For a while now, I have been following what I consider three very important legal cases in Costa Rica. At first it appeared this week that the Costa Rica government has taken its first steps to help prevent ID thief, may not be so.
As more and more Costa Rican’s surf the internet, get involved in online transactions and personal matters like buying property, getting a drivers license etc, they start to become nothing but a number in someone’s data base. With that said, they NOW are more appealing to ID thief than ever before.
Everyone in Costa Rica, including expats, are being systematically logged into databases and the information is fairly easy to get by everyone, including those with malicious intentions. The problem is lack of security and [no offense] Costa Rican’s themselves who are very trusting in nature.
ID thief is a world wide problem, last year $220 billion was lost. Last year, 20 million Americans were victims who spend from 3 to 5,840 hours repairing damage done by identity theft. We are talking a serious problem and, unless the government steps up their efforts by providing credit guidelines for consumer protection, Costa Rica is on the verge of an epidemic in ID thief and cyber crime.
Even if Costa Rica is more advance in credit technology than their Latin American neighbors, it was only a few years ago personal data reporting was new, so if something is not done, the learning curve could have disasters effects.
The major players in the credit-reporting services are Datum.net, Cero Riesgo S.A., Protectora de Crédito Comercial S.A., and Trans Union Costa Rica. Like the US, these companies provide credit and personal information for free or charge a fee, which vary between $7US a request, to a fix fee of $150US/month.
As these companies and others accumulate personal data, they started to report those credit ratings to companies for employment, lawyers, financial institutions and to the government.
The two problems, “How good is the security to protect this personal data?” And what steps are being taken to protect this information?
Answers: 1) Not good, 2) Very little or none.
Let’s take Playas del Coco’s residents for example, who have been battling a water problem for the last few years. There are huge water leaks, and water service is always being shut down. Money that is collected to pay for public services does not go back into the community for repair work or technology updates, but to San Jose, where officials return only to pay expenses and salaries of the employees. They have outdated computers, with 1000s of accounts that has become an open book to those with malicious intentions.
If there is no money to repair aging services, there is definitely no money to protect the resident’s personal accounts from a computer hacker.
But getting back, this week and after three separate appeal cases, The Sala IV finally acted against credit reporting companies in what personal information they can provide.
The court ordered the companies to eliminate the data on three individuals that had filed complains where, personal information was given to others, claiming, a violation of intimacy, privacy, personal liberty and free use of information. It is very clear that these individuals wanted to protect their personal data.
However, the problem is the Poder Judicial did not say how broad was the court ruling, meaning, these decisions MAY refer only to the individuals who brought the case and is not general policy. Interesting!
In laymen terms, Cero Riesgo will continue to sell its public information available in bits and pieces from the Registro Civil and the Registro Nacional. Even the Instituto Nacional de Seguros (National Insurance) keeps a list of vehicles and their plate numbers by name of owner. Telephone numbers and their owners are available for free downloading from the Instituto Costarricense de Electricidad (ICE).
What Cero Riesgo claims, it ONLY produces is valuable information to lawyers, news people and even investigators, which is not so, they will also provide that to anyone (for a fee), which includes, hackers. Their data bases can show family relationships, as does the data base at the Registro Civil. Their credit records show employers and former employers, report salaries and wages and in some cases, financial payments with account numbers. There also is information on criminal and civil court cases. Most of the information comes from naive individuals who disclose to much personal information when they seek loans, apply for credit cards, and setting up utilities accounts.
Another major problem, Costa Rica is a country where every citizen and legal foreigner has an identifying number. That, too, is in the public records, where in the US (Social Security Number) that information is protected to its best from public viewing.
Companies like Radiográfica Costarricense S.A., the Internet Company, just signed an agreement with the immigration agency to provide data about legal foreigners online for a fee.
In other words, would you want your account numbers from Banco Central de Costa Rica to be easily obtained by Cero Riesgo or any other credit company to be available to download from Registro Nacional or any other government agency?
I don’t think so!
Comunicado Oficial Cero Riesgo S.A. Con relación al Voto de la Sala Constitucional al que se hace referencia en… http://bit.ly/byqxuZ
Obviously, ICE is going to learn to provide high security encryption to it’s subscribers the same way they learned in the U.S., by having to pay to defend a big lawsuit or pay damages. The credit reporting agencies have no stake in keeping your information safe, it is a commodity to be sold to the highest bidder.
Keep everything including your utilities in an S.A., that may deter the thieves from identity theft for a little while.