In Canada, unless you’re a bank or employer or someone else similarly mandated to report income, it’s more or less illegal to demand SIN (our version of SSN) information form individuals. Though everyone and their uncle will still try. Up until our federal privacy regulations kicked in, there were video stores, etc. that even “requested” it as part of a membership agreement.
Protecting your information is important, but having said that, I think that the agencies that charge a fee are convenient, but offer nothing that consumers can’t do on their own. The credit agencies (both in Canada and the US) were mandated to lower the barrier for consumer to access their information, and prohibited from charging for it. They get around this by creating services for online credit file access, or credit monitoring, but it’s nothing that you couldn’t do on your own. You can access your credit information, and you can have notes placed on your file requesting verification or notification of credit requests (ie. for a new credit card or some such thing). The paid services simplify the process, but they’re only doing what you can do yourself. In fact, they can’t do anything you can’t do yourself. Certainly there’s value there, but don’t assume that they’re offering a higher level of protection.
The best thing you can do is simply be cautious about how you transact your business. Try to use official bank ATM machines, instead of third-party kiosks, if you can, and always cover the keypad when entering your PIN (cameras are often used to capture PIN numbers). When you use your credit card, watch for people that are potentially “double-swiping”. Often times people that are stealing credit card info will have a hidden device that they run the card through, under the counter or some such thing. Take a look at the receipt they give you, and make sure that it doesn’t display anthing more than the last four digits of your credit card number; if it does, you’re dealing with a merchant that is not PCI compliant and is in violation of the terms for the credit card companies. You’re far more likely to be a victim of fraud against your existing cards, than you are to have fraudulent cards opened against you. The credit companies are becoming more diligent now, in their handing out of credit. An SSN and birthdate isn’t necessarily enough any more, although it can still cause grief in the wrong hands.
Crime is so strife nowadays for credit card/bank fraud (since it’s a “victimless” crime with lesser penalties), that the bad guys are getting organized and intelligent. It’s very much like browsing the web. Be vigilant of where you are conducting business, and keep an eye out for suspicious things.
My wife is actually a PCI consultant, and works with credit card merchants to help bring them to compliance with PCI requirements. I’ve heard nightmare stories about the way personal/credit info is handled by some merchants, even large, brand-name ones. So as I said, vigilance is your best defense, although ironically, she recently had her bank card defrauded herself, despite knowing the measures to take.
Just be smart about how you’re presenting your information (whether SSN/SIN, credit card, whatever), and beyond that, don’t lose sleep over it, because there’s only so much you can do.
Just my 2c…