Many U.S. Adults Claim to Have Been Notified that Personal Information Has Been Improperly Disclosed

An estimated 49 million adults in the U.S. indicate that they have been told that their personal information had been lost, stolen or improperly disclosed over the past three years. Most of this notification has come from government agencies and financial institutions. While many of these people do not believe anything has happened to them as a result of the lost information, a small but significant number do think that something may have happened.

The Poll was conducted online by Harris Interactive between October 4 and 10, 2006 among a national sample of 2,010 U.S. adults aged 18 or over. This survey was designed in collaboration with Dr. Alan F. Westin, Professor of Public Law and Government Emeritus, Columbia University, and noted authority on privacy issues.

Specifically the survey found that:

• Just over one in five (22 percent) U.S. adults claim that in the past three years a business, government agency or other organization notified them that the organization had lost, had stolen or otherwise improperly disclosed their personal information. This translates into approximately 49 million adults.
• Among those adults who say that they have been notified, most indicate that the notification was made by a government agency (48 percent), a financial company (29 percent) or a commercial company (12 percent). Other organizations that have made notifications include educational institutions (6 percent) and health care facilities (5 percent).

Furthermore, eight in 10 (81 percent) adults who have been notified about lost or stolen personal information perceive that nothing harmful happened to them as a result. However, a significant 19 percent -- representing abut 9.3 million persons -- do believe that something harmful happened to them. Among this group who indicate that something happened to them, the following occurred:

• Merchandise was charged in their name (43 percent)
• Some kind of fraud was committed that cost them some money (35 percent)
• Money was taken from their bank account (18 percent)
• A credit card was taken out in their name (11 percent)
• Someone posed to get government benefit or service (8 percent)

.When analyzing the results by the types of organizations that have notified adults about lost or stolen personal information, there are interesting differences. For those notified by either financial institutions or government agencies, most adults (by 81 percent to 19 percent for financial institutions and 86 percent to 14 percent for government agencies) think that nothing happened to them. However, for those notified by other commercial companies such as a retail company, a telephone company or a company used on the Internet, the percentage of U.S. adults who feel that something happened to them is considerably higher (38 percent). One should be cautious in interpreting these results as the percentage of those who think they were notified by other commercial companies is small (12 percent).

"We know from detailed studies of ID theft that many of these harms are caused by actions of friends and family of the victims, stolen wallets or purses, pilfering identifying information from mailboxes or trash containers, and from insider theft of personal data by employees of organizations," Dr. Alan Westin commented about the findings. "However, our survey shows that almost 10 million persons out of the almost 50 million persons notified of a data breach over the past three years believe that direct harm to them resulted from the breach. This documents the importance of business, government, and other types of organizations applying stronger data security measures when handling personal information -- if they are to retain the trust of their customers, members, or citizens."