About privacy and data protection (I)

Privacy m-sec.net

Today I’m going to start a topic about privacy. Even though I’ll write about some experiences I had in Romania, I’m pretty sure this can be applied to other countries too. The main subject will be about how hard is to find someone’s Numerical Personal Code (how it’s called in Romania) or Social Security Number in US.

A few months ago I was googleing a friend’s name in order to find his email address. While searching I got to a website which showed his address and telephone number. I was pretty surprised to see that and since the website had a search engine, I started to look for different persons – for some I got results. This was looking more and more interesting. I notice that there was also possible to create a test account with some free credits and with more search results. After waiting a day or so I finally got my account. Now the information I could find was astonishing. Not only I got the address and the phone, but also the Numerical Personal Code, what bank loans did they have (if any), how much they got ad so on.


As you can see all the information is there. For privacy reasons I have hidden the data. But from where such a website could get all that information? Is there someone freely submitting the information? The response came quickly:


I was WOW-ed. So our own government is publishing all these information to the public? What about data protection? What about privacy? It was kind of hard to believe, but after searching some published papers by the Romanian’s Official Journal I convinced myself of the reality.


After accessing the official published paper I could also find: address, the date when the ID card was issued, the issuer name, ID number, Numerical Personal Code. If this is published freely by the government, then what else could I ask to a private company? Luckily, I knew that there is also an agency which is taking care of such issues – ANSPDCP (hard to translate :) ). However, how could I contact the agency (which is controlled by the government) and ask them to remove such information?

All that Vrajitorul website does is to get this information and structure it in a way that you can easily find. BUT there is hope. In case your personal identification info is somewhere on a website, you can contact the owner of the website and kindly ask to remove all this information as they are breaking the personal data protection law and in case they will not do so, you will contact the ANSPDCP agency. My friend did this and all the data that the website had about him was removed the next day. I strongly suggest you to do the same.

Comments? Next time I’ll write about some private companies (including a bank) which have problems in protecting sensitive information about their customers.


You can leave a response, or trackback from your own site.

3 Responses to “About privacy and data protection (I)”

  1. Valentin says:

    Just discovered your blog. Great job! Subscribed to RSS.
    Keep up the good work!

  2. I feel like I’m constantly looking for interesting things to read about a variety of subjects, but I manage to include your blog among my reads every day because you have compelling entries that I look forward to. Here’s hoping there’s a lot more amazing material coming!

Leave a Reply

Powered by WordPress