Verily at 03:05 PM 2/5/96 -0500, Duncan Frissell did write:
At 08:25 AM 2/5/96 -0500, Frank Willoughby wrote:
If the Privacy Act were rewritten to be as strict as the BDSG, businesses would have a (mandatory) legal requirement to:
o Ensure that personal data is stored properly (by encrypting it, etc) o Ensure that personal data is not distributed o Ensure that databases are *not* being maintained which describe the characteristics of individuals (buying habits, income, property ownership, etc) wantonly propagated by marketing (direct mail, telemarketing, etc) companies.
Unfortunately, it would also:
* Require government registration of computers and databases containing information about people (whether these computers are used by business or individuals). This eases regulation of computers and future confiscation.
Works great in theory, not in practice. Having worked in Germany for 9 years, I can *guarantee* that the German gov't hasn't implemented the above. It may have been a good idea (in their eyes, not mine), but it isn't implementable in a democratic society - it bogs down in the implementation phase). Are you planning on registering every computer system that each person and company has with the gov't? Most sysadmins I know are up to their ears in work and are barely able (if at all) to recognize which users they have on their system, and why they have accounts at all (business justification). This might also get pretty wild when the ISPs get polled in terms of usage. (Compuserve notwithstanding). Gathering the registration data will be a bear to implement - keeping it current will be impossible (for the forseeable future). Besides, this would cast further shadows of "big brother" and remind former "ossies" in the former GDR/DDR & eastern block of days gone by - which they would probably rather not remember. Also, just because Germany tries this approach (and fails), doesn't mean we have to repeat their mistake in this area.
* Reduce market efficiency by making it harder to match buyers and sellers (because neither could easily find out about he other) thus causing higher prices and poorer people.
Actually, it would probably increase market efficiency as they would be spending their marketing budget on other appropriate methods which have a higher success-ratio. I don't know what the success rates are of mass-mailings, or tele-marketing, but I doubt if they approach 1% (wild guess). Seriously - what is your first impulse when you reach the phone and find out the caller is a tele-marketer? The annoyance factor is rather high for these. More than likely, this was also the reason that unsolicited mass-faxing of marketing info was forbidden by law a while ago? FWIW, personally, I think many marketing organizations have gone off the deep end in their efforts to try to be effective (to wit: putting logos on clothing, in video games, etc; sponsor's logos in Home Pages, 3-5 minutes of TV commercials every 6-10 minutes of TV (for those rare moments one gets to watch TV (thank heavens for cable TV & CNN)). 8^)
* Do nothing to protect personal information from the government which would get to collect more of it than ever in the course of enforcing data protection laws.
You're assuming this isn't happening now? IMO, that would be a rather naive assumption. Personally, I think that the law should also consider exactly this point. The gov't should have no more access to personal information than it needs to carry on its job - and we as taxpayers should decide how much access they need to have.
If you don't want people to know things about you, don't tell them.
Agreed....But, this essentially means giving up your phone, your credit cards, your house, your car, your job, and generally withdrawing from society. Not a particularly viable plan, IMO. The main problem is that the companies do little to nothing about protecting an individual's private data. It isn't any of my business how much money, you make, the amount your home is worth, your credit rating, info about your family (wife, kids, etc), religion, etc - yet, all of these are within the easy access of many individuals who don't have a "need-to-know" of this information. If I don't have a "need-to-know" about this info, I shouldn't be able to access it.
DCF
Of course since we are re-writing the Privacy Act from scratch, we can leave out the items you mentioned & design it the way it should be. Best Regards, Frank