Copyright 2000 The Washington Post
The Washington
Post
September 20, 2000, Wednesday, Final Edition
SECTION: FINANCIAL; Pg. G11; WIRED ECONOMY
LENGTH: 1278 words
HEADLINE:
States Jump Into Privacy Battle; New Bills Set Limits On Use of Customers'
Personal Data
BYLINE: Robert O'Harrow Jr. , Washington
Post Staff Writer
BODY:
A new federal law
requiring banks, insurers and securities firms to handle customers' personal
information with more care was supposed to quell the demand for financial
privacy restrictions.
At least that's what industry insiders hoped last
fall when they agreed to go along with privacy rules included in the historic
Gramm-Leach-Bliley Act, which overhauled the financial services industry for the
first time in six decades.
But privacy advocates who thought the rules
were too weak included a small provision in the law allowing states to enact
tougher rules of their own.
Since then, lawmakers from California to
Massachusetts have offered bills that would limit the use of customer financial
information for marketing, curb the availability of credit records, and give
customers new power over when banks and other financial companies could sell
their names, addresses and other information to outsiders. The rush of
legislative activity on the financial privacy front has added momentum to an
array of other privacy proposals to give consumers and computer users more say
over how their personal information is gathered and used.
They include
plans to restrict the sharing of government information, such as
driver's-license records, limits on the surveillance of employees, proposals to
fight identity theft, and protection for health records.
The surge of
activity demonstrates just how quickly privacy, both on the Internet and off,
has evolved from a fringe issue a few years ago to a mainstream political cause.
The issue commands attention from presidential candidates Gore and Bush, and
from both liberal and conservative elected officials, who sometimes seem to be
stumbling over themselves to be the first to propose new legislation.
White House privacy counselor Peter Swire said the issue is not going
away any time soon. "With our information systems changing so rapidly, we are
being forced to make decisions about personal privacy," Swire said.
He
said the country needs to strike the right balance between protecting the needs
of individuals and encouraging development of the Internet and other information
technology.
"There are more privacy bills out there and more Internet
bills out there than we've ever seen before," said Ari Schwartz of the Center
for Democracy and Technology, a nonprofit group in the District.
This
trend troubles media and public interest experts, who worry about losing access
to records they say enables oversight of government activity. "If you don't have
open government, you won't have participatory democracy," said Rebecca
Daugherty, freedom of information director for the Reporters Committee for
Freedom of the Press, a non-profit advocacy group. "The public has to be able to
see how government affects different people."
While there's no question
that privacy is hot, it remains unclear how all the legislative activity will
play out.
Consider the response to the Gramm-Leach-Bliley law. About two
dozen state proposals would have obligated banks, insurers and securities firms
to get customers' approval before sharing their names and account information,
something the industry is loath to accept.
But financial services
lobbyists mounted a counteroffensive and convinced state legislators to wait and
see how the federal law, which takes effect in November, works before approving
new restrictions.
"They wisely sat back and said, 'There's a national
program in the works. Let's see what happens,' " said Mathew H. Street,
associate general counsel of the American Bankers Association. "They are going
to watch very carefully for how Gramm-Leach-Bliley unfolds."
At the same
time, there is clearly momentum on laws dealing with government records,
according to StateScape, a company that tracks legislative activity.
For
example, a new law in Alaska, signed by Gov. Tony Knowles (D) in May, requires
state officials to obtain permission from drivers before releasing motor vehicle
records, according to a StateScape report.
Connecticut and Idaho
approved laws prohibiting the disclosure of a driver's license photo or other
records without the driver's permission. Michigan approved an even more
stringent law, prohibiting state officials from selling driver information for
marketing or surveys.
In Georgia, legislators took up the issue of
wiretapping and other sorts of surveillance, at home or work. They made it
unlawful to distribute photos, videos or other recordings of someone's activity
in a private place without permission from all the people involved. Gov. Roy
Barnes (D) signed that law in April.
The growing problem of identity
theft has also received a lot of attention.
South Carolina legislators,
for instance, approved the Personal Financial Security Act, making it unlawful
to take on the persona of another person. Maryland's legislature prohibited the
use of Social Security numbers on driver's licenses, pharmacy records, and
public school and employee identification cards.
Legislators in Wyoming
eliminated a state requirement to put Social Security numbers on driver's
licenses. Those in Washington, meanwhile, prohibited businesses from printing
entire credit card numbers on receipts and took other measures to protect bank
account numbers and other consumer data from misuse.
Medical privacy
also generated a lot of debate. Maryland took the lead this year in prohibiting
the sale or sharing of medical records. The state of Washington required health
plans to protect the privacy of patient information.
John Grant, a
senior legislative analyst at StateScape, said all this legislation likely is a
prelude to even more activity.
"There's a ton of debate. You have a
whole lot of people who want to do a whole lot of different things. And there
are a whole lot of different ways to 'solve this problem,' " Grant said. "This
will be a hot issue again next year."
Indeed, at least three dozen other
bills covering a broad array of privacy concerns are pending in legislatures
across the country, he said.
Chief among them is a sweeping law that the
California legislature approved on Sept. 1. If signed by Gov. Gray Davis (D), it
would give individuals the right to sue businesses that distribute their names,
Social Security numbers and other personal information without permission. It
also would create a government agency, the Office of Privacy Protection, to
oversee implementation of the new law.
"Privacy of personal information
is a fundamental right specifically preserved in our State Constitution. SB 129
is a real, meaningful step toward protecting the information of all
Californians," said state Sen. Steve Peace, a Democrat who sponsored the bill.
"Our personal information and identities should be protected by laws, much like
company trademarks are protected."
Another pending bill in California
would regulate databases containing Social Security numbers, fingerprints,
voiceprints, genetic information and other identifiers.
In Virginia, a
bill would give consumers more authority to prevent banks and other financial
companies from releasing personal information.
In addition, more than a
dozen states have begun studies of the issue. Alabama this year approved a
Consumer Information Privacy Study Committee. Arizona will have a Privacy Ad Hoc
Study Committee to look at state-run databases.
Iowa's Personal Privacy
Issues Study Committee, as well as New Hampshire's Interim Health
Information Privacy Study, will focus on data collected by genetic
testing. And Oregon's Internet Commission will be among several new groups
examining the impact of new technology on privacy.
GRAPHIC: ILL,,DAVE BLACK FOR
TWP
LOAD-DATE: September 20, 2000
