Background Checks & Identity Theft (please read)

[dsteele 20]

Exactly how many companies ARE there that are capable of running millions of criminal background checks on a national level?

 

What choices did the BSA have?

 

Would you rather there were no criminal background checks done?

 

Unc.

 

[John-in-KC 311]

I'd rather each Council contract with an appropriate local or regional law enforcement agency (depending on the major community served by the Council).

 

YIS

[nldscout 18]

Who do you think a lot of local law enforcement is using to do background checks? Well if you guessed Choice Point, you guessed right. The only thing a local check will look at is criminal activity, where CP looks everywhere.

 

All the BSa is doing is asking CP for a check on this named person, living at this address, with this SSN. CP already has a file on you they are just pulling it up and looking at the info and forwarding it to BSA. Its not like the BSA is furnishing them any info they don't have already.

[packsaddle 753]

"Records show that Choicepoint's Chief Executive Officer and President bought and sold 458,600 company shares in eight biweekly transactions between Nov. 9 and Feb. 15. These transactions occurred after the company learned in October that criminals had duped Choicepoint into allowing them access to Choicepoint's massive database, but before the problem was disclosed to public investors."

 

I think Martha Stewart serves as a good example for what should happen to THESE guys.

 

 

[Lynda J 10]

Our Charter Org rep is a Criminal Investigator with the Police Dept. He runs background check on all leaders, Cub and Boy before they ever go to BSA. They also include a copy with registration when it goes to Council. Have picked up two new adults with DWI convictions. The CO talked it over and since these were over 10 years old they kept them in. Had one with a drug conviction and even though it was old would not let that person have a Den.

[NJCubScouter 1389]

Lynda, I have a couple of questions about the background check you describe, which is performed by your CR, who is a police investigator. You may or may not know the answers, but if I were you, I think I'd make it my business to find out.

 

First, is the CR gathering his information from "public record sources"? (The other option would be that he is using his "police connections" to obtain information that a member of the public could not obtain. This might be perfectly acceptable under certain circumstances (see the next question, for example), but I don't know if you have those circumstances.)

 

Second, IF the CR is obtaining non-public information to do these background checks, is he (or the troop in general) obtaining advance written authorization from the prospective leader before doing so?

 

The reason I ask these questions is that the current version of the BSA adult leader application has the following language on the front, in big capitalized red letters, in a box, as if to say "READ ME!":

 

BY SUBMITTING THIS APPLICATION YOU ARE AUTHORIZING A CRIMINAL BACKGROUND CHECK OF YOURSELF. THIS CHECK WILL BE MADE FROM PUBLIC RECORD SOURCES. YOU WILL HAVE AN OPPORTUNITY TO REVIEW AND CHALLENGE ANY ADVERSE INFORMATION DISCLOSED BY THE CHECK.

 

My point is, the BSA is taking great pains to inform people that they are authorizing a background check and exactly what kind of background check they are authorizing. I would be concerned that if a "police background check" goes "deeper" than a "public record" check, and finds information that (for example) has been "expunged" from the public record but is still sitting in a computer somewhere, the person doing the check, or using the results, could be asking for trouble.

 

Of course, if your CR is using only "public record sources," there shouldn't be any problem.

[KF5WT 10]

Like many of you, I was very concerned when I read that BSA was running their background checks through this Choice Point outfit which was hacked. So I contacted our local counsel office in Texas.

 

I was told that, yes, BSA and our local counsel run the criminal background checks through Choice Point. However, no BSA information was compromised. Here's why:

 

All BSA does is buy a report FROM Choice Point. They don't send any information TO Choice Point. And the only records Choice Point provides to BSA are those available through public sources, such as the courthouse. It's just that Choice Point has access to a vast array of criminal records, when a person walking into one courthouse would not have access to records other places.

 

That said, it all serves as a reminder that we should be very protective or our personal information, especially our SS numbers. Why BSA insists on these when a police officer can run a roadside (and nationwide) criminal background check with only a DL number, I don't know.

 

Just having these numbers in a computer file somehwere in counsel headquarters is itself a security concern. If a criminal were to hack into the computers inside our counsel office building, or steal a backup tape while pretending to be a member of the cleaning crew, we would all have major problems on our hands. Consider this:

 

Exactly what kind of people are BSA volunteers and leaders? We have jobs which pay us enough that we can pay our household living expenses, and can also have enough left over to buy expensive uniforms, larger vehicles for carrying people to activities and pulling trailers, and lots of gear. We can afford to take vacation time to travel to far away Scouting events, and pay for the expensive gas to get there. We have good jobs (income and bank accounts) and vehicles (probably financed) and we probably buy our stuff at the Scout store on our credit cards.

 

In short, if a crook were to get what's containted in counsel computers, literally missions of dollars could be stolen in a day. We are VERY prime targets, unlike the average person who buys a pair of shoes at the cheapie-shoe store, which was also hacked. We would only find out what happened when all at once our credit cards maxed out and our bank accounts emptied.

 

I believe BSA should abandon the practice of collecting SS numbers from volunteers. There is just too much opportunity for our finances to be harmed, even if BSA does nothing wrong with this information.

 

 

[rpushies 10]

KF5WT,

 

You wrote, "Just having these numbers in a computer file somewhere in counsel headquarters is itself a security concern. If a criminal were to hack into the computers inside our counsel office building, or steal a backup tape while pretending to be a member of the cleaning crew, we would all have major problems on our hands."

 

The data you are referring to, Social Security Numbers, etc, is not and should not be stored at the local council level. It is stored in ScoutNet database which is stored on the computers at the National BSA office in Irving, Texas. The data is input and accessed by the local councils through a Wide Area Network (a WAN - Not the World Wide Web.) that each council is required to be part of and pays good money to maintain the secure connection. If that wide area network connection went down (and it does on rare occasion) your council would be hard pressed to tell you what unit you are registered with or even if you are registered. That information is just not stored locally by the council.

 

So your concerns about the data being stolen at the local level are not realistic. As for the the stealing of back-up tapes, you will get very little (if any) personal information about volunteers. It will give you all the memos written by the office staff, grant proposals, and records of who is running events, etc but not their social security numbers, or other personal contact information.

 

So relax, the probability that someone is going to steal your personal information from the local council office is pretty minimal. I know this how this stuff is handled at the council level, because I used to be the network administrator for our council computer network. The personal data BSA collects about volunteers like you and me is a great deal more secure than you would lead people to believe by your post. It seems someone told national to "Be Prepared" when they put together their computer plans.

 

Yours Truly in Scouting,

Rick Pushies

[scoutldr 726]

The council in which I serve routinely asks for volunteer help to input registration records every year after the new member rush. I have no idea who these volunteers are or what their motivations may be for volunteering. I'm sure that 99.9% of them are people like me who are just interested in helping with no other evil intent...aren't they? I guess I am just more sensitive since I am a govt employee who has to take annual security training which includes the Privacy Act.

[FScouter 24]

Just a clarification. Choice Point was not "hacked". None of the security systems they had in place were breeched. There was no back-door break-in. Rather, the bad guys devised a plan to go in the front door. They set up a new company, established a normal business relationship with Choice Point, then purchased reports. It was then discovered this company had no legitimate purpose for buying reports, and that the company had been set up for the sole purpose of fraudulently obtaining Choice Point reports.