Privacy Legislation Working Its Way Through Congress

In May, a bill was introduced in Congress to assist US Citizens that want to protect their privacy. It may also help prevent ID theft. The Personal Data Offshoring Protection Act of 2004 (also known as the Markey bill and as H.R. 4366) is setup to limit companies that send personal private data to offshore locations without consumer consent.

The bill gives the Federal Trade Commission policing authority for offshoring of data. Among other things, it requires the FTC to declare which countries have adequate data protection standards written into their laws. It goes on to define “adequate” as meaning that countries must, at a minimum, have laws that are equivalent to US Federal law. Furthermore, to be certified as “adequate” a country must show that it has a propensity to enforce its privacy laws.

By definition, the bill states that the FTC will certify all European Union (EU) countries that are subject to the European Union Data Protection Directive as “adequate” unless the FTC determines that a particular EU country is not enforcing the directive within its borders. It should be noted the EU privacy standards are significantly stronger than those in use in the United States.

The Markey Bill states that companies will be allowed to offshore data to subsidiaries and private contractors in countries that the FTC has declared to provide adequate protection. Consumers must be notified ahead of any such offshoring and must be given the opportunity to object (opt-out).

The bill prevents companies from offshoring personally identifiable data to countries without adequate protections unless consumers have given the company specific written permission to allow such offshoring (opt-in).

The bill does not prevent companies from writing offshoring consent into their terms of service, such as credit card agreements and privacy policies. It does however specifically forbid companies from canceling or denying services to consumers simply for exercising their rights under the bill.

If the bill is enacted it will be more important than ever for consumers to thoroughly read the terms of service agreements and privacy policies of the companies that they do business with. These are the two most likely places for companies to bury information that they don’t want consumers to know about. They are also the most likely places for companies to give consumers information about how to exercise their rights.

by Jim Malmberg

Is the Patriot Act Hurting Job Growth? The Evidence Says “Yes”!

While many Americans are opposed to the Patriot Act because it allows the government to “snoop” without due process, one impact of the law has gone largely overlooked. It may be costing the United States business hence, costing Americans jobs.

It is well known that the United States has some of the weakest privacy laws of any first world nation. The European Union has been involved in negotiations with the US over what passenger data should be released to the government by the airlines that transport them. This process has gone on for more than a year because the United States was asking for data that couldn’t be released under EU privacy laws. Until recently, European air carriers operated under an interim agreement with the EU. It has only been within the past three months that a final agreement was reached, which is far from perfect in the eyes of my EU members. On the surface, it appears that the EU caved to US pressure, with threats that their airlines would find themselves unable to land in the United States. Whether or not the agreement will last is anybody’s bet at this point.

Canada too has strict privacy laws. And in British Columbia, Canadian citizens are making their position known. Don’t outsource work involving confidential information on Canadian citizens to the American companies. The message may be getting through.

The British Columbia Government and Service Employees Union (BCGEU) has come out publicly opposing a move by the government of British Columbia two award two contracts to American Companies. These contracts would involve giving these companies access to highly personal information of union members including name, address, telephone number, social insurance number, family history, employment history, income, credit card and bank numbers, charitable donations and mortgage details.

The BCGEU has said “Privacy guarantees with contractors will be no match for the prying post-9/11 eyes of the U.S. Federal Bureau of Investigation (FBI) or the all- intrusive powers of the U.S Patriot Act.”

George Heyman, president of the BCEU said in a letter to the British Columbia Privacy Minister that, "The FBI can use the USA Patriot Act to knock down any legal, constitutional or electronic walls to get British Columbians’ personal information."

"And once that information is released it’s impossible to predict how far within American agencies it will be distributed, or how it will be used,"

"In this era of post 9/11 hysteria, where American authorities call Canada as a haven for terrorists, that’s an empty reassurance. In our submission, we argue there’s every indication that for the United States, homeland security is its first, highest priority-the rights of its own citizens are a distant second, and it is unconcerned about the sensitivities of other nations."

The BCEU has initiated legal action to prevent the awarding of these contracts. It has also requested a public inquiry be convened to openly discuss the outsourcing of sensitive data to firms based in the US.

By Jim Malmberg

Are Insurance Companies Sharing Data On Homeowners Claims? Get at CLUE!

If you own a home, you may want to think twice before filing a homeowner’s claim with your insurance company. That is because 90% of the insurance companies in the country now share claim information through two databases. One which is run by ChoicePoint, called CLUE. The other run by Insurance Services Office, called A-Plus. Typically, reports issued by either database are referred to as CLUE reports.

If your home is listed in one of these databases, it could be uninsureable through private companies. This in turn could have a real impact on the value and salability of your home.

Unfortunately, most consumers are unaware of CLUE until they are impacted by it. This usually follows the filing of an insurance claim.

It is not uncommon for insurance companies to pay claims and then send notice of policy cancellation. Since Hurricane Andrew hit Florida in the early 1990’s, followed shortly thereafter with the Northridge Earthquake in California, insurance companies have made it more and more difficult for consumers to keep their policies active after filing a claim. Insurance company losses in these two disasters were staggering. Many of insurers were also heavily invested in the stock market when it started to drop in 2001. While you may think that this issue should fall into the category of “Not my problem”, stock market losses, combined with disaster payouts have left the insurance industry scrambling to find ways to minimize risk. In other words, they have made it your problem.

Many insurance companies are especially sensitive to any water damage. They are concerned about the liability they may incur for claims of mold, which some believe have health consequences that could make a home uninhabitable.

If you file a claim for water damage, even if it is minor, you could find that your house is written up in CLUE, you policy is cancelled and your property difficult or very expensive to insure. It could also hit you right in the wallet by making your property less desirable to potential buyers.

Because CLUE is relatively new, only roughly 30% of homes actually have CLUE reports. With the average homeowner filing one claim every ten years, it will be some time before the majority of homes are covered.

Consumers who find that their home is included in CLUE do have certain rights, similar to those associated with credit reports. If you are turned down for insurance or if there is some other adverse action taken by an insurance company based on a CLUE report, you have a right to a free copy of the report. You also have a right to submit corrections in the event you find errors on the report.

If you just want to see a copy of your report, you can purchase it for anywhere from $9 to $13, depending upon which report you buy. At present, only property owners and insurance companies have access to CLUE. If you are purchasing a property, you have no right to the report, but there are some things you can do to protect yourself in the event the home you are buying has adverse information in CLUE.

First of all, you may want to have your realtor write into your purchase agreement that if the house is turned down for insurance based on information contained in CLUE, you have a right to back out of the sale.

Secondly, you should apply for insurance as soon as your offer is accepted. This will insure that you find out if there are any problems quickly.

As with credit reports, CLUE reports contain enough information for an ID thief to steel your identity. If you pull such a report on a property you own, keep the report in a safe place. If you dispose of it, don’t throw it out. Shred it.

There is a concern among privacy activists familiar with CLUE that access to the database within the insurance industry may be too wide spread. That people without a need to know may have access to your private information. Unfortunately, unlike with credit reports, you don’t have a right to know when an insurance company pulls your CLUE report. Furthermore, there is no way for you to freeze your information in CLUE. The best protection that you may have is to be aware of what, if any data on your property is contained in CLUE.

You may also want to think twice before you file an insurance claim on your home. Although it may not seem fair, current laws do not prohibit insurance companies from sharing data with each other. If you file a claim, it could cause your property value to drop. It could also be giving people who work within insurance companies the ability to steal your identity by provide access to information that you want kept private.

by Jim Malmberg