You've heard it all before. Shred or burn your privacy documents.  Jealously guard your credit card numbers. Only do business with people you trust.  Don't give out your Social Security number to anyone.

Those tips are a bit like cotton candy. They look good, but when you bite in, there's not much substance.

The truth is, most privacy tips are at best, a little silly, and at worst, give you a false sense of the security. The situation seems helpless, but because people feel compelled to give advice, the same tired old tips keep getting trotted out.  But there is hope; both for better tips, and your privacy.    Chris Hoofnagle of the Electronic Privacy Information Center has been thinking about the trite advice problem for some time, and just recently posted a top 10 list of ways to enhance your personal privacy.   It's a great list, but knowing how busy y'all are, I've prioritized his list for you: Things you can and should do right now; things you can do over the next several weeks; and things you should do before the year is over.  Then I've sprinkled a few bonus tips of my own on top.  Taken together, they form a great list of digital-age New Year's resolutions.

Do it now; do it quick

1. Get your free credit report. You really, really should do this right now.  It's free!  Plus it's fun, kind of like pulling out an old high school yearbook.  Well, for some it might be a bit like pulling out an old yearbook and seeing pictures of old girlfriends you'd rather not bump into any more.  But memory lane is memory lane. Visit: https://www.annualcreditreport.com or call 1-877-322-8228.

2. Do Not Call. Don't be the last person in America on the list. Call 1-888-382-1222 or visit DoNotCall.gov. It just feels good. And it does work.

3. Credit card offers. They clutter your mailbox, and they are identity theft ticking time bombs. You can opt out of those by calling 1-888-567-8688.  You'll have to provide your Social Security number.  You can also do so at https://www.optoutprescreen.com/, but the site makes many visitors nervous, because it looks so much like a fraudulent attempt to steal personal information. Ironic.

Things to do in the next few weeks

4. Supermarket loyalty cards.  You have to have them; it's too expensive not to.  Instead, screw with them. Swap cards with friends to wreck the database. Use fake personal information.  Really, it's OK.

5. Ignore or annoy the mail marketers. Don't answer sweepstakes entries or fill out warranty cards. They are just bait for your personal information, and in some cases, for scam artists building a "sucker's list." A lot of folks have fun mailing back unsolicited credit card offers and other items stuffed with junk mail or other unpleasant things.  I don't recommend that, but it can make for some funny stories, like the bank that recently that issued a credit card in the name of "Never Waste Tree." 
 

6. Password protection.  Believe it or not, people might pretend to be you and call up companies to trick them into divulging your personal information.  So the next time you talk to any customer support folks from utility companies, phone companies, etc., ask them to add a password to your account.  Most will happily do it.

Longer-term projects
Criminals aren't the only ones taking and giving away your personal information. Companies do it too!  That's why most of the longer-term projects involve opting-out of legal (but vexing) information sharing by corporate America.   You'll have to get the right address on your own -- you'll often have luck addressing the letter to the company's "chief privacy officer."

7. Phone records. Call and ask out of "CPNI" sharing. Your cell phone or landline company may sell your calling records, (known as Customer Proprietary Network Information) to other companies.  Your consent is required, but there is disagreement over what consent means.  Better to write your provider and tell them you want out of CPNI.

8. Banking records. Your bank can sell your information unless you tell it not to.  And even when you do, your bank can still sell your information to affiliated companies. Lucky Californians, however, can even opt out of that second layer. 

9. School records. Yup, your children's schools can sell information on your kids. Write to the school board and principal and tell 'em not to.

And finally…

10. Protect that SSN.  The truth is, you're going to have to give it up at times. But don't do so without a fight.  And playing dumb can be an effective strategy.  Just say "I don't use that," and hold your ground. Or even better -- how about, "I don't know it?" 

An extra word on revealing your SSN
This last point deserves a little extra consideration.  Protecting your SSN is much easier said than done.   The other day, Hoofnagle signed up for satellite TV, and the firm he used asked for his SSN, because he was going to be leasing their decoder box -- for $5 a month. After a few days bickering, and even an offer of a $100 deposit, Hoofnagle was forced to give in and fork over his SSN.  After all, he'd already climbed on his roof and installed the dish. 

If it can happen to the experts, it can happen to you.  But the more companies are hassled by consumers, the more likely they will come up with alternative means to identify us.
In the meantime, it's a good idea to ask questions when SSN is required, such as: Who will have access to it? When will it be destroyed? What will it be used for? How will you secure it? And most important, do I have to? Companies never have the right to force you to divulge the SSN, but they do have the right to refuse to do business with you. 

Bonus tips for the advanced class
A complete reading of Hoofnagle's "Consumer Privacy Top 10" is highly recommended. Meanwhile, there are a few things I'd like to add:

1. Get all your credit reports: There are a host of other companies, like credit bureaus, that keep track of your life. Many are required to tell you what they know about you.  Grab all those old yearbooks off the shelf. This is explained in the story,  What are these companies saying about you. But for quick reference, here's some links to the important sources for:

• Auto insurance claims
• Homeowners  insurance claims
• Pre-employment screening
• Tenant history
• Medical history
• Bounced check database

2. Freeze your credit. The best ID theft protection is to make it impossible for someone to get credit in your name.  Some state laws allow you to freeze your credit; two years ago, only two states had freeze laws. Now, about a dozen do, with more scheduled to take effect next year. To see if you are eligible, click over to Consumers Union

3. The Web is your friend, not your foe. Sign up for online banking and online statements. That will keep dangerous mail out of your mailbox. It will also let you keep one eye on your accounts to check for signs of fraud.  And the best way to stop ID theft is to catch it early.   

4. Quiz customer service reps. Does the screen they're looking at give away too much information about you?  Ask simple, annoying questions like: "How do you know my credit card number?" It might be convenient, but it's also a risk. Feel free to ask any company to destroy the number after you are charged. If you trust the company, and you think it saves time, let them keep it – but do so judiciously.

5. Finally, complain. Don't give your phone number to checkout clerks.  Hassle firms that hassle you for extra data. The more inconvenient this is for companies – the more money it costs them – the quicker they will find another solution. And while you are at it, complain to your state and federal officials that you want more privacy. The reigning federal legislation in the area, the 1974 Privacy Act, is getting a little stale.

Do it now; do it quick

1. Get your free credit report. You really, really should do this right now.  It's free!  Plus it's fun, kind of like pulling out an old high school yearbook.  Well, for some it might be a bit like pulling out an old yearbook and seeing pictures of old girlfriends you'd rather not bump into any more.  But memory lane is memory lane. Visit: https://www.annualcreditreport.com or call 1-877-322-8228.

2. Do Not Call. Don't be the last person in America on the list. Call 1-888-382-1222 or visit DoNotCall.gov. It just feels good. And it does work.
3. Credit card offers. They clutter your mailbox, and they are identity theft ticking time bombs. You can opt out of those by calling 1-888-567-8688.  You'll have to provide your Social Security number.  You can also do so at https://www.optoutprescreen.com/, but the site makes many visitors nervous, because it looks so much like a fraudulent attempt to steal personal information. Ironic.

Things to do in the next few weeks
4. Supermarket loyalty cards.  You have to have them; it's too expensive not to.  Instead, screw with them. Swap cards with friends to wreck the database. Use fake personal information.  Really, it's OK.
5. Ignore or annoy the mail marketers. Don't answer sweepstakes entries or fill out warranty cards. They are just bait for your personal information, and in some cases, for scam artists building a "sucker's list." A lot of folks have fun mailing back unsolicited credit card offers and other items stuffed with junk mail or other unpleasant things.  I don't recommend that, but it can make for some funny stories, like the bank that recently that issued a credit card in the name of "Never Waste Tree." 
 6. Password protection.  Believe it or not, people might pretend to be you and call up companies to trick them into divulging your personal information.  So the next time you talk to any customer support folks from utility companies, phone companies, etc., ask them to add a password to your account.  Most will happily do it.

Longer-term projects
Criminals aren't the only ones taking and giving away your personal information. Companies do it too!  That's why most of the longer-term projects involve opting-out of legal (but vexing) information sharing by corporate America.   You'll have to get the right address on your own -- you'll often have luck addressing the letter to the company's "chief privacy officer."
7. Phone records. Call and ask out of "CPNI" sharing. Your cell phone or landline company may sell your calling records, (known as Customer Proprietary Network Information) to other companies.  Your consent is required, but there is disagreement over what consent means.  Better to write your provider and tell them you want out of CPNI.
8. Banking records. Your bank can sell your information unless you tell it not to.  And even when you do, your bank can still sell your information to affiliated companies. Lucky Californians, however, can even opt out of that second layer. 
9. School records. Yup, your children's schools can sell information on your kids. Write to the school board and principal and tell 'em not to.
And finally…
10. Protect that SSN.  The truth is, you're going to have to give it up at times. But don't do so without a fight.  And playing dumb can be an effective strategy.  Just say "I don't use that," and hold your ground. Or even better -- how about, "I don't know it?" 

An extra word on revealing your SSN
This last point deserves a little extra consideration.  Protecting your SSN is much easier said than done.   The other day, Hoofnagle signed up for satellite TV, and the firm he used asked for his SSN, because he was going to be leasing their decoder box -- for $5 a month. After a few days bickering, and even an offer of a $100 deposit, Hoofnagle was forced to give in and fork over his SSN.  After all, he'd already climbed on his roof and installed the dish. 

If it can happen to the experts, it can happen to you.  But the more companies are hassled by consumers, the more likely they will come up with alternative means to identify us.
In the meantime, it's a good idea to ask questions when SSN is required, such as: Who will have access to it? When will it be destroyed? What will it be used for? How will you secure it? And most important, do I have to? Companies never have the right to force you to divulge the SSN, but they do have the right to refuse to do business with you. 

Bonus tips for the advanced class
A complete reading of Hoofnagle's "Consumer Privacy Top 10" is highly recommended. Meanwhile, there are a few things I'd like to add:

1.) Get all your credit reports: There are a host of other companies, like credit bureaus, that keep track of your life. Many are required to tell you what they know about you.  Grab all those old yearbooks off the shelf. This is explained in the story,  What are these companies saying about you. But for quick reference, here's some links to the important sources for:

• Auto insurance claims
• Homeowners  insurance claims
• Pre-employment screening
• Tenant history
• Medical history
• Bounced check database

2.) Freeze your credit. The best ID theft protection is to make it impossible for someone to get credit in your name.  Some state laws allow you to freeze your credit; two years ago, only two states had freeze laws. Now, about a dozen do, with more scheduled to take effect next year. To see if you are eligible, click over to Consumers Union

3.) The Web is your friend, not your foe. Sign up for online banking and online statements. That will keep dangerous mail out of your mailbox. It will also let you keep one eye on your accounts to check for signs of fraud.  And the best way to stop ID theft is to catch it early.   

4.) Quiz customer service reps. Does the screen they're looking at give away too much information about you?  Ask simple, annoying questions like: "How do you know my credit card number?" It might be convenient, but it's also a risk. Feel free to ask any company to destroy the number after you are charged. If you trust the company, and you think it saves time, let them keep it – but do so judiciously.

5. Finally, complain. Don't give your phone number to checkout clerks.  Hassle firms that hassle you for extra data. The more inconvenient this is for companies – the more money it costs them – the quicker they will find another solution. And while you are at it, complain to your state and federal officials that you want more privacy. The reigning federal legislation in the area, the 1974 Privacy Act Privacy Act, is getting a little stale.

It is an almost unthinkable crime, to steal from the sick and dying.  And yet we all know it happens. I remember as a child hearing my parents discuss leaving a family member at home during funerals, to ward off any would-be burglars.  Burglars, they said, read the obituaries, too -- and know exactly when the entire family will be busy elsewhere.

So it should not be surprising that identity criminals target the dying or the dead. Still, it's hard to imagine until you see it for yourself.  On Christmas night, you will. Dateline NBC will tell the incredible story of a man sick with a terrible form of leukemia, a man literally days from his death -- and the repulsive crime he suffered while enduring everything else that comes with cancer.  Eric Drew's identity was stolen by a hospital worker. While Drew was gasping for life, his imposter was living it up on fraudulent credit cards.  After all, the criminal must have thought, Drew was hardly in a position to complain.

This might not seem like happy holiday material, the story of this despicable deed, but au contraire. Dateline's Josh Mankiewicz will take you on a redeeming tale of hope, persistence and eventually, justice.  I won't give away too much, but you'll be amazed at how this time, the good guys come out on top.

But when you watch, you will no doubt be wondering: Could this happen to me? The answer is, quite clearly, yes.

Stories of nurses, patients, and visitors stealing identities from the sick can be ripped from the headlines across America, like the story of a nurse in a Philadelphia hospital who gave terminally ill patients' identities to a crime ring. They drained the patients' accounts and obtained $10 million in fraudulent mortgages using the stolen personal information.

"They're like vultures. You wonder how people can be so horrible," said Mari Frank, an ID theft victim lawyer and author of two books on the subject.  "They think, 'Who cares, he's going to die anyway.' "

It's hard to imagine, particularly if you trust your doctor and your hospital.  But do you trust the patient across the hallway? And all his visitors? The grim reality is, identity theft is a peril for hospital patients, another concern sick and dying people, and their families, must put on their checklists.

Fortunately, there are some things you can do to protect the privacy of people you love while they're recovering in the hospital. 

Just say no
Most advice from experts surrounds protection of Social Security numbers. For years, the SSN, the key to your financial kingdom, was the most common identifier on medical insurance cards and in hospitals.  That's finally changed -- most health insurance ID cards now use a new numbering system,  Still, your hospital or doctor's office will likely ask for your SSN anyway.  Contrary to popular opinion, you can say no, says Twila Brase, a nurse who runs patient privacy advocacy group Citizens for Choice in Health Care.

"Ask them to use a new numbering system," Brase said. "They will often say, 'We have to have it,' but then you can say, 'Where is your manager.' "

You can even write a letter to the hospital in advance of a stay, asking if an SSN is required, she suggested. Hospitals eager to have your business will comply with the request, and then you'll have it in writing.

Still, for sick patients and their families, confrontations over Social Security numbers can be difficult, particularly when patients are already facing so many other worries -- and there's a natural urge to please the nurses and doctors who will be administering care.  But Brase said many hospitals now are attuned to the issue, thanks to all the publicity surrounding identity theft -- so they will often quickly comply. 

"There was much more pushback two years ago than there would be today," Brase said. 

HIPAA doesn't always help
Private patient information is supposed to be protected under the Health Insurance Portability and Accountability Act (HIPAA), familiar to most patients because of lengthy disclosure forms they receive upon entering medical facilities.  HIPAA created a class of data called Protected Health Information, which includes name, address, Social Security number, previous medical conditions, and so on.  Confidentiality of that data is supposed to be assured. But regulations do not always translate into actions.  Just two months ago, a Hawaii hospital was forced to admit it lost a computer thumb drive with 120,000 patient records on it.

And from the normal government do-as-I-say, not-as-I-do file, Medicare cards -- which senior citizens need to carry, and to present to doctors and hospitals -- still include Social Security numbers.  Earlier this year, both the House and Senate passed bills that would finally end this prehistoric practice.

That means patients and families need to push for their own privacy rights.  Family members should also browse through medical charts when they have the chance, looking for the appearance of unnecessary personal information.  There's no reason a patient's Social Security number should be on a chart hanging off the front of a hospital bed, or on a wristband.  Ask that any stray personal information be removed.

While many patients' charts are computerized now, those records aren't necessarily any safer from prying eyes than paper charts -- as shown by the number of computer-based data leaks we've seen this year.

FBI Agent James Rogers, who has investigated identity theft cases involving hospital data theft -- including Eric Drew's case -- recommends asking hospitals directly which employees will have access to the patient's records. Lab technicians don't need access to Social Security numbers, for example.

"You don't have to be gentle about it. Just ask. Ask lots of questions. You are never wrong for asking questions," Rogers said.  Patients who are concerned about annoying hospital staff should deputize a family member to have that conversation, he said. 

Leave the bills at home
Of course, medical records are just one way an identity thief can hit pay dirt in a hospital.  Rogers says a bigger problem is patients who bring other paperwork with them into the hospital - such as monthly bills or a wallet full of credit cards.

"They should leave most of that stuff at home," he said.  "Cancer patients and others who are in the hospital for a long time tend to do their bills in the hospital.  But leaving papers around like that, they are prime for the taking."

Even though many hospitals have locking drawers for patients to use, Rogers said he wouldn't trust them with critical papers.

"Too many people have access to them," he said. "I wouldn't trust any of those places for your valuables."

Frank, the ID theft lawyer, says family members need to take control of privacy issues for sick relatives. Tact is often useful in discussion with hospital staff, she said.

"I'm very nice about it. I just say, 'Look, I know you are doing the best you can, but I'm really scared of this. Do you mind if we redact this information, or can we just keep this information in a locked drawer?'"

But the most straightforward advice comes from Eric Drew, the man who saw his credit ruined when he was at his most vulnerable.

"When someone asks for your Social Security number, just tell them, I don't use it. That's it. I just don't use it," he said.  "And be demanding on where they are keeping your files, who has access to them, and do they keep records of who does access them."

Still, even after his harrowing experience, when Drew's condition was starting to improve, and he had already learned the hard way to protect his personal information -- and even after he had already become a bit of a celebrity for his ID theft battle -- a new hospital left a document with his Social Security number right on the receptionist's front counter.

"I said, 'You guys have got to be kidding me,' " he said. 

Like it or not, Drew warns, the burden to protect our privacy and our identities falls on consumers.

--------------------------------------------------------

Tips to stop hospital ID theft      

• Leave credit cards at home. Empty wallets and purses of other unnecessary items
• Get a family member to do the bills. Mail left in hospital rooms is an easy target
• Don't trust patient room locked drawers or cabinets with valuable items or information
• Refuse requests for Social Security numbers
• If SSN is required, ask that it be kept separately, under lock and key
• Ask hospitals to use your medical record number instead of your SSN for ID purposes
• Browse patient charts, wrist bands for extraneous personal information
• Don't be afraid to ask questions, such as who will be able to access your information

You're running on empty, racing around town to get a last-minute Christmas gift, and you make a grave but innocent error. You forget to gas up, and your tank registers "E," and now, you are stuck on the side of the road. 

But you thought ahead. You signed up for roadside assistance with your auto insurance company, so with one phone call, help can be on the way - for free!

Not so fast. Summoning that "free" help could end up being an expensive mistake. It could lead to higher insurance premiums, or even rejection of insurance coverage.

Huh?

Most consumers know car accidents and insurance claims can dog you for a long time.  The more accidents, the higher price you pay for coverage.  Makes sense.  What many consumers might not know is that insurance companies voluntarily share your claim history with each other, using a system known in the industry as the "CLUE" database (Coverage Loss Underwriting Exchange). According to database giant ChoicePoint Inc., which maintains the database, generally, information stays on the report for five years.

OK, that seems reasonable too. After all, people with bad driving records shouldn't be able to escape the consequences by switching insurers.

But the database is vast, and getting vaster all the time. CLUE covers both homeowners insurance and auto insurance claims.  It includes everything from auto collision claims, to when you were towed, and in some cases, even when you called your homeowners' insurance company to ask a question about your coverage.

CLUE is, as the name implies, comprehensive.

Now comes word that the CLUE auto reports are even more comprehensive than most consumers realize.  Last week, the Tampa Tribune wrote about a woman who was denied insurance because, she claimed, she had called for roadside help too many times -- two flat tires and a "keys locked in her car" incident during three years. (Thanks to the folks at Emergent Chaos for pointing it out).

State Farm, which allegedly rejected the woman's insurance application, wouldn't discuss the specific consumer's situation.  But company spokesman Dick Luedke confirmed that emergency road service claims are entered into the CLUE database, and his company does consider such claims when setting rates and determining insurance eligibility.

Consequences of such claims, "Can be anything from a slightly higher rate to a decision not to insure somebody," he said.

Remember, this is an added service that consumers pay for, albeit at bargain-basement rates – the price can he as little as $12 per year. But they are no bargain, particularly because consumers have no idea of the true cost of the plans.

Critics of the insurance industry reacted with surprise. 

"Oh my gosh - that's outrageous," said Beth Givens of the Privacy Rights Clearinghouse. It was the first time she'd heard that roadside assistance calls ended up in CLUE. "Probably for many people, that's the only time they use their insurance. ... That sort of thing really needs to be disclosed."

Insurance companies like to use elaborate mathematical models to set prices, so entering roadside calls into CLUE is a natural fit, said Chris Neal, a State Farm spokesman from Florida.  There appears to be a mathematical correlation between drivers who lock their keys in their car, run out of gas, etc., and drivers who are expensive to insure, he said.

The insurance industry uses the same logic to include credit scores in its premium-setting formulas. People with lower scores make more insurance claims, statistically speaking, so now, auto insurance firms charges low-score consumers higher premiums.

Such practices aren't legal everywhere. California state law prohibits use of credit scores or roadside calls to set insurance rates. Other states limit such practice.

But where they are allowed, they're not new. State Farm says it's been keeping track of roadside claims for 6 years in at least some states.

Still, it's not clear how widespread the practice is.  Allstate said it reports roadside claims to CLUE, but doesn't consider roadside claims when setting rates or determining eligibility. The company suggested the Insurance Information Institute would have more information. Jean Salvatore, spokeswoman there, said it was the first she'd heard of it. 

Geico -- which according to the Tampa Tribune, reports roadside calls to CLUE -- didn't immediately return my call. 

Progressive, on the other hand, neither reports roadside calls to CLUE nor references the data when setting rates, said spokeswoman Kathy Bell.

But since State Farm is a top national auto insurer, with 40 million cars under policy, it's safe to assume the practice is fairly widespread. That means you should think carefully before calling for help when your keys are locked in your car. It might be worth irritating your roommate, rather than calling your insurance company.

But just how far should you walk in the snow rather than call for that tow truck you've paid for? If you are looking for guidance, State Farm is no help.  I asked how many roadside calls are too many -- one a year, two a year, three a year?  Luedke couldn't answer.

"It's too complex to boil it down to those simple terms," he said.   

So auto insurance consumers are in a pickle  -- you can't purchase roadside assistance and know what the real cost is going to be.

That means consumers should do two things:

First: Thanks to the Fair and Accurate Credit Transaction Act, you can get one free copy of your CLUE report every year, and you should.  They can be ordered by following this link to ChoicePoint Inc.'s Web site. You'll be able to see if "ERS" -- emergency road service -- reports are kept on you.

And second -- it might be worth skipping your auto insurance roadside assistance plan. Instead, shop around for a plan that doesn't report calls to CLUE. AAA doesn't report roadside calls to CLUE, for example.  Even if it's more expensive, at least you'll know what the real price is.

The federal government is obviously serious about enforcing the do-not-call law. The $5 million penalty announced this week against DirecTV was a record. But the stiff fine isn't noteworthy because of its size; it's noteworthy because the offending company had to pay up at all.

So far this year, there have been more than 25 major security breaches, with information on 50 million people exposed by American companies.  And so far, none of the offending companies have had to pay anything.

The job of protecting American's privacy falls largely to the Federal Trade Commission.  It's been the FTC's style to settle privacy cases by forcing the companies involved to agree to auditing, and to issue a press release that calls out the offender.  It's a gentle touch, much gentler than the harsh hand that struck DirecTV this week.

This just in (Dec. 19): Another massive data leak involving 2 million consumers, and a clarification from the Federal Trade Commission. See the bottom of this entry.

Here's a case in point. The only prominent data leak case settled this year involved DSW Shoe Warehouse, which lost financial account information on 1.4 million people. Let's compare the FTC press release issued Dec. 1 on the DSW case with the press release issued this week on the DirecTV case.

• DSW: "The settlement will require DSW to implement a comprehensive information-security program and obtain audits by an independent third-party security professional every other year for 20 years."
• DirecTV: "Satellite television provider DIRECTV will pay $5,335,000 to settle FTC charges that, since October 2003, DIRECTV and companies it hired to promote DIRECTV programming have been violating the Do Not Call (DNC) provisions."

That's quite a disparity. Someone might interpret the message this way: Disturb me at dinner with a phone call, pay a $5 million fine; lose all my personal information, face a press release.

To be fair, the Federal Trade Commission has brought a host of cases against firms with shoddy privacy practices. ChoicePoint Inc., the first in this year's string of disclosures, has revealed in a filing with the Securities and Exchange Commission that it is facing an FTC inquiry.  Agency spokeswoman Claudia Bourne Farrell said the FTC has "other cases in the pipeline." She also said that some laws and regulations tie the agency's hands: some do not allow the agency to impose a civil penalty on first offense.  Other cases coming down the pike may include such penalties, she said. 

Other agencies not on the case?
And it's unfair to lay all this on the FTC -- it's not the only agency which could levy fines after the data leaks. Many of the leaks also represent violations of the Gramm-Leach-Bliley Act, which ensures the privacy of financial information. Various banking regulators could issue fines in connection with leaks involving banking operations. Other leaks, involving heath information, violate the Health Insurance Portability and Accountability Act (HIPAA), which protects medical information. The Department of Health and Human Services can impose civil fines. The Justice Department could impose criminal fines.

So far, the silence has been deafening. 

It's nearly impossible to say definitively that there's been no data leak-related fines this year, since there have been so many disclosures and so many agencies are involved. But clearly, there hasn't been anything on the order of DirecTV's penalty.

Privacy advocate Chris Hoofnalge says government agencies just aren't doing enough to protect consumers.

"Until there are real fines, there isn't adequate economic incentive to respect people's privacy," he said.   

Little has changed
Instead, after a year of bad news in the world of consumer data, very little has changed. Nearly 20 bills have been introduced in Congress to deal with the data leak problem; none have passed. While Americans have been introduced to a new industry -- commercial data brokers such as ChoicePoint -- the firms continue their unfettered trade in America's private information.

"This was the perfect storm to get attention to this issue," said Rob Douglas, who operates PrivacyToday.com. "But it seems the perfect storm has started to move off the radar screen." 

Indeed, an industry study released two weeks ago authored by ID Analytics suggested most victims of data leaks didn't end up as victims of identity theft, producing buzz that ID theft fears are overblown. The study missed the point. Twelve months ago, most Americans had never head of ChoicePoint. Today, they still wonder why this company and others like it can make money off of their personal information without their permission -- and why those same companies can lose their personal information with impunity.

There is some reason for optimism.  The do-not-call list is one of government's great success stories. There is wide participation by consumers; satisfaction rates are also high, as most people report a large dropoff in bothersome phone calls. And now, the outliers have been warned by the consumers' representative in Washington -- cheating will not be tolerated. If I were a telemarketer, I'd be scared of the FTC. A $5 million fine will do that.

Let's hope Washington adopts the privacy issue with the same vigor, and similar results. 

---------------------------------------

This Just In: Dec. 19, 6 p.m. ET

Another massive leak
During the weekend, word emerged that mortgage firm ABN AMRO Mortgage Group Inc. -- which operates Mortgage.com -- has lost track of a data tape with 2 million customers' identities on it. According to a company statement, the tape was destined for credit bureau Experian in Allen, Texas, chock full consumer data, including Social Security numbers. Banks routinely send such tapes to the credit bureaus with recent payment information to keep credit reports up to date. The story is eerily similar to an incident in June, when CitiFinancial tapes destined for the same Experian office were lost.  In that case, 3.9 million identities were exposed. 

FTC clarification
Also, Joel Winston from the Federal Trade Commission called to offer more details about the agency's position on data leaks and fines.  Winston said the agency's hands are tied tightly by Congress, and it often has no authority to levy fines.  Cases against data leakers so far have been litigated under the FTC Safeguards Rule, which springs from the Gramm-Leech-Bliley Act, or under the Federal Trade Commission Act.  Winston said neither law, as written by Congress, gives the agency the ability to ask for monetary penalities on a first offense.  Only if a company breaks a settlement agreement with the FTC can a fine be levied, he said.

Some data leak cases involve information covered by the Fair Credit Reporting Act, allow fines, and the agency is now exploring the possibility of litigating cases using that law.

As Congress ponders a new data security law, the FTC has asked lawmakers for a provision that would give the agency the ability to obtain monetary penalties. 

"We think that penalties are an important remedy," he said.  Hopefully, Congress will agree.

Half of all Americans don't pay their credit card bills every month.  A new study suggests you can blame the kids.

Robert Manning, who exposed America's bad debt habits in his book Credit Card Nation, recently conducted a series of focus groups to explore consumers' seemingly irrational spending habits.

He found that many Americans aren't the selfish super-consumers they have been made out to be. Instead, much of the nation's exorbitant consumer debt is the result of parents -- and grandparents -- trying to give their children the best of everything. The single most important factor underlying high debts is the "elevated lifestyles" parents provide for their children, the report found.

"Whether they are buying an $800 prom dress, a $2,000 trombone, or a $1,000 laborador, (parents) are convinced they are doing this in children's best interest," Manning said.  Parents simply want their kids to have more then they did -- often an emotional, reactionary response to more Puritan lifestyles they had as children, Manning said.

"This often assumes a form of vicarious adolescence whereby young parents relive their childhood through the material objects that they were denied by their own parents," Manning says in the report, called "Living With Debt," which was sponsored by online lender MortgageTree.com.

By indulging their young children, parents may be imperiling their kids college future, Manning said.

Overindulgent spending is hardly the only factor in high debts.  Parents are spending about twice as much of their disposable income on housing as they did a generation ago.

Focus group participants also complained that they face a series of additional expenses that previous generations didn't.  One parent complained about a $500 vet bill when the dog had an infected tooth.  Another complained about $2,000 band camp. 

Expenses like those are a major contributor to the skyrocketing credit card debt carried by Americans. That debt has more tripled to $804 billion in 2005 from $251 billion in 1992.

Christmas every day
In a section called "When Christmas Comes Round Every Day," Manning describes a phenomenon he calls 'competitive consumption."  Keeping up with the Jones's  has reached new heights in the age of easy credit.

"They know how much they are paying for the mortage, but don't know how much they are paying for Nike sneakers," he said.  One study subject shared that when she was growing up, she had three pairs of shoes -- for school, play, and special occasions -- but her son now has 20 pairs of Nike sneakers.

"I don't even know how many my daughter has", said Karen, a 54-year-old public school teacher in Washington D.C. 
 
As a result, among mature families, with parents aged  45-65, Manning found many parents had pretty much given up on reining in their teen-agers' spending. Inability to say no is a major contributing factor to America's dismal personal savings rate -- which is essentially zero, he said.  And as a result, many parents are now facing the Faustian choice between protecting their retirement savings and raiding it to pay for kids' college expenses.

There is no question that raising kids is costly and has always involved sacrifice. But how much is too much? In "The Two-Income Trap," Elizabeth Warren found that the single most reliable predictor of bankruptcy for women was motherhood. In other words, woman with children are several times more likely to file for bankruptcy than women who don't have children.

Unpopular priority setting
As a society that often talks about family values -- an issue both Republicans and Democrats have repeatedly tried to hijack -- Manning's report invites a welcome, honest discussion of the high cost of kids.

For Manning, the solution requires some unpopular priority setting, and an ability to ignore what the Joneses are doing.

It also requires lot of honesty.  At the right time, show your children your budget, including projected college costs, and make spending decisions together, he suggests.

"You have to sit down with the child and say, 'What are the goals?" he said. "If the goal is getting the kid to college, what are the expenses related to that goal? Where does the XBox fit in? Where does debate camp fit in?"

Easier said than done, I was told when discussing the report with a colleague who recently had his first child.  Having a budget is all well and good, but when you have a child, you do the things you have to do to buy the things you need to buy -- clothes, shoes, heating oil.  Sometimes, children don't fit so neatly into a spreadsheet, he reminds me.

The thought-provoking study is essential reading for any parent, and can be downloaded for free at Lending Tree's Web site.

It's Christmas morning. There's small gifts piled all around the Christmas tree, but in the corner, there's that one BIG box.  Mom and dad hold out – they make Johnny open it last, building the excitement even more.  So when the paper is ripped away and a brand new PC is unveiled, there's yelps of joy.   

Next, Johnny runs upstairs, kicks aside his old, sluggish computer, plugs the DSL line into the new hot-rod, Pentium 4 PC and starts playing online games with his friends. 

And 20 minutes later, his PC has been hacked.  Forget the 12 Days of Christmas. Well before the Christmas morning coffee is cold, Johnny's new computer is being used by Romanians to send spam and launch denial of service attacks.

Whenever a new computer is put online, it takes an average of only 20 minutes before computer hackers find it and probe it for vulnerabilities, according to antivirus firm Symantec.  An unprotected PC is almost certain to eventually get hacked. And Christmas gift PCs that aren't set up properly are essentially unprotected PCs.

It sounds Grinch-like. When an adrenaline-spiked child wants to turn on a new toy, who can say no? Well, you can.  You wouldn't give a child a bicycle without a helmet.  And you shouldn't let your kid play with a new PC until you spend some time -- probably an hour or two -- setting up security software and making sure it's up to date.

You might think a brand new computer is safe. It's not.  The truth is, you don't know how long that computer you bought for Johnny was sitting on the store shelf. Maybe one week -- maybe three months.  There are literally hundreds of ways to hack three-month old software. 

Everything can get stale: milk, cheese, old jokes.  And yes, computer security software.  In fact, it gets stale pretty fast.  Unlike milk, computers do not have a "use by this date" stamp -- so you have to assume the computer is unsafe and act accordingly. It might sound like a hassle, but one to two hours spent on Christmas Day might save you endless hours of headaches later.

NBC: Watch a kid wreck the family computer
On Sunday's edition of Weekend Nightly News, NBC's Janet Shamlian visited with a teenager who reveals just how much of a mess he made of his family's computer. Fortunately, a neighbor, a helpful teen-ager, came to his rescue.

Not everyone is so lucky.  A recent survey conducted by America Online and the National Cyber Security Alliance concluded that 81 percent of U.S. consumers lack basic Internet safety tools. While most consumers think they are safe online, they're not. 

The holiday season is an important time to consider computer security.  Christmas PC sales are exploding this season, up 35 percent over last year during Thanksgiving week, according to research firm by Current Analysis.

Much of the time, those consumers simply take their new PCs and connect them to the Internet without doing anything to make themselves safer.  Some of the worst offenders are well-meaning parents giving the gift of computers, says Vincent Weafer, security expert at Symantec Corp.  Last year, the number of zombie computers detected by the firm doubled in the weeks after Christmas, the firm found -- suggesting Christmas PCs were plugged in and quickly hacked.

"We determined that a significant amount of these were new machines that were Christmas gifts going online and not getting security patches onto them," Weafer said.

Four-step plan
Microsoft Corp. has begun a new public awareness campaign around safer computing -- "Resolve to Protect Your PC in 2006." The firm has boiled down consumer instructions into four steps:

• Use a firewall
• Use an anti-virus product
• Keep your software, including your anti-virus software, updated
• Use anti-spyware software.

(Microsoft is a partner in MSNBC.com)

Much of this should be automatic.  Starting this year, Microsoft's Windows XP shipped with its firewall turned on by default.  The firm also offers auto-update, which will install security patches as needed -- consumers can choose this option when they initially turn on the computer as part of the "first-run" experience. Almost all PCs come with free trials of antivirus software. They should automatically be configured to download the latest definition files. And anti-spyware products are available from many Web sites, and many of them also offer automatic updates.

But that four-point plan still involves many opportunities to abort, cancel, or otherwise screw up. It's a lot to ask consumers.  And that's a big reason why 4 in 5 Net users aren't safe online. 

"People want to go ahead and do what it is they are trying to do and don't want  to mess around with things," said Amy Roberts, a director of product management at Microsoft's security group. "To date, it has often been too complex."

The company has a Web site with tips on keeping computers safe at Microsoft.com. Many antivirus vendors also offer a free scan of PCs to see if they are infected.

Tip: Work like Santa's elves
It's also a lot to ask an excited kid with a new toy to wait on Christmas morning.

So Symantec offers this helpful tip: do it like Santa would. Every Christmas Eve, my parents would wait until the kids were nestled in bed before they brought in the tree, hung the ornaments, and set up the train set -- all to maintain the illusion that Santa had done the work.  You can do the 21st Century version of this ruse. 

Break open the PC box ahead of time and configure the system for safety. Do all those pesky installs out of site for the kid, when you'll have more patience. Your odds of doing it correctly should go up exponentially.  So will your kids odds of staying away from hackers.

There is one other option, pointed out by an editor at MSNBC -- get a Mac!  Macintosh computers aren't targeted by virus writers nearly as often; configuring them tends to be much brisker. 

Either way, of course, there's much more you'll need to do to keep your kids safe online. You should keep the computer out of the bedroom, limit their time online, and talk to them frequently about who their online friends are and what kind of information they share over instant messages or blogs.  For more on that topic, see Dateline's story about Internet predators, or read Kids, Blogs, and too much information.

But by taking an extra hour to properly configure a holiday PC gift, you'll be on your way to a much safer 12 days of Christmas, and 2006.

Last week, we highlighted the problem of cell phone jail -- that helpless feeling a lot of consumers get when they are stuck in a long-term cell phone deal and the only way out is to pay a stiff termination fine, often $200 or more. Even if the service is terrible -- they're stuck.

There must be a better way, right? Well, there is. A number of Red Tape readers, and a consumer advocate group, suggest prepaid wireless.

Once marketed as a solution only for those on the economic margins, with bad credit, prepaid wireless is slowly going mainstream. If you want to avoid the restrictions of a long-term contract with a cell company that might not work out, prepaid phones are a great option.

As with many things in life, paying a little now can save you a lot later. But you've got to make some careful decisions.

Prepaid phones are sprouting up on the shelves of consumer electronics stores, though rarely on the same shelf as their glitzier, stickier companions from Sprint, Verizon and the other big boys.  Prepaid is still a small portion of the market, but it's not tiny.  Last quarter, 12 percent of cell phone purchases bought a prepaid plan, according to research group Telephia.

As with contract cell phones, the prepaid market is complicated by a myriad of options, and it's easy to get confused.  Buyers don't just compare phone prices or per-minute rates. There's also different prices for night and weekend minutes, within-system calls, rollover minutes, text message fees, and so on. 

Prepaid buyers also have a much bigger list of providers to choose from than contract buyers -- including Verizon, Cingular and the other household name brands.

That said, as a general rule you should be able to buy a no-frills phone for well under $100 and pay around 10 cents a minute for talking.  If you aren't a gabber, that's probably a pretty good deal.  If you talk about 100 minutes a week on the phone (that's one hour-long call to mom and 10 short calls to friends), you're paying $40 a month. Not bad, especially considering you can leave the phone behind at any time, no questions asked.  And, $40 is $40. You also escape those extra fees that come with monthly contracts, which somehow turn that $39.99 a month into a $52.37 charge.

And here's something else to consider: If you're the kind of person who really only uses the phone as an emergency back-up and only makes an occasional call while stuck in traffic, your monthly total could be even less under some plans. One of my editors, who has been a fan of prepaid wireless for years, says she averages about $25 a month using one of Virgin Mobile's plans. Best of all, she says, when she accidentally loses the phone under the couch for weeks at a time, she's not paying for phone service she's not using. She's also not paying for hundreds of unused minutes each month, like most consumers.

On the other hand, if you have a long-distance love affair to maintain, those free nights and weekends -- along with 1,000 anytime minutes -- might still be worth submitting yourself to a long-term deal. Big talkers should stay away from prepaid phones. 

Lots of 'gotchas'
Now for the details.  I put these off until this point because, well, there are lots of them, and it's a bit overwhelming.  Prepaid phone minutes often expire -- some as quickly as 15 days from purchase.  Other plans require you to buy more minutes after a certain amount of time even if you haven't used up your existing ones. Many plans require a daily access charge, as high as $1 per day. Others, such as Virgin Mobile, charge a higher rate for the first few minutes you use the phone every day. 

And of course, if you run out of minutes, you have to fill'er up somehow. There are cheap ways and expensive ways. If you've ever bought a calling card while overseas, you know that it's easy to misunderstand the real cost of minutes when tack-on fees are added into the equation.

"There are lots of gotchas," said Linda Sherry, who helped write a report on the prepaids for Consumers Action.  "If you just went out looking for one of these, you can end up scratching your head... But in the end we can recommend prepaid because you are not tied into a long-term thing."

Even with the strings attached, many consumers could end up with a lower wireless bill at the end of the year if they buy a prepaid phone and mind their own minutes.

Prepaid wireless is much more common in Europe, where consumers are not quite as comfortable with buying-on-credit arrangements as Americans.  As such, you'll see "top-up" stations all over; at ATM machines, in gas stations, at drugstores, at retailers. Some U.S. ATMs now allow recharging, but that's still rare.

It might get less rare, however, as general retailers stock up on pre-paid phones.  Wal-Mart has made a big push into the prepaid wireless market in the past year. Target, Circuit City, and Best Buy are also pushing the phones now, just in time for the Christmas season.

The gift of minutes
Sherry said the phones actually make a responsible Christmas gift.  For about $150, you can give someone a working cell phone with a few hundred minutes that will be good for about a year -- enough to take care of life's emergency situations.  That's a more thoughtful gift than a cell phone which requires a contract, which binds one of you to a monthly fee for two or more years.

Generally speaking, the more minutes you buy, the cheaper they are, and the longer you have before they expire.  Of course, since you don't really know how much you might talk, there's always a bit of gamble with buying such minutes.  In the end, the mobile company wins either way -- either you buy too many minutes, and they expire, or you talk too much and have to pay more.

Still, the biggest benefit of pre-paid phones is awareness.  It's similar to buying with cash instead of credit. Consumers paying with cash always buy less -- significantly less -- than those paying with plastic. It's human nature.  Pulling greenbacks out of your wallet feels bad.  Whipping out a credit card is almost painless.  So it is with cell phones.  If you know you can only talk so long before your money runs out, you talk less.  Spending less time on the phone is probably good for you, and for society, anyway.

And, there's no $200 early termination fee!

Buying a prepaid phone is complex and not for the faint of heart, however.  Here's some tips courtesy of Consumers Action. A full reading of its report is highly recommended.

TIPS

• Most prepaid minutes come with an expiration date. You pay less for a short-term expiration period and more for a long-term one.
• The fewer minutes you buy, the more you'll pay per minute.
• Even "pay as you go" plans have expiration dates and minimum purchase requirements.
• Many plans require that you purchase a set amount of minutes each month or your phone will be deactivated.
• Carriers that offer to roll over unused minutes from month to month usually do so only when you pay by the month or other predetermined schedule.
• Daily access fees or a higher rate for your first minutes used each day may be required to get the lowest rates. To find the true rate, factor in these fees.
• Some carriers charge as much as 45¢ per minute after your monthly plan minutes run out. Look for a plan that allows you to get more minutes at the same price if you need them.
• If your plan is subject to a minimum minutes balance requirement, you may be required to purchase more time even before your account is totally depleted.
• Calls placed outside your carrier's network (roaming) may not be included in the low rate plan and can cost up to 93 cents per minute.
• International calls are rarely included in prepaid wireless plans, although some carriers include Puerto Rico or Canada in your domestic allowance, or offer an additional low flat per-minute rate to certain countries such as Mexico.
• Directory assistance calls (411) cost extra — up to $1.75 for each call — in addition to your plan minutes.
• Taxes and surcharges might be added to your monthly charge. Depending on the carrier, these charges might be included in your per-minute rate or added as a separate charge each month.

Traveled overseas recently? Look carefully at your credit card bills. You'll probably see a new fee on your bills, a ding of a few dimes for every single charge you made.   Frustrating, yes, but for once, this is a good thing.

A Red Tape Chronicle reader named Russ called my attention to the fees last week. He'd gone to Canada with his wife, as he has many times, but this time, there were surprising extra dings on his bill.  For example, dinner at a restaurant for $29.96, and just below it, a 30 cent charge.  Russ, who asked that I withhold his name because he works for a large bank that issues credit cards, sent me scrambling for my most recent credit card bill.  And sure enough, for each charge I made in Ireland recently, there was a small charge listed below labeled "foreign tran chg."  Dinner for friends $140.71, fee $1.49. Scarf and sweater $110.22 -- fee $1.09.  Lunch $13.70, fee 14 cents.

What's going on here?  Well, it's a bit of a good news/bad news story. But if you're traveling this holiday season, there are some things you need to know.

First, the bad news.  Russ is right -- for every MasterCard or Visa credit card purchase you make outside of the United States, either MasterCard or Visa sucks an additional 1 percent from consumers.  It might seem like pennies, but those pennies add up.  According to Thomas F. Schrag, a lawyer who filed suit against the credit card associations over such fees, consumers paid $2 billion in the itsy-bitsy traveling fees from 1987-2002. 

But the bad news doesn't stop there.  Credit-card issuing banks know a good revenue source when they see one. Starting around 2000, many banks began tacking on similar, costlier fees for using your credit card overseas.  Today, many banks add on another 2 percent to the 1 percent charged by the credit card associations.  That $100 sweater really costs you $103, if you pay with plastic outside the U.S.

But wait, there's more.  Debit card fees and ATM withdrawal fees can be even higher. Bank of America charges a flat $5 for out-of-network overseas withdrawals. JP Morgan Chase charges $3 plus 3.5 percent. A $100 withdrawal costs more like $106.50.

Where's the good news?
It's hard to find good news in there, but there is some.  At least we can talk about the problem. Not long ago, foreign transaction charges were one of the grand mysteries of the credit card industry.  They were not disclosed by banks. Instead, the fees were merely baked into the exchange rates listed on credit card bills. Consumers who didn't have all night to play with spreadsheet, calculators, and currency conversion rates were none the wiser.  The credit card associations and banks, meanwhile, were getting much richer.

A series of lawsuits has outed the practice, which is now slowly coming to public consciousness. Earlier this year, Visa and MasterCard changed the way the fees were charged, and credit card banks started listing the fees as separate entries on monthly bills. Visa cards began listing the fees separately on April 1, MasterCard on Oct. 1.

In other words, Russ did not discover a new fee last week.  He just finally was told the truth. In the past, Russ's dinner with his wife would have been listed as $30.26 on his bill, with a conversion rate adjusted to include Visa's 1 percent take.

'You have to be a math genius'
Of course, many consumers still don't know about the fees, which can vary wildly from credit card to credit card. In fact, fees can vary even within the same piece of plastic. In other words, credit transactions often have a different cost than debit transaction, even if you are using the same card, says Kristin Arnold, who recently published a study of credit card foreign transaction fees for BankRate.com. Unfortunately, most consumers learn the hard way, after they are home from vacation.  The confusion is profitable for banks and costly for consumers.

"You have to be a math genius to figure it out. It's meant to confuse people. It's a lot to keep track of," she said.

Finding out just how much you can expect to pay for the privilege of overseas plastic is more art than science, says Ed Perkins, author of Business Travel: When it's Your Money.

"It's really a weird situation...It's a moving target; things change month to month," he said.  "Any time one banker sees another banker successfully implementing some greedy strategy, the temptation is too great not to imitate."

Get it in writing
The best strategy, says Arnold, is to call your credit card company before your trip and discuss foreign transaction fees with them. But there's a catch: the situation is so confusing, you can't count on the customer service agent to give an accurate answer, she said.

"I would not trust the person you get on the phone initially. I would ask to speak to a manager," she said.  Bankrate researchers were often given conflicting answers, Arnold said.  An even better idea: Tell the credit card firm to mail you your terms of agreement again, with the relevant currency exchange fee information highlighted.

In her study, Capital One stood out as levying no foreign exchange fee; the firm even absorbs the MasterCard/Visa 1 percent fee.  Bank of America, which charges 3 percent for credit card transactions, does offer relief to those who want to withdraw cash from ATM cards overseas -- it's Global ATM Alliance. Member banks include Canada's Scotia Bank, Britain's Barclays, and Germany's Deutsche Bank. Consumers from any member bank can withdraw cash without paying hefty transaction fees.

Schrag is optimistic that more banks will offer fee-free solutions, now that such fees are out in the open.

"Over the next 3 to 5 years, you'll see competition erode these fees," he said, pointing to the slow, steady disappearance of annual credit card fees.  "Some banks have dropped their issuer fees already. I think the 1 percent fee will eventually disappear."

But such bank fees won't go down without a fight.  In 2003, Schrag won a class-action lawsuit against MasterCard and Visa foreign exchange credit card fees, with a judge awarding $800 million to plaintiffs after finding the fees ran afoul of California's unfair competition laws.  The associations are appealing. 

And while that appeal drags on, Schrag and colleague James Baum have filed a similar suit involving foreign debit card transaction fees. A hearing is scheduled for Dec. 15 to certify that case as a class action lawsuit.

Cell phones are a bit like the weather.  Everyone complains about them, but no one's doing anything. 

For cell phones, there's good reason. Getting out of a bum cell phone plan can cost an arm and a leg, no matter how legitimate your reason for escaping. Perhaps the service you buy turns out to be unusable at home or drops calls during your commute. Or maybe you just want one of those swanky new e-mail, Web-browsing phones.  It makes no difference. If your plan has 19 months remaining, you are out of luck. The price to get back into the free market for a cell phone is about $200.

There must be a better way. And, in fact, there is.  But first, more on the problem.

MSNBC.com's Bob Sullivan explains how cell-phone users can avoid early termination fees if they want to switch providers.

Escaping from your cell phone contract can be costly -- so costly that about one-third of all cell phone users just give in and don't even try, according to a survey released earlier this year by the Public Interest Research Group (PIRG). 

Some 36 percent of America's nearly 200 million cell phone users would consider switching their providers, but don't, because of the cost, according to the research.  PIRG also found that 10 percent of cell phone users just sucked it up and paid a cell phone escape fine during the past three years, ringing up some $2.5 billion for telecommunications companies.

These fines, called "early termination fees" -- all the service providers have them -- are an incredible disincentive to switching plans and are ferociously anti-consumer. After all, how can consumers find out which provider offers the best service until they try their options?  When two-year contracts are required, there is no room for trial and error. Make a mistake, buy a service that's not really right for you, and there's no get-out-of-cell-phone-jail-free card. You're stuck.

So, many consumers simply put up with inferior service.  You'll spot them wandering up and down the block outside their apartments, trying to get a signal -- never imagining that there might be a better way. Well, there just might be.

Sublease your phone
It turns out, while you can't just cancel your cell phone service, you can effectively sublease it.  If you can find someone else to take on the remainder of your cell phone plan, you are home-free. 

I know what you're thinking -- now there's a way to charm friends and family.  "Hey want to take on my bad cell phone service? " But there is an alternative.  Pawn your phone off on a stranger.

Enter CellTradeUSA.com, a New Jersey-based start-up with an Internet-age solution.  Consider it an online dating service for people who want out of their cell phone plans and for people who don't want to commit two years to a new service provider.

The "get out people," as founder Eric Wurtenberg calls them, post a free ad on the service stating their current monthly fee, minutes and remaining contract period. Usually, they tag onto the ad an offer of a free phone, car adapter and other accessories to sweeten the pot. After all, the phone is most likely useless to them after they get out from under their plan.

The "get in people" can browse the ads for free and can send e-mails to "get out people" for free, too.

And now, the fee comes in. Those trying to rid themselves of a cell phone plan must pay $19.99 to read the e-mails coming from interested parties.  But at least they have a chance to see if there is interest before paying the fee.

Is this legal? And legit?
After a match is made, the two private parties must separately settle their affairs with cell phone companies.

But do mobile providers allow cell plan swapping? Generally yes, says Joe Farren, spokesman for CTIA, the mobile phone lobbying group.

"There is language in the contracts that permits it," he said.  His group takes no stance -– positive or negative -- on cell phone plan subleasing, he said. But there is nothing standing in the way of firms like CellTradeUSA from profiting off cell phone consumer dissatisfaction and matchmaking.

Cell phone companies do require the new phoneholder in such a transaction to undergo a credit check. But there are no additional sign-up fees or activation fees, according to Sprint and Verizon.

The idea might sound a bit wacky, but it's no wackier than paying for a phone that doesn't really work for another 9 months.  And the mere existence of such a Web site points to the severity of the problem, said Ed Mierzwinski, who helped write the PIRG cell phone study.

"They want a captive customer; they don't want customers who can shop around," he said.  "People that have problems can't get satisfaction because the company knows if you have a problem, they can frustrate you … because you have no real choice."

PIRG is working to pass cell phone users Bill of Rights laws in states around the country.  One such bill did pass last year in California, offering consumers the chance to return a phone for up to 30 days with no termination fee.

The industry has responded by vigorously defending its policies. Farren says early termination fees are necessary because cell phone providers subsidize the cost of handsets and must recover that subsidy if their consumers bail on them.  Cell phone firms have asked the Federal Communications Commission to clearly categorize the fees as part of the subscription price, as opposed to a penalty.  That would insulate the industry from lawsuits that would challenge the fees as unfair penalties. 

Number portability, two-year contracts and clingy companies
But while consumer groups and the powerful telecommunications industry duke it out, Wurtenberg figures he can make some good money by plugging the gaps. After all, paying him $19.99 is a lot cheaper than paying your cell phone company $175.

The site wouldn't have worked two years ago when consumers had to abandon their cell phone numbers if they switched providers. But new FCC rules requiring cell phone portability opened the door for a business like Wurtenberg's. Also, the slow, steady rise in two-year contracts -- much stiffer than than the once-popular one-year pacts -- helps makes the case for subleasing.

It also makes the case for those who criticize cell phone companies and their clinginess. The rise of two-year requirements did seem to correspond neatly with phone number portability, suggesting just as cell phone firms were forced to give consumers more choice, they found other ways to chain them up.

'Get out of your contract' prize
So far, CellTradeUSA.com's offerings are a bit sparse.  Wurtenberg says at any given time there are about 5,000 phones being offered. "Get out" people with hot phones seem to fare the best.

"If you are offering a Razr or Treo, you get out in one or two days," he said. He claimed he couldn't say how many deals had been consummated, because consumers actually handle the final steps of the transactions on their own, so he can't track them. 

A coming feature might earn the site a bit more attention. Soon, CellTradeUSA will be offering "get out of your contract" prizes -- a sponsored contest in which winners will actually be absolved of their cell phone obligations for free.  Advertisers will foot the bill.

"I think people are going to go crazy over this," he said.  The fact that people even land on his site proves they've already been driven crazy by their phones. 

Careless companies are the biggest threat to your personal privacy, not computer hackers. Tonight, you'll have a chance to see the problem up close and personal.

We've brought you two stories recently that illustrate this point: "Surprise! You're exposed," about companies that accidentally sling spreadsheets and data around in e-mail; and "Help! I left my identity in the back seat of a taxi," about the thousands of data-rich thumb drives and laptop computers that are lost and stolen every month.

This week on "NBC Nightly News," Tom Costello took viewers inside a company being tested for sloppiness.  Cameras follow a hired hacker as he wanders around the office looking for leaks.  You might be surprised at how good a ruse a fire department inspector's uniform can be for a determined hacker. 

Tom Costello's story is timely. Just today, shoe retailer DSW Warehouse settled a lawsuit with the Federal Trade Commission that was filed after a hacker stole about 1.5 million credit and debit card numbers from the firm.  The lawsuit doesn't deal with the criminal who stole the data, but rather the company that made the theft possible.

According to the FTC, the list of bad habits was lengthy. DSW kept multiple copies of customers' credit card information on different computers, even when there was no need to store the data at all. The financial information wasn't encrypted and was protected only by "a commonly known user ID and password."

It's so often said that credit card theft victims face no real consequences, since they aren't liable for the charges. That's just not true.

Anyone who's been through it will tell you it's a hassle: Auto-payments must be canceled and reissued, and that never goes smoothly and often results in a late fee or two.  Card numbers must be memorized again for use on the Internet.  And there's that odd feeling of violation most people feel.

The pain of stolen debit cards
But another element that's not discussed enough is the repercussions of stolen debit card numbers.  Consumers have been trained to use debit cards/check cards just like credit cards, so whenever there's a heist of credit card numbers, a certain percentage are debit accounts. In this case, there were 96,000 debit cards among the stolen credit cards. For those victims, the problems are much more severe.

Having your debit card stolen is akin to having your checkbook stolen; and in fact, many victims have to order new checks, since their checking account number has been exposed.  New checks cost $10-$15, and while DSW paid for some of those fees, consumers paid, too.

Meanwhile, debit cards don't have the same limits when used as credit cards -- in other words, if someone steals your debit card and uses it at a Wal-Mart, he can drain your entire bank account. Since the money is now gone, it's up to the consumer to recover it through dispute processes.  That's a much bigger headache than disputing a simple credit card charge -- because consumers never have to lay out the cash for those.

Is your company protecting you? Ask some questions
While DSW has admitted no wrongdoing in its settlement, it did agree to an outside audit every two years for the next 20 years. The audit will be similar to the one Tom Costello will unveil on "NBC Nightly News" tonight.

There isn't much a consumer can do to assess the security habits of companies that hold their personal information, but there are some tea leaves to read.  Asking about the firm's privacy auditing practices is a good start.  Talking to customer service representatives will give you a good sense of how seriously companies take the problem.  If they hassle you with a bunch of questions before letting you access information, say thank you.  If they seem unconcerned, or volunteer too much too soon, say goodbye.

Consumers often say they are very concerned about privacy -- but some companies still haven't gotten the message.  Voting with your feet, and your pocketbook, will drive that message home.