Who's Selling Your Secrets?

"That the individual shall have full protection in person and in property is a principle as old as the common law; but it has been found necessary from time to time to define anew the exact nature and extent of such protection ... Recent inventions and business methods call attention to the next step which must be taken for the protection of the person and for securing to the individual ... 'the right to be left alone.'"

The more things change, the more they remain the same. The passage above is from "The Right to Privacy," by Samuel Warren and Louis Brandeis, Harvard Law Review, Dec. 15, 1890. In 1928, when a majority of the Supreme Court held that the police had the right to tap telephones without a warrant, Justice Brandeis declared that privacy is "the right to be let alone - the most comprehensive of rights, and the right most valued by civilized men."

Ironically, just five years later, George Bernard Shaw told an audience of New Yorkers: "An American has no sense of privacy. He does not know what it means. There is no such thing in the country." Hyperbole? Probably. But Americans didn't have to worry so much about the security of their personal data when information was stored on paper in files. Pulling together information about an individual from diverse public and private sources took money and time, making it uneconomic, except perhaps for law enforcement, lawsuits, and occasionally exposs by the press. But what in the '30s was a trickle of personal information available to government, businesses, con artists, and snoops has become a raging flood. Americans are losing control of personal data and few appear concerned about it.

This is a critical time for privacy. Advances in data storage and manipulation technology, the computerization and sale of public records by state and local governments, and the constant demand for personal information by marketers have eroded safeguards till, like Alice's Cheshire cat, they have all but disappeared.

* Fact: A few years ago we were using computers that ambled along at speeds of 8 to 12 Mhz and floppy disks that stored 360,000 bytes of information. Today's computers run at speeds of 200 Mhz, with faster chips already being shipped to computer makers and even faster ones on the way. Floppy disks today store 1.4 megabytes and CD-ROMs store 690 megabytes. Oceans of information can be stored cheaply and be quickly accessed and manipulated.

* Fact: State and local governments by law require us to supply them with critical personal information, including names, addresses, telephone and social security numbers, incomes, dependents, automotive vehicles, real and personal property, and professional and business licenses. They then sell this data, plus drivers records, workers' comp, voter registration, and federal and state tax liens to anyone ready to pay. To stem this torrent, Congress passed the Driver's Privacy Protection Act. Starting this fall, individuals may opt out of the use of their data for surveys, marketing, or solicitation.

* Fact: Despite a major media flap about personal information on Lexis-Nexis Ptrack, there are still companies selling names, addresses, phone and social security numbers, and assets and incomes of millions of individuals.

* Fact: The Federal Trade Commission (FTC) has reversed its position on so-called "header information" in credit reports. Contrary to 1989 testimony before Congress, the FTC has agreed that basic data are not protected by the Fair Credit Reporting Act. So the big credit bureaus - Equifax, Experian, and Trans Union - are free to sell this information.

What makes privacy such a crucial issue is that it is now easy, fast, and cheap to surf through everyone's life. Not surprisingly, so-called identity fraud, where someone gets credit cards and loans using someone else's personal information, is a growing problem. In a striking display of bureaucratic schizophrenia, the FTC, having allowed credit bureaus to sell all a con artist needs to steal anyone's identity, held a public meeting last August on strengthening consumer protection.

In 1995, the Privacy Working Group of the Information Infrastructure Task Force issued voluntary "Principles for Providing and Using Personal Information" that propose these basic privacy standards:

Notice: Explain in clear language why information is being collected, what will be done with it, and who will have access to it.

Choice: Ask only for information related to the matter at hand; do not use or sell it for other purposes without permission.

Access: Allow individuals to see their information on request.

Integrity: Provide a convenient and uncomplicated way to correct errors and/or include explanations.

The Fourth Amendment guarantees the right to be secure in our persons, houses, papers, and effects. The common law, Justice Brandeis tells us, protects our privacy as well. Are we losing that protection? If you care about the security and management of your personal information, it's crucial that you make yourself heard. Otherwise, a few people with special interests will exert great influence on the decisions that will soon be made. And the rest of us will suffer the consequences.

* Leslie L. Byrne is special assistant to President Clinton and director of the United States Office of Consumer Affairs.

How You Can Comment

* On April 28, the Office of Management and Budget (OMB) published in the Federal Register a draft, "Options for Promoting Privacy on the National Information Infrastructure." It examines steps the federal government can take to address personal data management and security issues in government records, communications, medical records, and consumer marketing.

The options discussed range from a presidential directive requiring all federal agencies to incorporate the "Principles for Providing and Using Personal Information" in information management and procurement practices to the creation of a federal privacy entity whose jurisdiction would include private sector as well as government data use.

Comments should be submitted to the OMB no later than June 27. They can be sent by mail to the Information Policy Committee, Room 10236, Office of Management and Budget, 725 17th Street, NW, Washington, DC 20503; by e-mail to BERNSTEIN_M@A1.EOP.GOV; or by fax to 202-395-5167.