No, it doesn’t rhyme, and you can’t dance to it, but it’s what the smart shopper should be adding to his list for the jolly old elf.

In case you missed them, several federal agencies, including the Federal Trade Commission (FTC) and Federal Bureau of Investigation (FBI), publish safety advisories this time of year to help folks not get scammed or predated upon by cyberspace criminals. For purposes of this reminder, let’s analogize them to the ‘hide, lock, take’ signs you see at all shopping mall parking lots in America.


  • Buy online only from reputable sites that you have shopped with in the past. Beware of gift card offers or “too good to be true” pricing on sought-after gifts, especially from unknown sites.
  • Don’t respond to ‘click here’ offers from merchants. Don’t respond to ads on social media sites. Don’t respond to surveys online or on social media asking for personal information. Don’t download apps or attachments from links in emails. Just don’t do it.
  • If you’re one of those people who can’t resist posting pictures of everything you do, don’t post pictures of concert or sports tickets, because criminals will use the bar codes to create fake tickets and take your seat.
  • If you get a phone call, text or email from someone purporting to be the fraud control agents of your bank or credit card company, don’t respond. Instead, call the number on the back of your card or on your bank statement and ask if there has been any unusual activity.


  • Use different passwords for different online shopping sites.
  • Encrypt your computer.
  • Use antivirus and other defensive software, and keep updates current.
  • Don’t use truthful information in those “security questions” that you are asked to backstop your identity online. If I
    can get your mother’s maiden name, the street where you grew up, your first car, your high school mascot, and your best friend from your social media posts, so can the bad guys.
  • Don’t give out your social security number unless it’s absolutely necessary. HINT: in most cases, it’s not absolutely necessary. And especially be wary of a person asking for your SSN AND your date of birth, as this is an invitation for financial identity theft.
  • “Freeze” your credit report with the three main agencies (Equifax, Experian and TransUnion) so you control when to apply for new credit.


  • If you’re one who upgrades to the newest phone each year, be sure to scrub all data from those phones and remove any portable storage devices that live in them.
  • Ditto for new computers. Once you transfer the data to the new box, destroy the data on the old box with a Department of Defense quality wiping/overwriting program. Or, simply take out  the drive and break it into tiny bits with a hammer.
  • Make sure you maintain control of your credit cards and driver’s license.
  • Limit what you carry when you shop. Leave all cards that aren’t for shopping at home, because their loss or theft could compromise your identity.
  • If possible, shop online with only one card. It will make looking for and finding fraud easier. Use the same strategy for physical shopping as well. This may mean you lose some sales or point accumulation possibilities, but those aren’t worth the hassle of recovering from theft or impersonation. Or just get that gold card — you know, the one that advertises for extra points or extra cash; yeah, THAT one.
  • Have the merchant email you a receipt instead of taking a physical receipt, if possible.

And let’s not forget to practice physical security and situational awareness while we are all out and about:

  • Park in well-lit spaces.
  • Don’t leave valuables visible in your car.
  • Ask for a security escort to your car if you’re uneasy.
  • And, even though the Boy Scout in me rebels at this notion, decline help from well-meaning people to load your car or hold your keys/purse/children while you fumble around. Get store staff or mall security to do this for you. Or, better yet, shop with other adult friends and family members who can help do this.

Finally, with all of the online shopping and delivery happening this time of year, remember:

  • If someone isn’t going to be home to receive a delivery, have the packages delivered to another physical location. Both FedEx and UPS allow for delivery to one of their storefronts at no additional charge in most cases.
  • Shred return labels and shipping documents you won’t use later. This prevents criminals from knowing where you shop and sending you a spoofed email from that merchant (which you should NOT click on). You should already have a shredder for those credit card offers, convenience checks, prescription documents that come with your pharmacy refills, and other sensitive papers. If not, tell Santa you need one.
  • Break down shipping boxes and make sure they fit in the trash can. Piling lots of boxes at the curb is a ‘welcome mat’ for the home break-in teams that cruise about.

Data privacy is spotlighted during our frenzy of holiday shopping, but you need this to be a year-round way of life. Otherwise, your financial and personal data will be a gift that keeps on giving to the cybercriminal community even after you’ve taken down the tree and blown your New Year’s resolution to start exercising more.  Maybe if you had an app that Bluetooths to your scale so you can track your weight on your phone, and then send that personal data to a website that analyzes your BMI and diet. Oh, wait, that’s another blog.

Merry Christmas!

Barry S. Herrin, JD, FAHIMA, FACHE, is the founder of Herrin Health Law, P.C., in Atlanta, Ga. Herrin offers more than 30 years of experience practicing law in the areas of healthcare and hospital law and policy, privacy law and health information management, among other healthcare-specific practice areas. He is a Fellow of the American College of Healthcare Executives and a Fellow of the American Health Information Management Association. He also holds a Certificate in Cyber Security from the Georgia Institute of Technology. Reach him at 404-459-2526 or