goldman.html

CFP'91 - Goldman

Personal Information and Privacy

Janlori Goldman

Director, ACLU Project on Privacy and Technology

A growing public demand for the protection of personal privacy has been well-documented. A person's right to control personal information held by others is an enduring and cherished value in this country, at the heart of individual freedom, autonomy and individuality. Crucial to one's sense of "self" is the right to maintain some decision-making power over what information to divulge, to whom, and for what purpose. Yet, in the midst of revolutionary advances in information technologies, individuals are increasingly losing control over personal information collected, maintained, used, and disseminated by both the federal government and private institutions.

Our right to privacy dwindles each year, giving way under the tremendous institutional pressure to collect and use information. Technology has overtaken current law, leaving society without a new set of social mores to limit and define the extent to which advanced technology can be used to know all we can about each other. The danger is that a watched society is a conformist society, one in which people are afraid to act or believe in ways that call attention to themselves or arouse suspicions. As one commentator observed:

"[A person] who is compelled to live every minute of...life among others and whose every need, thought, desire, fancy or gratification is subject to public scrutiny, has been deprived of...individuality and human dignity. Such an individual merges with the mass. [That person's] opinions, being public, tend never to be different;...aspirations, being known, tend always to be conventionally accepted ones;...feelings, being openly exhibited, tend to lose their quality of unique personal warmth and to become the feelings of every [person]. Such a being, although sentient, is fungible, [and] is not an individual." (1)

Information privacy legislation is needed to restrict access to personal information held by banks, schools, the credit industry, cable and video companies, and others. These laws serve as precedents for legislative proposals that would establish, on a case- by-case basis, an incremental series of privacy rights in information held by the government and private institutions, including protections for medical, insurance, telephone, personnel and retail records. Further, legislation is needed to respond to advanced information technology that gives institutions the power to instantly exchange, compare, verify, profile, and, most importantly, link information in separate databases.

Government databases containing private information on every citizen are increasingly being linked, giving rise to what the Congressional Office of Technology Assessment terms a "de facto national database" on most Americans. There is growing support for a tamper-proof national ID card which, if created, would dramatically increase the possibility of linking data records and conducting surveillance of citizens by establishing a common identifier for multiple party record systems in both the public and private sector.

Statutory standards should incorporate a balance between the sensitivity of the information at stake and the institutional justification or need for the information -- the more sensitive the information, the more compelling the need must be for its collection, and the higher the standard must be for its disclosure to others. In this way, individuals will be able to maintain some meaningful control over personal information divulged as a condition of receiving government benefits or in the course of doing business with others.

The momentum to protect personal information held by federal agencies, sparked by years of hearings, privacy abuses and culminating in the Watergate scandal, was maintained long enough for Congress to pass the Privacy Act of 1974. In addition, Congress has responded to the pressing need to protect personal information maintained by private institutions. Privacy advocates must continue to seize upon such targets of opportunity to heighten public awareness about the need for privacy legislation. Privacy advocates must inject their voices into the planning process to create a forum for debate on information and individual privacy.

The major priorities in the privacy area for the 102nd Congress will be to: 1) enact legislation to strengthen and update the Fair Credit Reporting Act; 2) support legislation to regulate Caller ID and bring it under the wing of the Electronic Communication Privacy Act; 3) oppose congressional efforts to establish a national ID card; 4) establish a mandate for privacy protections for medical and insurance records; and 5) pursue a major overhaul of the 1974 Privacy Act. A summary of these issues follows:

I. Fair Credit Reporting Act

In 1970, Congress enacted the first law to regulate the credit reporting industry. The Fair Credit Reporting Act (FCRA) was intended to give people a measure of control over the personal information collected and used by the industry. Weaknesses in the Act, coupled with dramatic changes in how the industry operates, have created a mandate for rewriting the law.

Legislation introduced in the 101st Congress has been reintroduced this year. The bills, if passed, will limit "prescreening" activities in which credit reporting companies disclose personal information for marketing and credit purposes without the knowledge and consent of individuals. Also, disclosures unrelated to the granting of credit or employment would be limited. The proposed legislation would grant people the right to see their files, for free on a regular basis, and make any necessary corrections or updates. Remedies for violations under the Act would be expanded and the Federal Trade Commission (FTC) would possess greater authority to oversee and enforce the law.

The ACLU strongly supports these proposed changes to the FCRA, introduced by Reps. Richard Lehman (D-CA), Charles Schumer (D-NY) and Bill Rinaldo (R-NJ), to regulate the disclosure of detailed personal information in critical areas of peoples' lives, including employment, housing, insurance and credit.

II. Caller ID

New telephone technologies promise to enhance privacy and give individuals greater control over their lives, but also threaten to undermine these very same rights. One such device is Caller ID, or Automatic Number Identification (ANI), which displays the telephone number of an incoming call as the phone is ringing. The 102nd Congress is expected to address a number of information privacy issues posed by the development and use of this new technology.

The ACLU supports proposed legislation introduced by Sen. Herb Kohl (D-WI) and Reps. Don Edwards (D-CA) and Mike Synar (D-OK) to amend the Electronic Communications Privacy Act (ECPA) to authorize Caller ID only if callers have the ability to block the display of their number on the receiving end. We believe "blocking" creates a fair balance between the competing privacy interests of makers and receivers of phone calls, giving both parties the ability to receive and control information.

III. National ID Card

As the need for access to information intensifies, various groups have been exerting political pressure for a national identification card linked to computerized databases. In fact, an identification card proposal nearly became part of the final Immigration Act of 1990, but was ultimately defeated. For some, the use of a national identifier is already a reality. For example, a pilot program authorized by the Immigration Reform Act of 1986 requires employers to contact the Social Security Administration (SSA) to immediately validate the Social Security numbers of all prospective employees. The program is stop-gap effort while a congressionally- mandated Administration study continues to look at the feasibility of a fraud-proof ID card. However, the test illustrates why civil libertarians are concerned about such an ID system.

Proponents of a fraud-proof employment card for use in the immigration context argue that it will only be used for this purpose. However, similar arguments were made about the use of the Social Security number. Originally, it was only to be used to keep tract of taxes owed under the Social Security System. Congress recently mandated the use of Social Security numbers in all needs-based social welfare programs to permit accurate identification of applicants and to provide for fast computer retrieval of data on applicants from various databases. Opponents of a national ID card fear that its uses will, like the Social Security number, grow with time. If tamper-proof, it will become a common identifier -- linking personal data files together for a host of different purposes.

IV. Medical and Insurance Records

Currently, there is no comprehensive federal law that regulates the use of medical and insurance records. During the 102nd Congress, the ACLU plans to pull together a coalition of privacy and consumer advocates to support federal legislation to create fair information practices in this area.

V. Privacy Act of 1974

The Privacy Act of 1974, which was enacted to regulate the government's use of personal information, has failed to work in the way intended by Congress. Shortly after its passage, the political swing away from privacy and towards bureaucratic efficiency revealed the Act's structural and conceptual weaknesses. The Act needs to be rewritten to strengthen its major principle -- information collected for one purpose may not be used for a different purpose without the individual's consent.

The ACLU will continue to press for a major overhaul of the federal Privacy Act of 1974. A consensus exists that the Act is often ineffective in giving people meaningful control of personal information collected and used by government agencies. The ACLU is preparing to hold a conference to identify weaknesses in the law and potential solutions. We hope to see strengthening legislation introduced during the 102nd Congress.

(1) Bloustein, Privacy as an Aspect of Human Dignity: An Answer to Prosser. 39 N.Y.U. L. Rev.962 (1964)

Copyright, 1991, Jim Warren & Computer Professionals for Social Responsibility All rights to copy the materials contained herein are reserved, except as hereafter explicitly licensed and permitted for anyone: Anyone may receive, store and distribute copies of this ASCII-format computer textfile in purely magnetic or electronic form, including on computer networks, computer bulletin board systems, computer conferencing systems, free computer diskettes, and host and personal computers, provided and only provided that:

this file, including this notice, is not altered in any manner, and
no profit or payment of any kind is charged for its distribution, other than normal online connect-time fees or the cost of the magnetic media, and
it is not reproduced nor distributed in printed or paper form, nor on CD ROM, nor in any form other than the electronic forms described above without prior written permission from the copyright holder.