Slashdot Mirror
FTC Rules in Favor of Privacy
christian void writes, "The FTC recently ruled that it is illegal for credit reporting agencies to sell personal information to third parties. Here's an interesting article on a decision that will hopefully have ramifications in other industries. Score one for privacy."
I skimmed through the article, but I don't recall seeing any information on whether the companies that Trans Union sold the data to are also similarly restricited. Once the genie is out of the bottle, hasn't the dsamage already been done? What's to prevent the marketing institutions to continue using data they have already gined, and in turn, pass that through to other, potentially larger data-mining companies?
Also, as I'm in the dark on this, are there any laws that prohibit the legitimate institutions from re-selling the information upstream to data companies? What's to prevent Bob's Auto Dealership from turning around and doing the exact same thing that Trans Union just did?
--sugarman--
"We regret the commissioners did not agree with our legal opinion, but we are not surprised..."
Heh. In other words, we knew it was illegal, and that we could make a lot of money before anyone decided to enforce the law.
<i>Trans Union has to stop selling the information or pay $2,500 for every violation.</i>
Wish criminal law worked like this for me... "Yeah, you've been consistently breaking the law since 1997, but we'll let you go without punisment, and won't bother to try to correct the harm you're illegal actions have already caused."
Intolerant people should be shot.
I happen to have worked at a Credit Reporting Agency one summer. Granted it was an extension of Equifax (which the article correctly points out does not subsribe to the same standards as Trans Union), but it's not really all that easy to obtain another person's credit report (obtaining your own is as simple as asking for one... you get a free copy each year, but you have to ask for it). At my job we were able to access the Trans Union database of credit reports to compare to our own. The article doesn't seem to mention that a credit report tells more about people than most other documents ever could (ie resumes, biographies, etc). Looking at a person's credit report tells you if that person has ever tried to buy a car (because all car places do credit checks before they sell), how many credit cards they have (and whether they pay them on time), how many loans a person has (and when they've paid those on time as well), and what bank accounts that person has. It's actually quite a revealing document that should never be sold to third-party companies that have no right knowing that kind of information. Most people get their first form of credit when they're about 18, right? That's when they get a credit card, take out a loan, or buy something (car, house, etc). From then on they are tracked by credit and the trail is easy to follow. I'm glad to see the courts get after Trans Union for selling credit reports because no one but the person who's credit it is should be able to see these things!!!
dejanews etc.,
intuit
...also, now they're being investigated
Doubleclick has gone back on it's promise not only not to collect personal information such as real names, ss# etc, but also on the promise not to sell the info they collected to third parties. That means if you searched for something on deja news or other search engines, browsed any sites with doubleclick banners etc., all that info is being collected(including keywords you searched for), matched with your real name and real address which doubleclick gets (I assume) from sites where you registered, and then all that is being sold to third parties.
I bet e-truste, or whatever they're called, doesn't mind, doubleclick did change their privacy statement after all (in case it didn't occur to you to check recently).
Good bye privacy, hello big broth...ahem, doubleclick.
For example, I bet it would still be OK for a Hotline Psychic Friend to take your credit card, and then (now that they are a creditor, i.e. not a "third party") look up your personal info and say "I'm sensing that you've been on a vacation... I see palm trees..."
I think the right answer is disclosure. Anytime anybody buys or sells info about you, you get notified. Then, once we had an idea of how the data is flowing, we can make a judgement as to what we like and don't like. I don't think anything short of that will be good enough.
And, that probably won't be good enough either. I mean, as much as I try to keep my social security cat in the privacy bag, you can't buy a simple thing like a cell phone without forking it over. Why isn't just my credit card good enough? Probably it would be, but the Big Brother and the Phone Holding Companies know that they can get away with forcing disclosure. How about a "no requiring of information that's not necessary" regulation.
I just recently bought a house, and hence got my first mortgage. Ever since, I have been deluged by both junk mail and telemarketers. I get mail either offering some sort of loan or home fix-up crap literally every single day. I get I don't know how many phone calls every week. Quite a few of them call during the day when I'm out, but I probably end up answering four or five calls from them a week.
I had figured that the company I got the mortgage from must have sold my name, but now I'm suspecting that it was TransUnion. Of course, due to the crappy state of privacy laws here in the US, I'll never know for sure. Oh well. I've got a friend who literally never answers the phone. He has his machine set to pick up after one ring, and you have to talk to the machine to get him to pick up. I used to think that he was just neurotic or something, but I'm giving serious thought to doing the same thing myself to avoid the telemarketers.
Slightly off-topic, but does anyone know of any good answering machine software for Linux? I would really like to be able to have an answering machine that acts normally if someone calls with valid caller-id info, and basically rejects anyone whose number doesn't come thru on caller id. Contrary to popular belief, the primary beneficiary of blocked caller id is telemarketers, not individuals. If the phone numbers of these companies actually came thru, we could just call them back and offer to sell them stuff, drastically increasing their costs. Or at least block the numbers out. Oh well.
of the war against Corporate abuse of privacy. It's interesting to note that both(?!) of Trans Union Corp's competitors have supposedly discontinued the practices involved in this breach. It might also be of interest to note that Equifax is now operating fully as a North American agency, not just a US one.
What this underscore to me is a simple question; why are Corporate persons being given more rights than real persons? When are the rights of real people going to receive primacy in Law? Though I didn't pursue a legal career, from what I remember of my Law courses a company is considered a person with all the rights and obligations involved- so why is it becoming more and more that companies are being allowed to abuse not only the system but the people in the system as well?
As an individual I'm expected to respect and abide by the laws of the land and to maintain my end of the social contract regardless of my financial means; if I break the law I receive punishment in the form of potentially crippling fines or even jail. If law is to punish me as a legal person for failure in this regard, why is it that the *other* legal persons Business are not only not punished for similar infractions, but are instead rewarded?
These guys at Trans Union are laughing at the commission- they've made millions illegally and now that they are finally caught they don't even get a slap on the wrist.
It seems to me that this would be a much more effective basis for creating a system for selling personal information: companies must buy the rights to use a persons information. Of course, in many instances individuals would grant use of their information for free, but basing a system on this rule would grant individuals the ability to control in what way their personal information may be used.
For example, I don't want phone solicitations of any kind so would limit access to anyone wanting my phone number. In this digital age it wouldn't even be far fetched for me to allow a clearinghouse to sell my phone number on my behalf for $5 per use. On the other hand, I am active in sports so would grant permission for local sports stores to have access to my address.
This may sound radical, but it is not that different from the current practice. There are a lot of companies out there already selling our personal information. They already act as the clearinghouse I describe. All that would be needed is for them to find out from individuals in what way and for how much they would allow their information used (granted, this is not a trivial task).
Some would argue that this would drive up the cost of gaining access to personal information. As someone interested in personal privacy, that isn't a bad thing. :)
YAAC (Yet Another Anonymous Coward)
OK, now the scam: In the past two years, not one, not two, but three collection agencies have continually sent me mail, claiming to represent the bank that issued the defaulted-upon card. Each of them offers me a chance to "clear my debt" at a deep discount. Granted, the amount of the debt is pretty small, I am willing to pay it, but I have severe doubts as to the credibility of these agencies. At least two of them are scams, and so I haven't acknowledged any of them, for fear of confirming my entry in a scammer's database. When I checked in 1998, none of the three agencies had websites. (maybe I should try again)
My first question, once I realized what was happening, was "How did these people get my name and SSN?" Then I learned how credit agencies will sell your data to just about anyone who can pay the price.
Every one of these letters reads the same: first, I have a short period (10-14 days) in which to reply to get the good deal. Threatening language follows, with vague threats to my credit rating should i fail to respond. The postmark on the letter is typically later than the date on the letter by a significant fraction of the offering period. Next, about three weeks later, comes another letter, stating how I lost my chance, and the entire balance is now due, and making more vehement but still nonspecific threats to my credit rating. Then comes another letter or two, saying that they are going to take action against my credit report. Then silence for a few months, and the cycle repeats.
All three "collectors" use the exact same tactic. It's like they bought the same "collection agency in a box" software kit.
I talked to my lawyer about this and she told me to not do anything until something appears on my credit reports. Only the collector who legitimately owns the debt may report to the credit agency. And even that I can contest, since it is the same debt already reported 10 years ago. So now I collect my credit reports annually (and struggle to read them - damn are they arcane).
But the bottom line is that the credit agencies practically promote this kind of scam by selling the data to people who have no right to it. I wonder how many people have been burned by it?
I can see the fnords!
Why do we get blanketed with this $^#%?
It works. Anytime you buy so much as one item from something you got in the mail, it is a major return on investment for the bulk mailer. If you buy something in response to something you got in the mail, you have really dug yourself a hole. Don't buy/subscribe to stuff that way. If you want a good/service, find another way to get it so that they don't get the little ref # that tags along with thier bulk ad.
Several sites, such as junkbuster(s) [i don' know the spelling or url] give a long list of steps to get off various lists, including addresses.
I sent demands to the three credit beaurau's (sp?) demanding that they immediately cease and desist selling my credit info. So far, only one has replied, with a copy of my credit report. One full page of inquiries were listed, with only 6 that were legit. All the others were promotional - read sold - to various companies. Chevron was making an inquiry every other month! Guess what gas company I don't patronize anymore.
You must take an active stance to stop this junk. Once you do you will see results. Also, when you get another credit ap, return the envelope to the sender, with a letter informing them that all further correspondence will be subject to a $500/per piece proofreading charge. It costs them mail money, and gives you a nice lever to use against them. It also wastes their time sending the letter through channels.
Uncle Sam is for sale. He doesn't care about your right to privacy. Therefore you must take matters into your own hands to defend yourself. I know its not right, but until we can all get together and provide enough influence on our elected representatives, it is the only option to insure our privacy. Write to your local and state officials and let them know how you feel. Polite and well written letters are VERY effective, if you just take the time to write them. The squeaky wheel gets the grease, so start squeaking - loud enough to drown out some (all) of that cash from the big corporations.
Sorry this was so long, but I'm having success, and hope I can inspire a few others to get going.
The first thing we do, let's kill all the lawyers. Shakespeare, Henry VI, Part 2, Act 4, Scene 2