How to fight privacy looters

From...

May 31, 2000
Web posted at: 10:34 a.m. EDT (1434 GMT)

by Andrew Brandt

(IDG) -- A new law that lets banks, insurers, and brokerage houses merge and share your personal data has frightening implications for consumers. Your insurance company can now find out that you use your credit card to buy lots of big boxes of chocolate and bottles of wine.

	MESSAGE BOARD
Internet society

Never mind that these gifts were for business clients. Suddenly, your health and car insurance premiums rise because the company's computers think you're more likely to drive drunk or have a heart attack from eating all that chocolate.

MORE COMPUTING INTELLIGENCE

IDG.net home page

PC World home page

Privacy 2000: In Web we trust?

Stealth surfing

Privacy advocates alarmed over radio 'sniffers'

Reviews & in-depth info at IDG.net

E-Business World

TechInformer

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletters

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

With the Gramm-Leach-Bliley Act, this type of nightmare can become reality. The law allows these three kinds of businesses to merge, sell one another's services, and make partnerships. As a result, a big chunk of our private lives -- credit card and ATM purchase histories, medical and other insurance records, and investment portfolios -- will soon be bought and sold like commodities. Our only protection will be the inadequate and torturous process called opting out.

Data shared is data lost

This opt-out provision lets you specifically forbid the companies from sharing or trading nearly all information about you. The authors of the Gramm-Leach-Bliley Act granted this right in a subsection. But opt-out provisions are a poor option for consumers.

Here's why: In the next few months, you may get a letter from your credit card company, insurance agent, or broker that looks like a piece of junk mail. If you're like most people, you'll toss out this invitation to opt out -- and with it will go your chance to prevent the sharing of your personal data.

Even if you read the notice, opting out won't be convenient. You'll have to write a letter, call a special phone number, or (in some cases) do both, or else these companies will be able to sell, buy, share, or trade fairly intimate details of your life with their business partners, their affiliates, and even to mysterious "third parties." And once the data is out there, you won't be able to get your privacy back.

American Express, which for years marketed itself as very protective of its customers' privacy, still collects and sells data. This year it changed the "corporate" card data collection policies to match the policies of its "personal" cards. The company says quite plainly in a letter sent to cardmembers that it plans to sell or share your name, address, phone number, purchase history, information from surveys, data from your credit report, and unspecified "noncredit information available from public sources" to its affiliates, licensees, subsidiaries, and outside bidders.

Oh, by the way, the letter added, you can tell Amex not to share your credit history if you write a letter to one office and phone (toll free) another with instructions not to sell your name to telemarketers. That was sure a big-hearted act.

The plunder of privacy

Be on the lookout for these kinds of letters, because the companies that send them won't make a big deal of their announcements. They expect you to chuck them into the trash with the coupons for carpet cleaning and roof repair, without giving these letters a second glance.

The obvious short-term solution is to stop these corporations from profiting by selling the details of your private life. Call the toll-free numbers set up by the companies and tell them you won't permit them to divulge any personal information, and ask for some sort of confirmation -- either a letter or a record of your call -- to be sure they enter it into their computers. If they give you only an address, don't hesitate to write them a letter stating the same thing.

But that doesn't go far enough. We need to tell our elected representatives that opt-out provisions are always unacceptable. What we need are opt-in provisions, which would require companies to get our explicit, written permission before they could market data about us. Then we could take them to task and ask them what they'd use the data for and who they'd sell it to. If the deal sounded good, we could agree to go along with it. If not, we could hang up the telephone, confident in the fact that the record of a pint of ice cream we buy will not make it into our health insurance bills as well.

OPINION: Biometrics are not an invasion of privacy
May 26, 2000
Senate Democrats to introduce bill mandating Web privacy standards
May 24, 2000
Privacy fears prompt study, delay
May 22, 2000
Net privacy law costs a bundle
May 16, 2000
Rewriting the fourth amendment
May 12, 2000
Online child privacy act proves problematic for sites
April 25, 2000
More cops on the Net beat? Privacy groups say not so fast
April 10, 2000
Take Net privacy into your own hands
April 9, 1999
Internet crime report irks privacy groups
March 13, 2000
KidSafe is no choice at all
February 2, 2000

Privacy advocates alarmed over radio 'sniffers'
(Computerworld)
Debate over privacy policies reaches fever pitch
(InfoWorld.com)
U.K. defends plan to snoop on Web surfers
(The Industry Standard)
Privacy 2000: In Web we trust?
(PC World Online)
W3C updates online-privacy proposal
(Computerworld)
The scoop on Hillary's spam spasm
(The Industry Standard)
Stealth surfing
(PC World Online)
U.S. Congress gets its teeth into cookies
(IDG.net)

Gramm-Leach-Bliley Act

Note: Pages will open in a new browser window

External sites are not endorsed by CNN Interactive.