victim charged with crime

Imagine finding out there is an arrest warrant with your name on it.  As if that's not bad enough, imagine that your name is on the arrest warrant not because you committed a crime but because you are a victim of one.

That's exactly what happened to Anna Greer of Bakersfield, California.  Apparently, a woman committed a crime and, when caught by the police, identified herself using Anna Greer's name and other personal identifiers.  Even though police were able to later determine that the suspect was not really Anna Greer, Anna Greer's name is now listed as an alias for the criminal in criminal databases.

So, even though the charges against "Greer" were dismissed, the felony charges still show up when a search of her name is performed.  In fact, that's how Greer learned of the warrant out for "her" arrest.  The online court records for Kern County, California show Greer as having once been charged for receiving stolen property and forgery.  Even though both charges were dismissed, both still make it look like Greer was at least charged with both crimes, even though it was in reality her identity thief that was charged.

After much hard work on her part, Greer's name is still tied to both crimes, but she now has a letter from the judge that states she is a victim of identity theft and "was not the person suspected of and charged with check forgery and receiving stolen property."  But online viewers do not see this letter.

This is a common problem when criminals are caught and give someone else's name or SSN to the police.  I once had a person come to me in Mississippi with this problem and, despite the sheriff that arrested the real perp writing letters on his behalf, even I could not get his name off the criminal database for Mississippi, since the criminal did give his name as an alias.

This is a huge problem, particularly when seeking employment.  When asked whether you have ever been charged with a felony, how do you respond?  If you respond truthfully by indicating no, then a search of the public records by your potential employer may make you appear to be a liar and criminal.  But explaining the error just opens up a whole can of worms for you and your potential employer.

Maybe Congress will one day enact some legislation to fix this problem.

December 21, 2009

Identity theft rocks the world of Rock & Roll

Even the world of rock and roll is not immune to identity theft.  And, no, I'm not talking about Elvis impersonators. 

Eric Valentine, a music producer who has worked with Maroon 5 and Queens of the Stone Age, has filed a lawsuit against one of his associates for allegedly impersonating him in an attempt to land recording jobs.

The lawsuit, filed in Los Angeles Superior Court on December 8, alleges that one Louis Adkinson has been using Valentine's name to sign deals with artists.  One such artist was Mark Ballas of Dancing with the Stars.

Adkinson's brother manages Valentine's L.A. studio.  The lawsuit claims that Adkinson broke into Valentine's office and stole a commemorative plaque regarding his work on the soundtrack of the movie Shrek.  He even had photos on his phone of himself holding up the commemorative plaque in Valetine's office, which he showed to potential victims such as Ballas.

Dionne Warwick's son, Damon Elliot, is alleged to have conspired with Adkinson "to misappropriate and trade off the good will of Valentine's name and use that name to steal from musicians and others who wanted to work with Valentine".

According to Ballas, Adkinson had him fooled for the first week or so, but the scheme unraveled when it became clear that Adkinson did not have any musical knowledge.  Said Ballas, "He didn't know a C chord.  He didn't know anything."

December 17, 2009

Yes, I'm vain.

Someone once told me that vain people like to google their own names.  Guess I'm ultra vain then, since I have a google alert set up to google my name for me.  (BTW, google alerts are great.  I  have alerts set up to e-mail me whenever new content appears on the web regarding Experian, Equifax, Trans Union, identity theft and the FCRA.  Pretty nifty.) 

The reason (other than vanity) I have a google alert for my name is that there is such a thing as social network identity theft, where someone steals your online identity (i.e. opens a facebook page under your name, etc.)  Supposedly, if someone tried to do this, my google alert would inform me and I could then take action. 

But what the google alert on my name did today was remind me of a great article by Kiplinger's magazine from 2004 about mixed files.  The article mentions me and my first of many mixed file cases against Equifax.  Here's the link to the article - http://books.google.com/books?id=fv4DAAAAMBAJ&pg=PA74&lpg=PA74&dq=%22Christopher+Kittell%22&source=bl&ots=J290Ry68kW&sig=xCmlbIMSJ242cW8k_xgst1ljAkk&hl=en#v=onepage&q=%22Christopher%20Kittell%22&f=false

Now, you must excuse me.  I've got to get back to googling my name while looking in the mirror.

December 16, 2009

Colorado Supreme Court ruled that evidence of identity theft found during search of tax records office was illegal

In a 4 to 3 decision, the Colorado Supreme Court ruled that a prosecutor's search of 5,000 tax files while looking for evidence of identity theft by illegal immigrants was an invasion of privacy.  In so doing, the Colorado Supreme Court upheld a lower court's ruling.

Last year, a Weld County, Colorado district attorney served a search warrant on Amalia's Translation and Tax Service in Greeley, Colorado, which is located about 60 miles from Denver.  What prosecutors were after were any instances where illegal immigrants had used someone else's Social Security numbers on their tax returns.

Advocates of both privacy and immigrants called the search intrusive and, eventually, a lower court agreed.  But not before approximately 30 illegal immigrants had plead guilty to identity theft and turned over to authorities to be deported. 

"A taxpayer has a reasonable expectation of privacy in his or her tax returns and return information, even when that information is in the custody of a tax preparer," Justice Michael L. Bender wrote in the court's opinion.

Even Time's Person of the Year is vulnerable to identity theft

Remember me blogging earlier this year about the theft of the identity of Federal Reserve Chairman Ben Bernanke's wife?  Well, Time just named him their Person of the Year for 2009.  Here's a link to the article - http://www.time.com/time/specials/packages/article/0,28804,1946375_1947251,00.html.  Sounds like he's deserving of the honor.

December 15, 2009

Explanation of 15 U.S.C. 1681g

This is part one of my explanation of 15 U.S.C. 1681g of the Fair Credit Reporting Act.

"Section 609.  Disclosures to consumers [15 U.S.C. 1681g]

(a)  Information on file; sources; report recipients.  Every consumer reporting agency shall, upon request, and subject to 610(a)(1) [Section 1681h], clearly and accurately disclose to the consumer:

(1)  All information in the consumer's file at the time of the request except that --

(A)  if the consumer to whom the file relates requests that the first 5 digits of the social security number (or similar identification number) of the consumer not be included in the disclosure and the consumer reporting agency has received appropriate proof of the identity of the requester, the consumer reporting agency shall so truncate such number in such disclosures; and

(B)  nothing in this paragraph shall be construed to require a consumer reporting agency to disclose to a consumer any information concerning credit scores or any other risk scores or predictors relating to the consumer."

[This is an important section for consumers as it requires the credit bureaus to disclose to you, the consumer, your entire credit file upon request.  This can become important in litigation, particularly in mixed file cases, because the credit bureau typically provides consumers a report that contains credit information that exactly matches the identifiers of the consumer, while the same credit bureau will provide credit reports to third parties utilizing a looser matching logic which often results in more credit information being provided to third parties than to the consumer.  Since the additional information is considered part of the consumer's credit file, the credit bureau violates this section when it fails to disclose the additional information to the consumer.

The other part of this section allows the credit bureau not to disclose information regarding its credit score model as well as the first 5 digits of the consumer's Social Security number if the consumer has opted to truncate the SSN.]

"(2)  The sources of the information; except that the sources of the information acquired solely for use in preparing an investigative consumer report and actually use for no other purpose need not be disclosed: Provided, That in the event an action is brought under this title, such sources shall be available to the plaintiff under appropriate discovery procedures in the court in which the action is brought."

[This section requires the credit bureaus to identify the sources of the credit information they report regarding consumers.  This is important so that consumers know the identity of the companies that are reporting information about them and, if needed, can use that information to dispute directly to the funisher of the credit information.]

"(3)(A)  Identification of each person (including each end-user identified under section 607(e)(1) [Section 1681e]) that procured a consumer report

(i)  for employment purposes, during the 2-year period preceding the date on which the request is made; or

(ii)  for any purpose, during the 1-year period preceding the date on which the request is made."

[This is the section that results in the inquiry section of the credit report.  Inquiries are records of who accesses a consumer's credit report and when.  I think all of the credit bureaus report inquiries for 2 years, but this section only requires them to report inquiries for 1 year, except for inquiries for employment purposes.]

"(B)  An identification of a person under subparagraph (A) shall include

(i)  the name of the person or, if applicable, the trade name (written in full) under which such person conducts business; and

(ii)  upon request of the consumer, the address and telephone number of the person."

[This section just defines what the credit bureaus must include to identify the company accessing the credit report.  This section also requires the credit bureaus to provide the address and telephone number of the companies making the inquiries upon request.]

"(C)  Subparagraph (A) does not apply if --

(i)  the end user is an agency or department of the United States Government that procures the report form the person for purposes of determining the eligibility of the consumer to whom the report relates to receive access or continued access to classified information (as defined in section 604(b)(4)(E)(i)); and

(ii)  the head of the agency or department makes a written finding as prescribed under section 604(b)(4)(A)."

[This section exempts from required disclosure the identity of the user accessing the credit report when the user is an agency or department of the U.S. government but only if the report is obtained to determine the consumer's eligibility for access or continued access to classified information.]

That's part one of my explanation of 1681g.  I will continue with part two in the near future.

Syracuse, New York attorney charged with identity theft

Prosecutors have charged New York attorney Bonnie Strunk with stealing the identity of her law partner's husband, which she allegedly used to open a fraudulent credit card account.  Strunk is also charged with felony tax fraud.

Strunk was initially charged in May with felony counts of third-degree grand larceny and first-degree identity theft involving allegations she used the name of Dr. Robert Seidenberg – the husband of her long-time law partner, Faith Seidenberg – to open a Capital One MasterCard account.  Strunk allegedly used the credit card to pay over $17,000 in veterinary bills from Georgia, Paypal accounts in California and airline tickets on JetBlue.


Now she has been charged for failing to file a 2008 tax return when she had a tax liability of over $11,000.  Strunk is allegedly attempting to negotiate a plea deal.

Identity thief no real "princess"

Memphian Princess Bland has been arrested for identity theft.  Shelby County, Tennessee authorities searched the north Memphis home of Princess Bland and found the names, Social Security numbers and even tax records of Bland's alleged victims from all over the United States.  Authorities claim that Bland was using these identities of 26 people to purchase items over the internet.

All 26 victims are over the age of 55 and did not know their identities had been stolen.  Bland allegedly used their identities to purchase over $17,000 worth of computers and computer accessories from computer manufacturer Dell.  Bland, however, made the mistake of using the same e-mail address on all the purchases, which tipped off Dell's fraud investigators.  Dell then contacted the appropriate authorities.

According to Memphis authorities, Bland was a supervisor of an unnamed company and used her position to obtain her victims' information. The company should be looked into for its hiring practices, as Bland was no "princess", as she had an extensive criminal history of identity theft and theft in general.  Had the company done its homework, 26 people would not have become victims. 

The first 6 victims investigated have not been from the Memphis area.  The authorities are still waiting on the list identifying the other 20 victims.

Authorities believe that Bland did not act alone and that she also used the victims' identities to open department store credit cards.  Bland's victims, if they read this, should contact an attorney in my line of work.  If you need help, please feel free to contact me at ckittell@merkel-cocke.com and I will do my best to assist you or find an attorney in your area that is also experienced in this type of case.

December 14, 2009

Don't be fooled by "free" credit report offers

As I have blogged about previously, there are a lot of companies that offer "free" credit reports ... that aren't really free.  There's always a catch.  You'll even from time to time see their ads pop up on this website.  I do my best to block them but, unfortunately like the multi headed hydra of mythology, as soon as I cut off one website, two more pop up to take their place.

The moral of the story is that there is only one place where you can go to get your truly free credit report.  That place is http://www.annualcreditreport.com/

Here is a link to an informative article that underscores what I just said and regarding efforts underway to eliminate the confusion about which credit reports are truly free and which have strings attached - http://www.snohomishtimes.com/snohomishNEWS.cfm?inc=story&newsID=926.  Happy reading.

Fake NFL player convicted of identity theft

Amadeus Harlan a.k.a. Johnny Harlan allegedly posed as a member of the NFL's Denver Broncos.  Now he'll trade his imaginary Broncos' uniform for real prison garb.  Harlan was convicted Thursday of identity theft and aggravated motor vehicle theft in Jefferson County, Colorado. 

According to prosecutors, the forty year old Harlan repeatedly posed as a professional football player for the purpose of gaining the trust of his victims, then stealing their identities to purchase expensive cars and obtain loans.  Harlan was also convicted of writing phony payroll checks to employees of his bogus business. 

Harlan is scheduled for sentencing on February 26, 2010 and faces up to 48 years in prison.

December 08, 2009

Good advice about keeping a good credit history

The article at this link is meant to advise military personnel about how to get and maintain a good credit rating, but it looks to me like good advice for any consumer.  Check it out here - http://www.dvidshub.net/?script=news/news_show.php&id=42329

December 07, 2009

Identity thief allegedly uses Ohio man's identity since 2001

Phoenix, Arizona's Marcus Jones has been indicted for identity theft and forgery.  Jones was arrested after it was allegedly discovered that he had a business, credit cards and several vehicles in the name of an Ohio man.  According to authorities, Jones had been using the Ohio man's identity since at least 2001.

The Ohio man contacted authorities after experiencing legal, financial and tax complications as a result of the alleged theft of his identity by Jones.

Trans Union mixes multiple consumers' credit histories

Here's an all too familiar story about Trans Union merging two or more consumers' credit files together.  I have seen this way too much and have represented multiple consumers against the various credit bureaus as a result of the mixed file problem caused by the credit bureaus' loose matching logic. 

Here's a link to the article - http://www.nbclosangeles.com/news/local-beat/Credit-Report-Mistakes-Cost-Consumers--78470792.html.  Ms. Martinez, if you happen to see this and need legal representation against Trans Union, please e-mail me at ckittell@merkel-cocke.com and I'll help you find one of the few competent attorneys that actually have experience in this type of case.  There are only a few of us out there.

What to do if your wallet is stolen ... and before your wallet is stolen

Pretty informative post on another blog about steps to take both before your wallet is stolen and after your wallet is stolen.  Check it out - http://clixbanker.com/?p=1761.

December 02, 2009

H1N1 identity theft e-mail phishing scam

As if the swine flu virus wasn't bad enough, now identity thieves are using it to their advantage.  Scammers are using e-mails offering a "Personal H1N1 Vaccination Profile".  The e-mail scam appears to come from the Center for Disease Control and actually uses a pretty good (but still fake) version of the U.S. Department of Health and Human Services logo. 

The e-mail tries to dupe the reader into clicking on a link to a separate site, ostensibly to set up a profile containing the reader's name, contact details, and personal medical history.  A screen shot of the picture is below:




The website has several links that all will download a file which probably contaisn some malicious code which would do Lord knows what to your computer.  The virus would probably include code to obtain your personal information from your computer.

Although the Web address in the e-mail link appears to be operated by CDC.gov (the agency's Web site), a hidden portion of the address indicates that the site is actually in Belgium.

Part 2 of explanation of 15 U.S.C. 1681e

For some reason this did not post yesterday as it was scheduled to do, so here it is:

This is part 2 of my explanation of 15 U.S.C. 1681e.  For part of the explanation, see here - http://fcralawyer.blogspot.com/2009/11/part-1-of-explanation-of-15-usc-1681e.html

"(d)  Notice to Users and Furnishers of Information

(1)  Notice requirement.   A consumer reporting agency shall provide to any person

(A)  who regularly and in the ordinary course of business furnishes information to the agency with respect to any consumer; or

(B)  to whom a consumer report is provided by the agency;

a notice of such person's responsibilities under this title."

[This section requires the credit bureaus to provide a notice (the content of which is prescribed by the FTC per (d)(2)) regarding their responsibilities to two types of entities - furnishers and users.  Furnishers are the companies that furnish information to the credit bureaus for inclusion on consumers' credit reports (i.e. the banks, credit card companies, collection agencies, etc. whose accounts make up the consumers' credit histories).  Users are the companies that buy consumers' credit reports from the credit bureaus, assuming they have a permissible purpose to gain access to the report.  A company can be both a user and furnisher regarding a consumer, although not at the same time.)

"(2)  Content of notice.  The Federal Trade Commission shall prescribe the content of notices under paragraph (1), and a consumer reporting agency shall be in compliance with this subsection if it provides a notice under paragraph (1) that is substantially similar to the Federal Trade Commission prescription under this paragraph."

[This section defines what the credit bureaus must include in the notices to furnishers and users required by (d)(1) by simply saying that the FTC will prescribe the content and the credit bureaus' notices must be substantially similar to the FTC prescribed content.]

"(e)  Procurement of Consumer Report for Resale

(1)  Disclosure.  A person may not procure a consumer report for purposes of reselling the report (or any information in the report) unless the person discloses to the consumer reporting agency that originally furnishes the report

(A)  the identity of the end-user of the report (or information); and

(B)  each persmissible purpose under section 604 [Section 1681b] for which the report is furnished to the end-user of the report (or information)."

[This section applies to resellers of credit reports.  Before it can resell the report (or any information in the report), the company reselling the report must identify who the report is ultimately being sold to and provide each and every permissible purpose used in obtaining the credit report.  These disclosures are required to be made to the credit bureaus selling the report to the reseller, not to the consumer whose information is being sold.  Although I have seen on at least one credit bureaus' reports to consumers that they list the end user who ultimately gets the resold report as part of the inquiry.]

"(2)  Responsibilities of procurers for resale.  A person who procures a consumer report for purposes of reselling the report (or any information in the report) shall

(A)  establish and comply with reasonable procedures designed to ensure that the report (or information) is resold by the person only for a purpose for which the report may be furnished under section 604 [Section 1681b], including by requiring that each person to which the report (or information) is resold and that resells or provides the report (or information) to any other person

(i)  identifies each end user of the resold report (or information);

(ii)  certifies each purpose for which the report (or information) will be used; and

(iii)  certifies that the report (or information) will be used for no other purpose; and

(B)  before reselling the report, make reasonable efforts to verify the identifications and certifications made under subparagraph (A)."

[This section simply attempts to keep resold reports from being sold for impermissible purposes.  It requires the reseller to identify the ultimate end user of the credit report, certify each permissible purpose used to obtain the credit report and certify that the credit report won't be used for any other purpose (permissible or not).]

"(3)  Resale of consumer report to a federal agency or department.  Notwithstanding paragraph (1) or (2), a person who procures a consumer report for purposes of reselling the report (or any information in the report) shall not disclose the identity of the end-user of the report under paragraph (1) or (2) if -

(A)  the end user is an agency or department of the United States Government which procures the report from the person for purposes of determining the eligibility of the consumer concerned to receive access or continued access to classified information (as defined in section 604(b)(4)(E)(i)); and

(B)  the agency or department certifies in writing to the person reselling the report that nondisclosure is necessary to protect classified information or the safety of persons employed by or contracting with, or undergoing investigation for work or contracting with the agency or department."

[This section exempts from the end user disclosure requirements of (d)(1) and (2) where the end user is a U.S. agency or department and the report is used for determing whether the consumer should get or continue to have access to classified information and where the agency or department certifies that nondisclosure is required to protect any classified information or safety of employees of the agency or department.]

This concludes my explanation of 15 U.S.C. 1681e.

December 01, 2009

Good primer regarding preventing ID theft while shopping online

For those of you who like to shop online (i.e. my wife), here's a good article about how to prevent your identity from getting stolen while doing your online Christmas shopping this year:
Online shopping might be a convenient way to tackle your holiday gift list, but is your money really safe in cyber space? Experts offer some tips to safeguard your personal information.

"There's different shapes and forms that they can rob you," says Cesar Fazz, Security Manager for AEA Federal Credit Union. The recently-retired police lieutenant also knows scammers will do anything to steal your money.

"You've got to look at the address on there and look at the sites," says Faaz. Before you embark on cyber shopping, he suggests looking for a few security features.
"If you get on and they have an http address, if there's an 's' usually after that, that usually means it's a secure website." Look for the "s" when you access a web page asking you for personal information such as your credit card number.

Also watch out for a yellow lock icon.
"All that means is that the information is being sent from you, the buyer, to the website that that information is being encrypted and so forth," explains Faaz.

Those features are not fool-proof. Fazz says consumers need to first update all anti-virus software. That's because some viruses will install a program to record everything you type.
"It'll get a virus on your computer and then they're able to either see or record those keys that you're pushing like your password."

Finally forget email links. Manually type in the retailer's web address to avoid being routed to a scam site.
No measure will keep you absolutely safe from identity theft, so experts suggest you read your credit card statements to make sure you didn't become a victim without even knowing it.
 The original article can be found here, at Yuma, AZ's KSWT Channel 13's website - http://www.kswt.com/Global/story.asp?S=11602781.

Explanation of 15 U.S.C. 1681f of the Fair Credit Reporting Act

Below I continue my explanation of each section of the Fair Credit Reporting Act by explaining 15 U.S.C. 1681f.

"Section 608.  Disclosures to governmental agencies [15 U.S.C. Section 1681f]

Notwithstanding the provisions of section 604 [Section 1681b] of this title, a consumer reporting agency may furnish identifying information respecting any consumer, limited to his name, address, former addresses, places of employment, or former places of employment, to a governmental agency."

[This section simply indicates that a credit bureau may provide the personal identifiers of a consumer to a governmental agency, whether the governmental agency has a permissible purpose pursuant to 1681b or not.  Nice to know that big brother can find out where you live, work or used to work for whatever reason they want to.  Or for no reason at all.]

I will begin my explanation of 1681g in the near future.