FTC Wages High-Stakes Privacy Gamble

Article excerpt

In agreeing to let private information brokers and credit reporting companies be governed by voluntary privacy protection guidelines, the Federal Trade Commission is betting that companies that maintain vast computerized dossiers on people and businesses can police themselves in the face of ever more powerful information technologies.

Many civil libertarians insist the FTC's bet is a high-stakes gamble with the privacy rights of all Americans.

The agreement sets in motion the first meaningful trial of the Clinton administration's privacy policy, the stated goal of which is to protect individual privacy in the Internet age without resorting to new laws and regulations. The agreement clearly defines the two camps -- corporate America and privacy rights groups -- that are struggling for ascendancy in a networked world in which corporations increasingly rely on consumer data bases for myriad aspects of their business. The data companies are in effect saying that they can be trusted to act responsibly and to police their own ranks. Known variously as "individual reference services" or "look-up services," businesses like Lexis-Nexis, Equifax and Information America gather and sell many types of very private data, including credit and financial histories and medical records. Such information is widely used by banks, mortgage companies, insurance companies, law enforcement officials, direct marketers and others. While the new guidelines will permit consumers to "opt out" of these commercial databases in some cases, they do not offer individuals any new access to information about themselves held in the computers of look-up services. The agreement does not offer average people an easy way to check what personal information about them is being sold or to find out who is getting it, nor are people given a means to contest its accuracy. Privacy groups argue that the new guidelines are insufficient, especially because they offer no remedies for people who believe they have been harmed by the dissemination of information in commercial data bases. The guidelines are the data industry's response to the public outcry that erupted last year after it became known that a major data provider, Lexis-Nexis, was making Social Security information available to the general public via the Internet. Under the new guidelines, data companies will hide certain kinds of information from the public while continuing to make the information available to qualified customers, including law enforcement agencies and private investigators. "There will be no Social Security information or birth dates available over the Internet," said Tim Davies, chief operating officer of National Information Services at Lexis-Nexis, a division of Reed Elsevier. Davies acknowledged that the agreement also clearly defines the difference between the U.S. government and European governments with regard to privacy protection. The Clinton administration is now in the midst of a debate with the European Union over a strict new privacy directive scheduled to go into effect next year across Europe. Europe is set to enforce a strict Data Protection Directive that would cut off the flow of commercial data to nations whose privacy protections are deemed inadequate. …