As we all know, over the past few years there have been a host of data breaches by entities that most of us expected would safeguard that information. The latest loss of roughly 150 million Americans' personal information is one of the most recent breaches. Certain financial institutions, healthcare facilities, accounting firms, law firms and even government agencies (including the NSA and the SEC), among others, have not been able to fully secure your or their own personal information or sensitive data.
Some governmental entities in the United States have reacted to this risk by implementing notice and other provisions to try to protect individuals. Certain foreign governments are going further, taking what might even be considered extreme actions to strengthen data security requirements (see the EU's General Data Protection Regulation that goes into effect in May 2018). Even if similar measures are enacted in the United States, you should recognize the fundamental reality that if you give personal information to anybody or any entity, including putting it on security clearance applications submitted to the government, that information is not secure.
Facing that fact, the best strategy is to assume your social security number, address, date of birth and other personal information is already available to people who shouldn't have it. If you don't now have credit monitoring/identify theft protection in place because of a prior unauthorized disclosure of your information (for example, the coverage offered by Equifax, the Office of Personnel Management, Target, etc.), you may want to retain a credit monitoring service. Before signing up, however, do your research to determine what services you are actually getting, and what you are actually paying for them.
Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.