Consumer lists are not so innocent if you can't opt out
Privacy regulation is a jumble of irreconcilable rules that does little to protect consumer data.
Protection of personal information has drawn increasing attention because of problems such as identity theft, the Hewlett-Packard pretexting scandal, and data losses by major corporations and government agencies. Congress and the states have responded by enacting numerous statutes to protect consumers. But one type of information that has received less attention is the sale of consumer lists.
While most consumers probably understand that mailing and similar lists exist, many may be surprised by the type of information available. Want a list of Jewish donors broken down by age and the presence of children? Check the Web. One broker offers lists of the members of more than 40 ethnic groups. Or maybe you would like one of the dozens of lists of users of particular medications. Lists can be broken down by income, geography, marital status, age, and gender.
The sale of such lists raises several issues. One issue is simply privacy. To be sure, some list creators offer consumers an opportunity to opt out of the sale of information about them. But federal law imposes no obligation to offer an opt-out, and even compilers who offer an opt-out may not explain that the failure to opt out may land consumers on a list organized by ethnicity or other private information. Of course, list sellers have little incentive to tell consumers things that may cause them to opt out because lengthier lists are more valuable.
The availability of lists also permits marketers to engage in discrimination. Federal law bars discriminating on the basis of national origin, for example, in lending, but it does not prevent a seller of products from sending mailings only to members of a favored group. Sellers can also fine-tune their solicitations and make different offers to different groups.
Finally, while it seems unlikely that a person wishing to commit hate crimes would purchase a list of members of a particular ethnic group to commit improper acts, the fact that such lists are available is nevertheless cause for concern.
Rather than enacting comprehensive privacy regulation, the US has proceeded ad hoc, passing legislation in response to particular privacy invasions. For example, Congress answered last year's Hewlett-Packard pretexting scandal by enacting a pretexting statute. As a result, privacy laws are a jumble of irreconcilable rules.
If you buy a Harry Potter book and video, federal law bars the seller from disclosing that you bought the video, but nothing prevents the seller from selling information about your book purchases. That is because Congress was outraged in 1987 when a newspaper published the video rentals of then-Supreme Court nominee Robert Bork. But no one published a list of his book purchases.
Congress has also regulated the sale of consumer financial data, credit reports, and health information, in part because they involve particularly sensitive matters. But the types of information on consumer lists may be just as sensitive. Congress should protect consumer privacy by establishing rules to govern the collection and sale of consumer information. At a minimum, it should require list compilers to disclose to consumers the types of lists they could appear on and allow them to opt out. This way the rights of those who wish to protect their privacy are respected.
• Jeff Sovern is professor of law at St. John's University School of Law in Jamaica, N.Y.