~ public thoughts on privacy ~

The Congress and the data aggregators are moving quickly to address the issue of the “sale” of social security numbers. I’m using this space to update you and present some solutions to the vexing tension between computer reliant identity theft and fraud, and the necessary, legitimate access to SSNs.

Lexis Nexis, Choicepoint, Accurint, IRB and Westlaw have all now instituted a policy of truncating the viewing of social security numbers in their databases. However, each system will still use the SSNs to search their database, cross reference the SSN with an address and then provide aggregated information. The search mechanism will work much as before and will meet the needs we and our clients have 90 percent of the time. You won’t be able to secure a SSN and rerun it through another provider.

Choicepoint is scheduling site visits at small businesses to ensure that there is a match between the applicant and the proprietor and that the office is not within a home (it can be a separate detached building). This is a standard due diligence which any of us would typically do for our clients and Choicepoint could have done long ago, particularly after the first compromise of their data 5 years ago. This is water under the bridge. There’s no point in looking back, wondering “what if…”, or blaming the big boys for the fallout private investigators are experiencing.

Both of these measures are healthy, self-regulating but low cost approaches to foiling those who would use the databases for illegal purposes. Choicepoint is charging its customers $100 for the site visit, which is reasonable considering the geographical area they will have to cover and the added paperwork.

We are a resilient industry, if unappreciated by some of the very people we can help, including the privacy advocates and the state and Federal government agencies. Our services are utilized by governments, businesses, attorneys and individuals all in need of solving objective information needs and sometimes personal problems. We’ve been legislated out of access to many types of records that our government maintains: motor vehicle, voter registration and, in some cases, police reports, to name a few (see recent posting, Kern County Redacts Police Reports) . We’re barred from obtaining credit reports, which are privately maintained. But we’re still here, serving our clients and making a living.

The Federal government is attempting to strike a balance between displaying personal identifiers in their electronic case management systems (see my prior post, PACER – Federal Courts and Social Security Numbers) while still making the case documents available. The Internet has made a field of personal information accessible to many people but the technology of securing this data has not kept pace. For more discussion on technological solutions to this quandary see Dennis Bailey’s site, OpenSocietyParadox.

Properly balancing the public’s right and responsibility to monitor its government through free access to information it gathers, with the tendency of the same governments to chip away at civil liberties is a longstanding, ongoing vexatious challenge in a democratic society. The difficulty we face is the combustionable alliance of the absolutist privacy advocates who seek personal invisibility for citizens, with the politicians who respond to vote-getting, short-sighted proposals.

A hue-and-cry is emanating from almost all of the mainstream media and the blogging sphere but little light is leaking out. Some, seemingly off-handedly, with little consideration of the consequences, recommend allowing access to SSNs only if the holder of said SSN authorizes it. Then there’s the chairman of the House Energy and Commerce Committee, who’s also impulsively voicing interest in a ban on the availability of Social Security numbers without the permission of the owner of the number, except when needed by law enforcement. Mr. Gracie at ThoughtMarket doesn’t seem to realize that the information and financial industry is already regulated.

Mark Rotenberg, President of EPIC infers in his Congressional testimony that under current FTC rules action should be taken against data providers for inaccuracies in their database or the distribution of accurate information that affects employment.

The FTC has also failed to pursue claims that it could under section 5 of the FTC
Act that prohibits unfair practices. Practices are unfair if they cause or are likely to cause consumers substantial injury that is neither reasonably avoidable by consumer nor offset by countervailing benefits to consumers and competition.30 It may be that the unfairness doctrine could be applied in cases where there is no direct relationship between the consumer and the company, but to date the FTC has failed to do this.

Additionally, he recommends that the data providers notify the consumer when information on them is accessed, in order for the consumer to correct any errors. While accuracy is to our benefit as well as the consumer’s, this proposal creates an extraordinary financial burden on businesses as well as compromising the security of those that Rotenberg aims to protect.

It is even conceivable that Congress could mandate that information brokers provide to consumers the same information that they propose to sell to a third party prior to the sale. This would make consent meaningful. It would promote record accuracy.

Of course, the electronic access issues are not limited to data providers. There have been unauthorized leaks of personal information from the computers of such giants as Bank of America. And many people have willingly posted their own SSNs on the Internet. Computer scientists are looking for technological solutions, which must go hand-in-hand with government regulation of its uses, along with a check on the misuses to which government may apply these technologies.

Although this topic affects the legal community, there is little in the way of commentary that has found its way onto legal blogger sites. David Canton expresses a restrained view. Robert Ambrogi doesn’t offer any of his own opinions but refers the reader to the recent EPIC posting of FBI documents. LegalMinute thankfully has more text on his/her musings than on the news stories and is in accord with our point of view.

Share

Leave a Reply

Your email address will not be published. Required fields are marked *