THE SPATE OF recently introduced privacy legislation may have a flag-waving, feel-good aura about it, but be alert. The direct marketing industry, experts warn, could fall victim if the proposals-covering medical records, financial data and the Internet-become law.
Separate pieces of legislation in the House and Senate seek to limit use and disclosure of so-called first-party information: Data held by financial institutions regarding its dealings with its customers. To this end, Rep. Jim Leach (R-IA) introduced H.R. 10, the Financial Services Act of 1999, while in the Senate Paul Sarbanes (D-MD) offered S.187, the Financial Information Privacy Act of 1999.
These bills are only the tip of the iceberg. In recent months, Rep. Gerald D. Kleczka (D-WI) presented legislation amending the Fair Credit Reporting Act to prohibit the sale or transfer of personal data, including Social Security numbers, without a person’s written permission.
On the same day, Sen. Conrad Burns (R-MT) proposed the Online Privacy Protection Act of 1999, ordering the Federal Trade Commission to develop regulations protecting personal information about children from being obtained or disseminated without parental permission.
The Personal Information Privacy Act of 1999, Kleczka explained when the amendment was introduced to the House, would prohibit businesses from selling, transferring or otherwise providing any information about their customers or their transactions for marketing purposes of any kind without written consent. But, it would allow businesses to make that data available to third parties “for a purpose other than marketing.”
In addition the bill would limit consumer-reporting agencies to including only a person’s name, address and publicly listed telephone numbers in their reports.
To cap it off, in April Vermont Senator Patrick J. Leahy (D), introduced sweeping privacy legislation that would protect computer network-stored personal information and extend existing video privacy protections to library users and book buyers.
His bill, the Electronic Rights of the 21st Century (S-854) would also extend cable television subscribers’ personal privacy protections to include customers of home satellite systems. The bill, which as of press time was under review by the Judiciary Committee, would also prohibit law enforcement authorities from monitoring individual cell phones and cell phone conference calls without court orders.
Leahy had also introduced S. 573, the Medical Information Privacy and Security Act, which includes among its stipulations providing individuals with the right to limit the use and disclosure of protected health information.
Robert Ellis Smith, publisher of the Privacy Journal, endorsed the bill, saying “Comprehensive legislation like this is needed and reasonable.”
Mentioning that the bill “extends the protections of video rental records to those of libraries and booksellers,” Smith deplored its failure to address the use of “video surveillance without sound” by law enforcement and others. “[I]t’s time for Congress to look into it since surveillance without sound is not covered by existing laws,” he said.
But Marty Abrams, vice president of information policy and privacy at Orange, CA-based Experian, said the trend in proposed legislation favoring restrictions has not been counterbalanced by a discussion of the benefits of free-flowing information.
Abrams points to three factors that increased the clamor for privacy legislation. The first is the Internet, which makes the use of information much more apparent to millions of consumers, who are, he says, both enthralled by the opportunities it creates while being made aware of harmful use of data.
Second, the same technologies used for authentication (of, for instance, order or customer verification) can be used to track behavior. “That conflict between security and privacy is creating tension.”
A third factor is the need to resolve differences between the European Union and the United States, heading off a trade war over privacy.
Part of the problem, says Abrams, is that the benefits of information use, such as risk assessment programs that lead to lower mortgage lending rates, are not as transparent to consumers, and that the debate so far has failed to highlight these benefits.
A benefit of information sharing is seen in how mortgage rates are set. Data used in evaluating risk in mortgage applications shaves 200 basis points-two percent-off rates for similar loans in Europe. Applied to this one sector alone, says Abrams, this keeps approximately $100 billion in the hands of consumers a year.
If privacy concerns eliminate the use of this information, and the jobs in knowledge-based companies that go with it, the results could be a slowing down of the U.S. economy. A lack of growth in information-linked jobs within Europe, says Abrams, has been linked to slowed development in Europe’s matching the U.S.’s shift in becoming a service economy.