Unless you have been exceptionally careful, your personal information is everywhere, and it's not difficult to find. A name, address, Social Security number and birth date are enough for almost anyone to open bogus credit accounts or access existing accounts. Throw in your mother's maiden name and all bets are off.
How do crooks get this data? They steal wallets and purses. They bribe dishonest clerks who handle mortgages, employment applications and personnel files, or have access to credit bureau reports. They search through unlocked mailboxes or Dumpsters for financial histories, school transcripts, mutual fund or health care statements — anything that might contain Social Security numbers and other keys to your identity.
The lax handling of personal data has led to an alarming rise in cases of identity fraud, in which a thief attaches himself to someone's credit history and rides the wave. Hundreds of thousands of people are victims each year. The Social Security Administration received nearly three times as many complaints in 1999 about misused Social Security numbers as it had two years earlier. The good news, says J.J. Luna, author of How to Be Invisible, is that taking a few basic steps will give you more privacy than 98 percent of the general population. You can't retrieve all the information floating around about you, especially once it goes global on the Internet. But here are a few ways to close some of these doors:

(1) Contact each of the big three credit reporting bureaus — Experian (888-397-3742), Trans Union (800-888-4213) and Equifax (800-685-1111) — and request a copy of your credit report (you also can order them online, including a report that contains information from all three bureaus). In most states, each report costs about $8; under certain circumstances, you can obtain them at no charge. You'll receive the same information that can be purchased by landlords, retailers, auto dealers and lenders. Once you have all three reports (which will be similar but probably not identical), correct any errors and close accounts you no longer use. Order at least one of your reports each year.

(2) Phone 888-5OPT-OUT and tell the bureaus to stop selling your credit header information (name, address, Social Security number, date of birth) to credit card marketers. Destroy any "preapproved" offers you receive to frustrate Dumpster divers.

(3) People who can live without instant credit approval have been known to tell each bureau to place a "fraud alert" on their files. This means that no new accounts can be opened unless the grantor contacts you by telephone. State and federal laws dictate that anyone who wants to see another person's credit report must demonstrate a "legitimate business need." The system lacks effective oversight, however, which is one reason your credit information can be purchased online via investigators or "find anyone" services for as little as $20.

(4) Banks, brokerages and employers are required by law to have your Social Security number on file, as is anyone who pays you and reports that fact to the IRS (employers are required to submit your personal information, including the number, to be placed in the National Directory of New Hires — one more reason to be self-employed). When you are filling out a government form, look for the Privacy Act notice, which will explain whether providing your number is voluntary. There's no law that prevents private firms such as a cable company or health insurer from asking for your SSN, or refusing you service if you don't provide it. If you're certain the law doesn't require you to provide your number, ask if you can provide an alternate. If that fails, some people use 078-05-1120 (a discontinued number that appeared on sample cards inserted in new wallets during the Fifties). Others change the middle two digits of their number to 00 or provide a number that starts with 987-6 and ends with four digits between 4320 and 4329, which are numbers used in advertisements. Don't make up a number; it may belong to someone you'd rather not be mixed up with.

(5) They want your mother's maiden name as a security code? Invent one (be consistent, since you'll need to remember it for access). Your birth date? Write "legal age," or use a date that's easy to remember, such as a national holiday (and take a few years off while you're at it). An interloper trying to access your information may have the right information, taken from your birth certificate, a credit report or even a family tree posted on the web, but it won't match.

(6) Minimize the contents of your wallet (it's good for your spine, too), and never carry anything that lists your Social Security number. Check your driver's license; about a dozen states routinely place the SSN there, though all allow you to change it to a generic number.

(7) Make it a habit to consider your options each time you are asked to provide information. Afraid you'll look like an asshole? They're assholes for asking. Do all these people really need your home phone number? Avoid writing checks (they provide strangers with too much information). Ask your bank, brokerage, utilities and credit card companies to add a password to your accounts. Identity thieves and private investigators can often get information over the phone by playing dumb or using official-sounding words such as "licensed" and "investigation." Do what you can to ensure that clerks think twice before reading from your file to anyone.

(8) Ask your Internet service provider about increasing the security on your home computer, especially if you use a digital subscriber line or cable modem. Establish free e-mail accounts at sites such as yahoo.com and then use those addresses when you're presented with an online form. Let those mailboxes fill up with junk. Visit Junkbusters to obtain more information about cookies and other technologies that collect data about you online.

(9) Choose passwords and access codes wisely. Your personal identification number should not be the last four digits of your SS number, or your phone number or address. Create passwords that contain both numerals and letters. Don't use the same password or PIN for every account you have.

(10) Avoid filling out marketing surveys (including those disguised as warranty cards) or entering sweepstakes. You aren't going to win. Get help from Junkbusters or, for what it's worth, write the Direct Marketing Association (P.O. Box 9008, Farmingdale, New York 11735) and ask that your name be removed from its members' lists (you must re-submit your request every five years). Contact the Telephone Preference Service (P.O. Box 9014, Farmingdale, New York 11735), also operated by the DMA, and tell any marketer who calls to take you off its list. Federal law requires them to comply.

You'll find more guidance at privacyrights.org and consumer.gov/idtheft, and in books such as How to Be Invisible. If you've been a victim of identity fraud, contact the FTC at 877-IDTHEFT.