One for American friends

There are other sites where information this like can be obtained for free. Nothing special or all that alarming here.

 

IMO your best defense against folks getting information about you is to be so boring that it is pointless.

 

There are privacy laws, sort of, on a corporate level (what they can do with personal information), but not on a personal / individual rights level. This is why the FBI vs. Apple thing happened on that iPhone owned by the terrorist. Privacy laws are non-existent / weak in the US compared to EU.

On the other hand, it can be argued that once something is codified, it might offer governments (or corporations) a legal avenue to get to private personal information. US citizens tend to distrust government more than people from from other countries.

 

Federal US law: GLB Act 1999, another one ECPA before that in 1986.
California: CalECPA SB 178, 2016 and SB1 CFIPA 2004.

What GLB did was legalize ways which financial institutions could use personally identifiable information. It was automatic opt-in for information sharing, not default opt-out. It was pretty weak in terms of individual protection. SB1 in California made it automatic opt-out - because many Californians realized GLB was bullshit. SB1 and GLB pertainly mostly to financial industries (they companies who tend to have most personally identifiable information).

SB178 was a step forward and codifies what California must do (get a warrant) to get their hands on your encrypted porn and music collection.

Companies in USA can do all sorts of background checks before you get hired for a job, drug testing, credit, criminal, etc. Even if it's for a low security job, a company has a right to ask a potential employee to submit to such screenings. In the EU / UK / AUS, these things are generally not allowed, unless the employee will work in a high security environment (airplane avionics and wiring harnesses, data centers that house French corporate / government / military data, etc.)

 

There will be no such thing as privacy as long as credit ratings agencies exist. The very notion of a credit ratings agency is an anathema to privacy. Anybody who knows how can get personal information down to your bank account numbers. There is no such thing as Internet anonymity, unless you are super careful 100% of the time. Being super careful 98% of the time doesn't cut it.

In terms of protecting specific instances of your personal information, this is also impossible. Too much data in too many databases operated by too many entities around the world. It only takes one thing to break (malware infecting Home Depot Windows based POS, Target POS machine malware, spear phishing attacks on gov't e-mail, introducing malware in network, etc.)

Just assume that nothing about you is private. Just easier that way.

 

What's at question is the potential value of the data. Phishing schemes work because although the potential ensnaring any one person is virtually nill, the potential for catching a small percentage of a large pool of people is quite good. Scale this to authentication for financial institutions and databases of cracked unencrypted personal info and still you have a favorable probability of gaining access to, for instance, a credit card account.

If we move on to small-scale fraud, like extortion or revenge, then the potential value of a single person's data rises exponentially as they are likely to be alone in the set of primary targets. Should you have the misfortune of finding yourself on the receiving end of such criminal behavior, then neither Google scrubbing nor the complexity of your passwords would guarantee your safety. Even if you don't have an online presence, chances are that relatives or people you know participate in some form of online social networking, which leaves you vulnerable to social engineering.

Now you can choose to be paranoid at all the potential realities, or pragmatic about dealing with your actual reality. It makes sense to choose a secure password in any online transaction and to ignore anything even remotely resembling spam in your emails, since you'll always be stuck with the very low but significant value as one of a vast pool of marks. It makes less sense to contact every online database and perform convoluted rituals to get your info removed. You will waste your own time and you'll only confirm your information to scammers.

All of these sorts of paranoid information security memes are more effective at grabbing attention and contributing to low-level anxiety than performing any form of social service. Better not to feed the trolls.