Slashdot Mirror
FTC Rules in Favor of Privacy
christian void writes, "The FTC recently ruled that it is illegal for credit reporting agencies to sell personal information to third parties. Here's an interesting article on a decision that will hopefully have ramifications in other industries. Score one for privacy."
"We regret the commissioners did not agree with our legal opinion, but we are not surprised..."
Heh. In other words, we knew it was illegal, and that we could make a lot of money before anyone decided to enforce the law.
<i>Trans Union has to stop selling the information or pay $2,500 for every violation.</i>
Wish criminal law worked like this for me... "Yeah, you've been consistently breaking the law since 1997, but we'll let you go without punisment, and won't bother to try to correct the harm you're illegal actions have already caused."
Intolerant people should be shot.
I happen to have worked at a Credit Reporting Agency one summer. Granted it was an extension of Equifax (which the article correctly points out does not subsribe to the same standards as Trans Union), but it's not really all that easy to obtain another person's credit report (obtaining your own is as simple as asking for one... you get a free copy each year, but you have to ask for it). At my job we were able to access the Trans Union database of credit reports to compare to our own. The article doesn't seem to mention that a credit report tells more about people than most other documents ever could (ie resumes, biographies, etc). Looking at a person's credit report tells you if that person has ever tried to buy a car (because all car places do credit checks before they sell), how many credit cards they have (and whether they pay them on time), how many loans a person has (and when they've paid those on time as well), and what bank accounts that person has. It's actually quite a revealing document that should never be sold to third-party companies that have no right knowing that kind of information. Most people get their first form of credit when they're about 18, right? That's when they get a credit card, take out a loan, or buy something (car, house, etc). From then on they are tracked by credit and the trail is easy to follow. I'm glad to see the courts get after Trans Union for selling credit reports because no one but the person who's credit it is should be able to see these things!!!
dejanews etc.,
intuit
...also, now they're being investigated
Doubleclick has gone back on it's promise not only not to collect personal information such as real names, ss# etc, but also on the promise not to sell the info they collected to third parties. That means if you searched for something on deja news or other search engines, browsed any sites with doubleclick banners etc., all that info is being collected(including keywords you searched for), matched with your real name and real address which doubleclick gets (I assume) from sites where you registered, and then all that is being sold to third parties.
I bet e-truste, or whatever they're called, doesn't mind, doubleclick did change their privacy statement after all (in case it didn't occur to you to check recently).
Good bye privacy, hello big broth...ahem, doubleclick.
For example, I bet it would still be OK for a Hotline Psychic Friend to take your credit card, and then (now that they are a creditor, i.e. not a "third party") look up your personal info and say "I'm sensing that you've been on a vacation... I see palm trees..."
I think the right answer is disclosure. Anytime anybody buys or sells info about you, you get notified. Then, once we had an idea of how the data is flowing, we can make a judgement as to what we like and don't like. I don't think anything short of that will be good enough.
And, that probably won't be good enough either. I mean, as much as I try to keep my social security cat in the privacy bag, you can't buy a simple thing like a cell phone without forking it over. Why isn't just my credit card good enough? Probably it would be, but the Big Brother and the Phone Holding Companies know that they can get away with forcing disclosure. How about a "no requiring of information that's not necessary" regulation.
It seems to me that this would be a much more effective basis for creating a system for selling personal information: companies must buy the rights to use a persons information. Of course, in many instances individuals would grant use of their information for free, but basing a system on this rule would grant individuals the ability to control in what way their personal information may be used.
For example, I don't want phone solicitations of any kind so would limit access to anyone wanting my phone number. In this digital age it wouldn't even be far fetched for me to allow a clearinghouse to sell my phone number on my behalf for $5 per use. On the other hand, I am active in sports so would grant permission for local sports stores to have access to my address.
This may sound radical, but it is not that different from the current practice. There are a lot of companies out there already selling our personal information. They already act as the clearinghouse I describe. All that would be needed is for them to find out from individuals in what way and for how much they would allow their information used (granted, this is not a trivial task).
Some would argue that this would drive up the cost of gaining access to personal information. As someone interested in personal privacy, that isn't a bad thing. :)
YAAC (Yet Another Anonymous Coward)
OK, now the scam: In the past two years, not one, not two, but three collection agencies have continually sent me mail, claiming to represent the bank that issued the defaulted-upon card. Each of them offers me a chance to "clear my debt" at a deep discount. Granted, the amount of the debt is pretty small, I am willing to pay it, but I have severe doubts as to the credibility of these agencies. At least two of them are scams, and so I haven't acknowledged any of them, for fear of confirming my entry in a scammer's database. When I checked in 1998, none of the three agencies had websites. (maybe I should try again)
My first question, once I realized what was happening, was "How did these people get my name and SSN?" Then I learned how credit agencies will sell your data to just about anyone who can pay the price.
Every one of these letters reads the same: first, I have a short period (10-14 days) in which to reply to get the good deal. Threatening language follows, with vague threats to my credit rating should i fail to respond. The postmark on the letter is typically later than the date on the letter by a significant fraction of the offering period. Next, about three weeks later, comes another letter, stating how I lost my chance, and the entire balance is now due, and making more vehement but still nonspecific threats to my credit rating. Then comes another letter or two, saying that they are going to take action against my credit report. Then silence for a few months, and the cycle repeats.
All three "collectors" use the exact same tactic. It's like they bought the same "collection agency in a box" software kit.
I talked to my lawyer about this and she told me to not do anything until something appears on my credit reports. Only the collector who legitimately owns the debt may report to the credit agency. And even that I can contest, since it is the same debt already reported 10 years ago. So now I collect my credit reports annually (and struggle to read them - damn are they arcane).
But the bottom line is that the credit agencies practically promote this kind of scam by selling the data to people who have no right to it. I wonder how many people have been burned by it?
I can see the fnords!