Fair Credit Reporting Act and Privacy Act

Frank Willoughby frankw at in.net
Mon Feb 5 15:22:25 PST 1996


Verily at 03:05 PM 2/5/96 -0500, Duncan Frissell did write:

>At 08:25 AM 2/5/96 -0500, Frank Willoughby wrote:
>
>>If the Privacy Act were rewritten to be as strict as the BDSG, businesses
>>would have a (mandatory) legal requirement to:
>>
>>o Ensure that personal data is stored properly (by encrypting it, etc)
>>o Ensure that personal data is not distributed
>>o Ensure that databases are *not* being maintained which describe the
>>   characteristics of individuals (buying habits, income, property 
>>   ownership, etc) wantonly propagated by marketing (direct mail, 
>>   telemarketing, etc) companies.  
>>
>
>Unfortunately, it would also:
>
>*  Require government registration of computers and databases containing
>information about people (whether these computers are used by business or
>individuals).  This eases regulation of computers and future confiscation.

Works great in theory, not in practice.  Having worked in Germany for 9 
years, I can *guarantee* that the German gov't hasn't implemented the 
above.  It may have been a good idea (in their eyes, not mine), but it 
isn't implementable in a democratic society - it bogs down in the 
implementation phase).  

Are you planning on registering every computer system that each person and 
company has with the gov't?  Most sysadmins I know are up to their ears in
work and are barely able (if at all) to recognize which users they have on 
their system, and why they have accounts at all (business justification).  
This might also get pretty wild when the ISPs get polled in terms of usage.  
(Compuserve notwithstanding).  

Gathering the registration data will be a bear to implement - keeping it 
current will be impossible (for the forseeable future).  Besides, this
would cast further shadows of "big brother" and remind former "ossies"
in the former GDR/DDR  & eastern block of days gone by - which they would 
probably rather not remember.

Also, just because Germany tries this approach (and fails), doesn't mean 
we have to repeat their mistake in this area.


>
>*  Reduce market efficiency by making it harder to match buyers and sellers
>(because neither could easily find out about he other) thus causing higher
>prices and poorer people. 

Actually, it would probably increase market efficiency as they would be 
spending their marketing budget on other appropriate methods which have 
a higher success-ratio.  I don't know what the success rates are of 
mass-mailings, or tele-marketing, but I doubt if they approach 1% (wild 
guess).  Seriously - what is your first impulse when you reach the phone
and find out the caller is a tele-marketer?  The annoyance factor is 
rather high for these.  More than likely, this was also the reason that
unsolicited mass-faxing of marketing info was forbidden by law a while 
ago?

FWIW, personally, I think many marketing organizations have gone off the 
deep end in their efforts to try to be effective (to wit: putting logos
on clothing, in video games, etc; sponsor's logos in Home Pages, 3-5 minutes
of TV commercials every 6-10 minutes of TV (for those rare moments one gets 
to watch TV (thank heavens for cable TV & CNN)).  8^)


>
>*  Do nothing to protect personal information from the government which
>would get to collect more of it than ever in the course of enforcing data
>protection laws.
>

You're assuming this isn't happening now?  IMO, that would be a rather naive
assumption.  Personally, I think that the law should also consider exactly 
this point.  The gov't should have no more access to personal information 
than it needs to carry on its job - and we as taxpayers should decide how 
much access they need to have.


>If you don't want people to know things about you, don't tell them.

Agreed....But, this essentially means giving up your phone, your credit 
cards, your house, your car, your job, and generally withdrawing from
society.  Not a particularly viable plan, IMO.  The main problem is 
that the companies do little to nothing about protecting an individual's
private data.  It isn't any of my business how much money, you make, 
the amount your home is worth, your credit rating, info about your 
family (wife, kids, etc), religion, etc - yet, all of these are within
the easy access of many individuals who don't have a "need-to-know" of 
this information.  If I don't have a "need-to-know" about this info, I
shouldn't be able to access it.

>
>DCF

Of course since we are re-writing the Privacy Act from scratch, we can
leave out the items you mentioned & design it the way it should be.

Best Regards,


Frank







More information about the cypherpunks-legacy mailing list