TO: Reporters, Interested Parties FR: Ed Mierzwinski, U.S. PIRG, 202-546-9707x314 9 March 05 3 Principles for any Choicepoint Response By Congress/A U.S. PIRG Backgrounder This letter (link http://www.pirg.org/consumer/pdfs/pirgendorsesnelsonmarkey.pdf ) from U.S. PIRG endorsing the Rep. Ed Markey (D-MA)/Sen. Bill Nelson (D-FL) companion bills (HR 1080/S 500) to regulate Choicepoint and other information brokers outlines 3 principles Congress must follow as it moves forward in the wake of the nation’s latest privacy scandal. The letter also describes the history of the failure of the FTC and Congress to regulate information brokers, which allowed them to set up a “parallel universe” of unregulated databases, used for some of the same purposes and sold to most of the same customers as information held by credit bureaus in the strictly regulated universe of the Fair Credit Reporting Act (FCRA). The 3 principles: The 3 principles for any Choicepoint response are simple. First, good privacy policy requires that legislation or regulation be based on Fair Information Practices, second, it must allow for citizen enforcement and, third, it must preserve state authority to protect their citizens better. The Markey-Bill Nelson proposal, the Information Protection and Security Act, meets the three tests. Other proposals addressing other aspects of the Choicepoint response or other privacy problems should also meet the same criteria. Other privacy proposals that are under discussion by Congress to respond to Choicepoint and other privacy problems include the following: federal legislation emulating California’s security breach notification law, stricter regulation of Social Security Numbers, stronger penalties against ID thieves, Internet and wireless privacy and student record privacy. The Principles In Brief: 1) Fair Information Practices (FIPs): The basic information broker business model fails the vast bulk of the FIPs. The FIPs were first outlined in a 1973 HEW report. FIPs formed the basis for the original 1970 FCRA and the 1974 Privacy Act (which applies only to government held databases). Among the FIPs are requirements that data collectors ensure the accuracy, security and integrity of data; collect only limited data and then for specific purposes; allow data subjects to know about, look at and correct their files; not use information for secondary purposes without the subject’s consent; and be held accountable for violations of these practices. 2) Consumer Enforcement: Any good law deters misconduct by allowing consumers to protect their rights by going to court. Any good privacy law should do the same. 3) Preserve State Authority: We wouldn’t have found out about the Choicepoint debacle if California hadn’t enacted security breach legislation. Further, nearly every significant reform (except the risk-based pricing notice) in the 2003 amendments to the FCRA known as the Fair and Accurate Transactions Act (FACT Act) was first enacted by one or more states. More information and resources on why preserving state authority to protect consumer privacy, health, safety and the environment is good public policy is available here http://www.stopatmfees.com/occpirg.htm A model state law to enhance identity theft protections, prepared by PIRG and Consumers Union, is available here. http://www.pirg.org/consumer/credit/model.htm At least a dozen states are considering its credit report security freeze proposal (already enacted in 4 states), 4 states are considering security breach legislation, and others are considering Social Security Number protection and other provisions of the model. Please contact me to discuss any of these matters. Resources U.S. PIRG release (21 Feb) on Choicepoint http://www.pirg.org/consumer/choicepoint.htm State PIRG/Consumers Union release (17 Feb) on Choicepoint and state laws http://www.pirg.org/consumer/pdfs/cupirgschoicepoint.pdf PIRG’s Identity Theft and Credit Reporting pages http://www.pirg.org/consumer/credit Archive of PIRG privacy testimony to Congress http://www.pirg.org/consumer/testimony.htm |
