The following is a commentary on Pankaj's piece on privacy. We thought that it would be informative to provide a legal perspective on the various laws meant to protect privacy in personal information.
Prohibitions on the use of personal information are largely dependent on whether the entity using the data is governmental or private. While there are many laws constraining the government's behavior, there are virtually none prohibiting a private actor from collecting and using personal information.
Personal information is largely "up for grabs" in the private sector. Marketers and other business entities have virtually free reign to collect and disseminate such data. There are no laws prohibiting the collection and use of personal information on-line for instance. Any information that an on-line service could collect may be compiled and sold indiscriminately. There are basically two laws which protect the publics' personal information from private entities (outside of the cable and telephone industry):
The Fair Credit Reporting Act of 1970-Limits the disclosure of "consumer reports" or "investigative consumer reports" to third parties by "consumer reporting agencies."
Video Privacy Act-Prevents "videotape service provider(s)" from disclosing personally identifiable information concerning individual's tape selection to third parties.
Some of the most sensitive and commercially useful information available to marketers is compiled for the use of consumer credit reports. Although the Fair Credit Reporting Act is very extensive and would seem to cover all instances of the "big three" credit bureaus selling personal information; reality couldn't be further from the truth.
The three large credit bureaus which collect credit and other information on consumers in the United States are Equifax, Trans Union and TRW. In the past, all three agencies sold consumer information culled from their vast databases to marketers engaged in direct mail campaigns. Pankaj mentions the public's reaction to the Equifax/Lotus fiasco and it does appear that Equifax no longer sells credit information to marketers. TRW sells lists of consumers to companies offering "pre-approved" credit lines. This practice is allowed under the Act due to the perceived benefit to consumers in receiving these offers.
The real player in this industry is Trans Union. Trans Union actually sells consumer lists segregated by financial and other behavioral information directly to marketers. This seemed hard to believe at first as it is directly contradictory to the letter of the Fair Credit Reporting Act. Having done some research I have uncovered the reason why Trans Union can engage in this behavior: litigation. Trans Union has hired some of the best legal talent available to battle the government over the Fair Credit Reporting Act and its application to their business practices. While there is no question that the Act proscribes the sort of business they are engaged in, they will be able to continue until the government gets their case right and prevents these practices. In the mean time, it is business as usual and your credit information is basically up for grabs.
The public has always had a distrust of domestic government snooping and the multitude of laws regarding privacy reflect this distrust. The following are a number of laws protecting citizens from government snooping and a brief description of the areas of information covered.
Freedom of Information Act of 1966-Promotes open government by disclosing information relating to the workings of government.
Privacy Act of 1974-Amends the Freedom of Information Act to: 1) give individuals the right to request access to records about him/her, 2) prevent agency disclosure of personal information to third parties without subject's consent.
Computer Matching and Privacy Protection Act of 1988-Amends Privacy Act to limit the collection of information from individuals. Provides guidelines for matching data about the same individual between agencies.
Privacy Protection Act of 1980-Establishes procedures allowing police to obtain information from newspapers.
Right to Financial Privacy Act of 1978-Regulates manner that government gains access to bank records about individuals.
Family Educational Rights and Privacy Act of 1974-Amends the Privacy Act and limits disclosure of student records to third parties.