Privacy
Principles
Everyone seems to be
concerned about personal privacy and the use of identifying personal
data. Consumers' fears are not allayed when they learn that 99% of
Web sites are not secure (see issue 97:06:03 "State of Web Commerce")
or when they hear horror stories of private information becoming
public knowledge (see issue 97:08:02, "Personal Data and the
Law").
In an effort to
comfort consumers (and protect them) 14 information industry
companies have adopted self-regulatory principles governing the use
of personal data. The group is the Individual Reference Services
Group (IRSO) and their principles were developed in conjunction with
the Federal Trade Commission (FTC) during its examination of privacy
concerns and personal information uses.
But, will consumers
really be swayed by self-policing? We already know that information
companies do infringe on privacy rights either intentionally or due
to computer bugs. Will consumers believe them simply because they say
they won't do it anymore?
Furthermore, it seems
the group has convinced the FTC (and therefore Congress) that since
the groups are policing themselves, the government doesn't need to do
it. After reviewing the final draft of self-regulatory operating
principles, the FTC has not recommended to Congress any privacy
legislation to regulate the Individual Reference Services Industry.
The FTC report even commends the IRSO for its self-regulatory
efforts.
The principles impose
restrictions on the access and distribution of non-public
information, such as the non-financial identifying information in a
credit report. For example, IRSO companies may not display social
security numbers obtained from non-public sources to the general
public on the Internet. Also, information from non-public sources
about minors will not be available to the public.
There is some
enforcement, albeit weak. Each IRSO member has pledged to be in
compliance with the principles within 12 months. After the initial
compliance period, companies will be subject to yearly audits by a
qualified independent auditor. Also, companies who obtain information
from suppliers and fail to comply with the principles risk losing
access to the data.
Tim Davies, of
LEXIS-NEXIS, commented on the influence the group's principles may
have. "The primary goal of the group was to put together a set of
principles that would address the privacy concerns of individuals
while preserving the right to use information for legitimate and
beneficial purposes like fraud prevention, witness location, and
child support collection," said Davies.
Since the FTC
workshop in June, the IRSO has expanded its membership from nine to
14 companies. The companies now include: Acxiom Corporation; CDB
Infotek; DEC Information Systems; Database Technologies, Inc.;
Equifax; Experian; First Data Solutions, Inc.; Information American,
Inc.; LEXIS-NEXIS; Metromail Corp.; National Fraud Center; On-line
Professional Electronic Network; and Trans Union Corp.
[Return]