Caught you!

After looking over the two privacy policies myself, I had to agree that Mr. Catchings was justified in his concerns about what they might really mean. The hidden policy for the free-credit-report sites raised several other issues as well. It revealed that a customer’s credit history was itself part of the information that could be shared by the free-credit-report Web sites and all their partners. Did that mean that PrivacyGuard would be targeting customers for their advertisers based on their credit worthiness? PrivacyGuard's policy also spelled out its right to keep using the personal data of ex-customers -- a category under which Mr. Catchings presumably now fell, although he had not ordered a free credit report. And what exactly was the relationship between PrivacyGuard and the free-credit-report Web sites? Do they all share one giant database of customer information, and does every e-mail communications management firm and call center in the country have access to it?

In a quest to answer some of these questions, I contacted officials for PrivacyGuard’s parent company, Trilegiant in Norwalk, Conn. I asked that the company clarify more specifically how its customers' information would be used, and a representative promised to get back to me. When I checked back during subsequent weeks, I was told that answers would be forthcoming soon. They just had to check a few things with the lawyers.

After a month had passed with no answers, I noticed that some changes had been made to the privacy policies in question. The relatively innocuous online privacy policy on the PrivacyGuard Web site now has a second-level "Use of Financial Information" privacy policy that can be accessed without registering a username. This new section does, at least, reveal that credit history is part of the information that it can collect and share with affiliates. Without registering a username of my own -- which I’m not going to do -- I can’t check to see if the nearly invisible link Mr. Catchings found for the second privacy policy is still there pointing to the same document. However, I did find that the privacy policy used by the other free-credit-report Web sites has been somewhat rewritten from what it said a month ago, although it doesn’t appear to have changed much in substance. It no longer mentions call centers, for example, but that doesn’t necessarily mean call centers aren’t still among the partners and affiliates that are going to have access to Mr. Catchings’ mother’s maiden name.

So I guess I found my answers. But I'm disappointed that I never got the chance to speak with PrivacyGuard official spokesman Frank W. Abagnale, the “former con man turned crime-fighting consultant,” as the company's press releases identify him, whose autobiography Catch Me If You Can served as the basis for the recent movie of the same name. As a man who knows a good scam when he sees one, it would have been interesting to hear his assessment of free-credit-report privacy policies such as these.

In the absence of his advice, I’ll give you mine. If you care about preserving your personal information, be very careful when anyone on the Internet offers you something for free. They’ll catch you if they can.