At a time when you can't buy a couple of batteries at the local Radio Shack without turning over your name and telephone number, when online companies like Amazon.com collect piles of data on buying habits, and when companies are selling that information to each other, it isn't surprising consumers are complaining more than ever about invasions of privacy. Sadly, Washington state -- like most other states in the country -- isn't doing much to address the problem.
Sure, in July, Washington's Attorney General Christine Gregoire set up a Consumer Privacy Workgroup charged with identifying problems and looking for possible legal solutions. But judging from the group's unproductive second meeting, held at the University of Washington campus last week, information traffickers like Wells Fargo don't have much to worry about. The 23-member panel is stacked with representatives from the Washington Banker's Association, the Direct Marketing Association, the Washington Retail Association, the Seattle Police Department, and our friends at Microsoft. The group claims to be responsive to consumer concerns, but judging by the number of business-friendly members -- and the fact that it isn't addressing basic issues like protecting medical records -- the task force may actually turn out to be a bulwark against the necessary government regulation of "data mining."
The attorney general's office thinks it makes perfect sense for industry players to direct the conversation. "It's all in the way you look at it," says attorney general spokesperson Janice Marich. Unfortunately, the way Marich looks at it begs the question. "The concerns aren't about practices that are against the law," she says. "If you willingly give your info away, it's not against the law for a business to sell that info." But what about abuses that result from data trading and the lack of laws regulating the practice? Marich didn't rule out the idea of a stronger government role, but she seemed content to leave things in the hands of the businesses. "The industry is concerned about this, too. They can institute 'best practices,' self-regulation."
Jan Gee, task force member and spokesperson for the Washington Retail Association and Washington Food Industry, says (not surprisingly) that heavy government regulation doesn't seem appropriate. "We don't have the significant problems that were first believed," she says. "The testimony we got says there's not this horrendous push for info-collecting by businesses. It appears that most businesses have good practices. It's more concerns about criminals stealing ID."
Tell that to the folks at last week's meeting:
· Charles Cooper reported that in 1981, he opened an account with a bank that he trusted, only to have all of his private financial data sold without his permission two buyouts later, as U.S. Bank sought to pay for its most recent merger. (The state of Minnesota sued U.S. Bank for disclosing customer information to third parties.)
· Margaret Natterstad, a woman who lives in Marysville, told the panel that she received numerous solicitations from a hospital radiation department and from a hospice foundation after she was diagnosed with breast cancer.
· Michael Norman, a former senior hospital executive, said the computerization of medical records will allow companies to obtain hospital files. "Believe me," he said, "There are lots and lots of people who want to get their grubby little mitts on your medical records. They want them so they can make money off of you."
Attorneys general from all over the country are meeting in New York this month to discuss cases like these and how to protect consumer privacy overall. Decisions made there could have a dramatic impact on how states like Washington deal with corporate abuse of personal data. The pressure is on to come up with a consumer-friendly plan. In 1995, the European Union -- which views privacy as a human right -- developed a set of standards and is demanding that countries they do business with follow suit. The standards include guaranteeing that individuals have access to all personal data collected about them, that personal data only be used for the purpose for which it was originally gathered, and that consumers can opt out of having personal information gathered at all. What a concept. European governments are also setting up bureaus to enforce their nations' privacy laws. The U.S., on the other hand, has taken the stance that businesses will regulate themselves.
Beth Givens, Director of the Privacy Rights Clearing House in San Diego, says, "In Europe, they have comprehensive data-protection laws. In the U.S., we have a smattering of laws, and private sector use of information like medical records is not comprehensively covered."