The Personal Privacy Dilemma


Privacy issues often go deeper than many people realize. For example, our company is a self-insurer for health insurance, which means we have to comply with HIPAA (Health Information Portability and Accountability Act), as well as with GLB. I am not sure every employee understands how much of their health information may be stored within their employer's files. Every time they take medical leave, it is part of a company's records. If the company administers a flex-spending account, the records are right there in the company. I am not so sure employees stop to think about that, but at the same time, most companies wouldn't dream of doing anything with the information. This is a single example. The point is that most of us don't spend time thinking about where our sensitive, personal information is stored or who may be transferring that information.

I think most people are not very concerned about personal privacy. Certainly almost no one is bothered by the release of a lot of demographic information that has been purged of personal identifiers. If you subtract the name from the information, it becomes completely non-personal. It makes a lot of sense to me for everyone to get used to having their buying patterns monitored, but without their names being involved.

I am, however, personally bothered by all sales of individual customer information. I don't think it is anyone's business to know personal buying habits. Even the sale of customer lists irritates me. Fortunately, I do not buy anything that embarrasses me, but I can certainly imagine that it could happen. I am very opposed to all sales of personal customer information.

On the other hand, I have tremendous confidence in the medical and financial establishments. Perhaps the confidence is misplaced, but I don't believe they are selling the information I really care about. I am irritated, but not angered, by the sale of my name and address. However, it would bother me greatly to think they were selling my account size, my income level, or the prescription drugs I might be using.

If I could make the law myself, I would prefer a system that allows all sharing necessary to accomplish the customer's purpose and to prevent fraud or unauthorized transactions. For this sharing, no particular customer permission would be required. Any company would be allowed to share information with affiliates or even non-affiliates, as long as they were taking care of the business the consumer had brought in the first place and preventing fraud. This is pretty much the standard established by GLB and state laws. However, a company that means to use the information for any other purpose, such as marketing, or cross-checking files (except to prevent fraud), would have to get the consumer to opt in.

I believe a company should be able to do everything it needs to do to handle the transaction and prevent fraud, but it shouldn't be able to use the information for marketing or other purposes unless the consumer consents.

One frightening scenario that motivated the U.S. Congress to pass GLB was, in fact, permitted by the final law. Recall that GLB was not a privacy law, but instead was intended to replace the Glass-Steagall Act and other Depression-era laws that prohibited the common ownership of different types of financial institutions. Before GLB a bank and an insurance company could not fall under common ownership. After GLB, a lender and a life insurance or health insurance company may be owned in common. When you go to the bank for a business loan, the lender can check with the life or health insurer to find out your medical condition. Your loan application could be rejected because you are being treated for depression. The bank knows of the illness because their affiliated insurance company told them. Gramm-Leach-Bliley doesn't prevent that because affiliated companies can share information freely. And yet that is exactly what the legislators were trying to guard against. This is one type of information-sharing I wish GLB had prohibited.

In some ways GLB has done a good job of protecting personal information. In some ways, it has failed. It should make consumers aware of the business use of their information, and over time, the legislatures will react to public concerns. At the moment, I do not see an overwhelming level of public concern.




The CTO Handbook. The Indispensable Technology Leadership Resource for Chief Technology Officers
The CTO Handbook/Job Manual: A Wealth of Reference Material and Thought Leadership on What Every Manager Needs to Know to Lead Their Technology Team
ISBN: 1587623676
EAN: 2147483647
Year: 2003
Pages: 213

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net