View
216
Download
0
Embed Size (px)
Citation preview
Historically, have consumers been concerned about their privacy?
millions of consumers choose to have their phones listed in their last name only (to avoid revealing their gender)
tens of millions more (30% of households!) choose to have an unlisted phone number
others use private mailbox services to avoid revealing where they live
Today we live in an "information economy"
can check credit card and bank balances on the phone or by computer
can pay bills over the phone or by computer
can order gifts or clothes or airplane tickets online
can borrow $20,000 from a complete stranger and drive home a new car
Convenience comes at a cost: there's a lot more personal information out there than ever
Why should we be concerned about it? Misuse of the information can result in1. Risks to physical security sexual predators use the internet to identify
children women may not want their address known to
potential stalkers
2. Risks to economic security unauthorized charges to credit card unauthorized withdrawals from
bank/investment accounts viruses that attack our computers identity theft
3. Unwarranted intrusions into our personal lives
telephone calls disrupt our home and work lives
spam litters our computers with solicitations some including pornography and other
objectionable goods or services
Ziff-Davis Media, Inc. (August, 2002) company's online security system failed due to a
coding error allowed anyone surfing the internet to access about
12,000 subscription orders for the magazine Gaming Monthly.
many had used credit cards to pay for their subscriptions
a number reported that their accounts were used fraudulently
information remained easily available for about a month before "good samaritans" who viewed the material alerted subscribers via e-mail.
Double-Click (March, 2000)
What are “cookies”? files created by an internet site to
store information on your computer your preferences when visiting that site
(e.g., airline itineraries) a record of the pages you looked at
within the site
Good news: cookies only contain information that the user volunteers and cannot infiltrate a user's hard drive and siphon personal information E.g., credit card numbers
Bad news: cookies can also store personally identifiable information that can be used to contact you name e-mail address home or work address telephone number
Cookies permit advertisers to target customers whose previous visits to web sites might suggest an interest in its goods or services.
For example, if you check out the Celtics home page a couple of times, the next time you open a search engine you might encounter an ad from a sporting goods store that sells Celtics clothing
DoubleClick handles advertising for about 1,500 web sites
initially it claimed it would only use "anonymous profiling" when collecting data on individuals.
However, DoubleClick in fact used "pseudonymous" tracking i.e., when it placed cookies on consumers'
computers, it assigned each cookie a unique number this would permit the company to merge the
information with consumers' names if it wished but which it had not yet done when this controversy
arose.
Examples of the kinds of information the DoubleClick kept that had privacy implications included
health inquiries travel plans the names of videos in which the consumer showed
an interest information could, in theory, be useful to video stores
to pitch movies or travel companies to pitch a vacation
could also be used to the consumer's detriment e.g., when applying for insurance
Privacy advocates feared DoubleClick would sell this information to telephone and mail-based direct marketers, health organizations, insurance companies, etc.
After a number of states and the FTC opened privacy investigations, DoubleClick agreed not to link personally identifiable information to anonymous user activity across web sites
some consumer advocates argue that the law should go further
Propose that web sites should be prohibited from placing cookies on consumers' computers without express permission an "opt in" provision
The advertising industry has set up several web sites that allow computer users to "opt out" of having their personal data collected and profiled when they visit commercial internet sites.
Network Advertising Initiative
Financial institutions (banks, insurance companies, securities firms) collect substantial personal ("non-public") information, including names, addresses and phone numbers bank and credit card account numbers income credit histories social security numbers
In the 1990's privacy advocates became concerned when financial institutions began selling customer account information to third parties (e.g., telemarketers) for purposes of marketing non-financial services Discount buying clubs Roadside assistance Credit card loss protection Dental plans
Often kept a percentage of sales
In 1999 Congress passed the "Gramm-Leach-Bililey Financial Modernization Act“ (GLBA)
The Act applies to all "financial institutions," including companies that offer financial products or services, like loans, financial or investment advice, or insurance
1. Affiliation
GLBA repealed Glass-Steagall Act depression-era law that prohibited
banks, securities firms, and insurance companies from affiliating
2. Privacy
GLBA requires financial institutions to protect information collected about individuals
key provisions require them to: disclose to customers their policies and
practices for protecting the privacy of non-public personal information
provide customers annually an opportunity to opt out of having information shared with non-affiliated third parties e.g., telemarketers
notice must offer a reasonable way for the consumer to express choice to opt out
Generally done by providing consumer with either toll-free telephone number; or detachable form with a pre-printed
address
Vermont's Rules on Financial Privacy
Vermont law provides greater protection for consumers than does the federal law
rules adopted by Vermont's Department of Banking, Insurance, Securities and Health Care Administration (BISHCA) use an opt-in provision
financial institutions must obtain a consumer's consent before private financial and health information can be sold to or shared with other companies
BISHCA's rule was challenged by five insurance industry trade groups on First Amendment grounds
February, 2004 a Vermont trial court rejected the challenge to the law
Court referred to financial companies as "high volume traffickers of consumers' intimate personal information"
3. Pretexting
"Information brokers" (also known as individual reference services) gather public information about consumers addresses, licenses, aliases, listed phone
numbers also gather non-public information
unlisted phone numbers, credit card numbers, social security numbers
sell the information.
services provide numerous benefits help law enforcement do their job help lawyers find witnesses help consumers find lost relatives help collection agencies find debtors
Problem is that the availability of this information increases risks of crimes such as identity
theft thwarts consumers' efforts to protect
their privacy (Americanada ad) inaccurate information can result in
problems Florida election results
some information brokers called banks and other financial institutions, under the pretext of being a customer
obtained the customer's account numbers and balances and other personal information
GLBA makes it a crime to engage in pretexting
Credit Reporting consumers’ credit reports contain
significant amounts of personal information credit card numbers social security numbers bank account numbers
federal Fair Credit Reporting Act (FCRA) and Vermont's Fair Credit Reporting Act (VFCRA) provide for the accuracy and privacy of consumer credit reports
FCRA assures privacy by limiting who has access to a credit report
credit reports can only be used or collected for one of the following five “permissible purposes”
for credit for employment for insurance to a governmental agency (e.g., for a license or other
benefit) to a person with a legitimate business need for the
information in connection with a transaction with the consumer
credit reporting agencies generally require the user of the report to certify the purpose for which the report is going to be used.
may also check user's references, visit its place of business, etc.
credit reporting agency must disclose on the report the identity of all parties receiving the information
files must be made available to consumers free if the request comes within 30 days of
denial of credit
VFCRA further protects privacy by requiring that the consumer give
permission before his or her credit report can be accessed
allowing Vermont consumers to receive a copy of their report once a year free of charge