Privacy advocates have told the Federal Trade Commission that regulators must not relax efforts to write new rules to safeguard information privacy - promises of self-regulation from eight of the consumer-data industry's biggest players notwithstanding.
At the opening of a long-awaited four-day Washington workshop on privacy issues, skeptics told the commission that, with thousands of database companies gathering personal information, government action is a necessity.
"I don't think that self-regulation is a good idea," Beth Givens, project director of the Privacy Rights Clearinghouse, told FTC commissioners at the hearing Tuesday, although she said she had not read the guidelines. The ethical dilemmas that arise from the gathering of personal information by companies looking to make a buck must be addressed by the government, she said. For instance, should someone who shoplifted at age 19 be given a job at a department store at age 29? And should a potential employer have access to that information?
"With these cradle-to-grave databases with no timeline on them, we are becoming a society of no forgiveness," Givens told the commissioners, who will make recommendations to Congress on regulating computer databases and other consumer privacy issues.
"I think what is new here is the degree to which highly personal information can be accessed by virtually anyone and can be married with transactional data," commissioner Christine Varney said. "But where is the personal consumer responsibility, the business responsibility, the government responsibility?"
Computer database companies, or look-up services, include such bigfeet as Lexis-Nexis, with 324 million records in its P-TRAK service to what one industry leader calls the "bad actors' group" such as stalkers.com. Personal information is gleaned from sources ranging from credit-card transactions to casino visits to Department of Motor Vehicles records. Although these services can be useful in locating deadbeat dads and lost family members, they can also be the definition of invasion of privacy.
"Americans don't know that when they fill out a warranty card, they are plugging into junk-mail heaven," said Evan Hendricks, editor and publisher of Privacy Times.
Marc Rotenberg, director of the Electronic Privacy Information Center, agreed. "We are selling information today that 10 years ago would not be bought or sold. We are selling information about our children that 10 years ago would not be bought or sold. What has changed is that the law has not kept up with these technologies."
And, while industry leaders say they are committed to a policy of "openness," individuals do not have free access to information that has been compiled on them. However, Robert Glass, vice president of national information services at Lexis-Nexis, told the commissioners that his company is "committed to making that happen."
Voluntary industry guidelines, announced just before the workshop got underway Tuesday, include a ban on compiling information gathered solely for marketing purposes. The services say they will rely solely on public records such as court documents and publicly available information like that found in the telephone books. They also pledge to require parental consent for releasing information on children under age 18 and to withhold sensitive personal information such as Social Security numbers, health records, and exact dates of birth.
Companies that have agreed to the guidelines are Lexis-Nexis, ChoicePoint, Database Technologies, Experian, First Data InfoSource/Donnelly Marketing, IRSC Inc., Metromail, and Information America.
But the guidelines do not signal a united front in the industry. Equifax is one major service that has not signed on.
John Ford, the company's vice president for external affairs, commented bluntly: "We have to remember that it is not your information, it is information about you."
