By Cynthia Hetherington

Data, at its most annoying, is a commodity with social media sites selling your Likes to data providers. Data, at its most dangerous, allows terrorists and scammers—as near as your neighbor or from faraway lands—to farm from open sources the personal addresses of our military personnel to threaten them and their families. They robocall mercilessly and prey on the elderly. Unfortunately, we share much of the data that generates these annoyances and threats

In this blog series, we help you understand the dark side of information sharing. You will learn the pitfalls of oversharing and how to reduce your online risks. You will gain useful tips for protecting your personally identifiable information (PPI) and preventing identity theft, learn how to opt out of online vendors and how to remove you PPI from three major DNA collection retrieval services.

Marketing and such …

Organizations use information from a variety of sources for a variety of reasons. You are familiar with some of them: Businesses wanting to send you an offer and companies wanting to better understand their marketplace or to develop new products and improve customer service. In other cases, companies use information to protect you and themselves from risks related to identity fraud.

Most companies rent or buy lists of individuals they believe are likely to be interested in their products or services. They will use these lists to market to you either offline or online. These lists come from a variety of sources, including public records, telephone directories, and from companies who exchange or rent their customer files for marketing purposes to other organizations who have a legitimate need for the information. The rental or exchange of customer files has been a common practice for decades and does not pose a security risk to you. The exchange usually involves only the basic contact information and very general information about your purchases. These lists are used to send postal mail and email to you, phone you, and/or text you about special promotions or offers. Contacting you in this manner enables a company to engage more effectively with individuals who are not yet customers, but who might have an interest in or need for their product or service.

It is also common practice for a business or organization to create a marketing file of names, addresses, and other information related to their customers’ purchases. Marketing data may include household characteristics obtained from surveys you fill out or from general communication with you.

Identity Verification

Marketing, however, is only one use for your information. Early detection and prevention of fraud by verifying your identity is a second use that offers significant benefits to both you and businesses. Being able to correctly recognize a customer—especially when transacting business over the phone, on the Internet, or via a mobile device—can help reduce the chances of that customer becoming a victim of identity fraud.

Background Checks

There are still other uses of personal information you may not have considered, such as courts tracing parents who fail to meet child support obligations, or investigators conducting background checks for the purposes of compliance and anti-fraud initiatives, or law enforcement agencies apprehending criminals, or attorneys searching for missing heirs, or family members looking for lost relatives, to name just a few. These suggested uses provide significant benefits to society and are permitted—even, in some cases, required by various laws, such as background screening for childcare center employees and school bus drivers.

Our new series, Info Exposed, is meant to help you to facilitate your personal privacy in a very open online world. There is no one solution, no one vendor, that has all the answers. The best security practices start at home. Using our tips as a guide, you can begin to remove, obstruct, or obscure the open source information that leaves you and your family vulnerable online. The entire report, Information Exposed, is also available to download for free.

Are you an analyst or investigator looking for advanced OSINT training on risk assessment and risk monitoring? If so, check out Hg’s webinar series, where you can attend live sessions and receive CEUs or watch previously recorded sessions to beef up your investigative skills.



Are you concerned about your company’s or employees’ points of vulnerability through online and open sources? Our skilled analysts are experts at removing personal information that puts you, your business partners, and your family at risk. Learn how our team can assist you in assessing and monitoring your risks. 



Cynthia Hetherington, MLS, MSM, CFE, CII is the founder and president of Hetherington Group, a consulting, publishing, and training firm that leads in due diligence, corporate intelligence, and cyber investigations by keeping pace with the latest security threats and assessments. She has authored three books on how to conduct investigations, is the publisher of the newsletter, Data2know: Internet and Online Intelligence, and annually trains thousands of investigators, security professionals, attorneys, accountants, auditors, military intelligence professionals, and federal, state, and local agencies on best practices in the public and private sectors.