In the Spotlight

News & Features

The Information TradeOn-Air Programs

Give Consumers Control Over Data
by Congressman Bruce Vento

THE RIGHT TO PRIVACY is an issue that affects our daily lives. But privacy, like many things, is something you don't appreciate until it's gone - often without your knowledge.

Take the example of an Ohio grandmother, Beverly Dennis, who was robbed of her privacy and peace of mind. Dennis made the mistake of filling out a customer survey so she'd be eligible to receive coupons in the mail for her favorite products. What she didn't know was that the direct-mail giant conducting the survey negotiated a deal for prison-labor data entry through the Texas Department of Criminal Justice.

Dennis' survey landed in the hands of a convicted rapist and burglar. Armed with all of her personal information - including her home address - he wrote her sexually explicit letters threatening to visit her following his release.

With the rise of technology and the widespread use of the Internet, the threat to personal privacy has become even more grave. Databases have become increasingly less expensive and time consuming to compile and maintain, making consumer data a valuable commodity. Currently, there are no federal regulations or standards protecting personal information in the online world.

During testimony last year before Congress, the chairman of the Federal Trade Commission used the example of a medical clinic's online doctor-referral service to illustrate the type of information being collected over the Internet. The clinic's referral service asks consumers to submit their name, home and e-mail addresses and insurance company, describe their medical problems and indicate whether they want to receive information on a number of topics such as hypertension, prostate cancer, incontinence, high cholesterol and diabetes. The online application for the clinic's health education membership goes even further, asking consumers to submit their marital status, gender and the date and location of their last hospitalization.

With no statutes on the books protecting consumer privacy, this information could be sold to an insurance company who could deny coverage due to a pre-existing condition or because its may not want to risk insuring someone whose spouse has a serious illness and could have costly medical bills in the future. Or, if this information were sold to an employment agency, unsuspecting people could be denied jobs merely because they searched online for information about cancer to help their children with their homework.

Although there is not any sort of universal definition or agreement as to what exactly constitutes privacy in the online world, there is every indication that this fundamental right is eroding and at risk. While several federal laws regulate access to certain types of information, there is no comprehensive regulation on the use of information garnered from the Internet, which often includes a user's name, address, Internet address, phone number, Social Security number and financial information, such as bank account or credit card numbers.

Additionally, many browsers contain "cookies," or small files stored on an individual's computer that retrieve and collect extensive information about the user's preferences determined by which Web sites the user visits. Just as someone can trace the origin of a phone call, marketers or companies can use "cookies" to track information about a user's Internet activities. Astoundingly, this is often done without the user's consent or awareness.

Some in Congress and the FTC feel that the industry should have the opportunity to regulate itself and put its own privacy policies in place. Despite the threat of legislation if businesses failed to act, the FTC released a report last year that found that Web sites, by and large, were collecting information without notice or consent.

In a more recent survey conducted by Georgetown University, data showed some progress in the self-regulation arena. Over half of the Web sites tested which collect information from consumers did provide at least some information about the type and use of data collected. Still, a maze of different posted policies does not ensure that these policies are good ones, that they are followed or that they will not change or disappear tomorrow.

In fact, just last year the FTC charged an Internet company for releasing personal details about its customers to advertisers, in violation of the company's own privacy policy stated on its Web site. This is a clear example of how even in a best-case scenario where a company took the initiative to create a privacy policy, it failed to follow it.

In too many cases of "self-regulation," users are left to search for poorly located privacy notices, read the fine print and try to decipher complex legal jargon to find out what protections are afforded. In addition, the vast majority of sites tested still did not address factors such as how to view and correct data profiles or how to discontinue unwanted uses of personal information. It is unrealistic and unfair to assume that each user of the Internet has the time or expertise to navigate such a complicated labyrinth of self-imposed policies without solid, uniform standards.

It is time to stop talking about the importance of privacy and start taking action to ensure that Internet consumer protections are on firm ground. I have introduced the Internet Consumer Information Protection Act (H.R. 2882), which would empower consumers to regain control over the use of their own personal data. Users have a right to know what information is being collected about them, how that information is being used and most importantly, who has access to that information.

This legislation is based on the privacy principles included in the House-passed Financial Services Modernization Act (H.R. 10), which I helped develop. These essential financial privacy provisions were adopted by a House vote of 427-1.

Entities that gather information about customers should not be allowed to share or sell it to unrelated businesses without consumer knowledge and consent. The Vento legislation requires that Web sites include a clear and conspicuously placed explanation to the customer that his or her information may be passed along to an unrelated business. It also gives consumers the opportunity - before their information is disclosed - to direct that their personal information not be shared with third parties, with a clear explanation of how to exercise this non-disclosure option. H.R. 2882 ensures that at an individual's request, a copy of their personal information maintained by a service be provided free of charge with the opportunity to verify and correct any errors.

The aim of the Internet Consumer Information Protection Act is not to limit the convenience and promise of the Internet for consumers, nor is it to stop the flow of commerce on the Web. This bill ensures that Internet providers take responsibility for maintaining the integrity of the information being used, not just for the benefit of consumers, but businesses as well.

Research has shown that customers are more willing to give information over the Internet to companies if they know exactly how this data will be used and safeguarded. While some would prefer a more drastic approach that could hamstring e-commerce through an almost absolute prohibition of information sharing, my bill is a modest, yet important, first step. This legislation creates a strong privacy framework that future Congresses could continue to reinforce.

Privacy is a cherished freedom that unchecked technology must not be allowed to compromise, circumvent or exploit. As the Information Age clicks on at the speed of light, it is important that Congress take a common-sense approach to ensure that consumers as well as businesses are able to utilize technology to its fullest potential without infringing on the basic right to privacy.

Rep. Bruce F. Vento (D-Minn.) is a member of the Banking and Financial Services Committee.