Privacy Is The Best Policy

The angry reactions to ChoicePoint's revelation that its database of personal consumer information had been compromised led politicians, in bandwagon fashion, to promise committee hearings and offer up improved legislation to enforce stricter privacy measures on companies dealing with consumer data. But maybe they're on to something. A recent survey revealed the deep ambivalence Americans have about computers' ability to safeguard such sensitive information as medical records. Sensing the potent

Politicians Target I.D. Theft
Just as information broker ChoicePoint Inc. finished sending notification letters last week to about 145,000 consumers whose personal data was placed at risk by con artists who gained access to the company's computers, the calls for more state and federal laws aimed at stemming the tide of identity theft got louder.

Senate Judiciary Committee chairman Arlen Specter, R-Pa., said he'll push for hearings soon on the issue of identity theft, and Democratic Sens. Dianne Feinstein of California, Patrick Leahy of Vermont, and Charles Schumer of New York called for new laws to help fight theft of personal data. "Our system of protecting people's identity is virtually nonexistent in this country," Schumer said at a press conference last week. "We have a patchwork of laws, some of them contradictory, most of them ineffective." He made those comments while criticizing information-broker Westlaw, a division of the Thomson Corp., for providing a service that makes it easy to access millions of Social Security numbers.

According to information on ChoicePoint's Web site, the company noticed potentially fraudulent activity in October and notified law enforcement in Los Angeles. Criminals using stolen identities posed as small businesses to gain access to ChoicePoint's information services. The scam enabled the fraudsters to obtain names, addresses, Social Security numbers, driver's license numbers, and in some cases "abbreviated" credit reports. In January, ChoicePoint said it was cleared by law enforcement to begin notifying California residents whose personal information had been stolen.

California is the only state with a law that requires organizations to notify residents when certain types of personal information is accessed by unauthorized people. Legislatures in New York and Texas have been considering enacting laws similar to California's SB 1386. Last week, following the ChoicePoint development, Georgia lawmakers started discussing that state's data disclosure law, and last month, Sen. Feinstein reintroduced a bill similar to California's on a federal level.

Such laws won't solve the problem, but they might help. "What we need here is companies being more secure with the information they handle," says Michael Overly, a technology attorney with law firm Foley & Lardner. While new laws won't stop such crimes, "companies will spend more on security because they won't want to go through this embarrassment." If the federal government doesn't pass a uniform law, companies could be forced to deal with a raft of state laws. "That would be a mess," Overly says.

A federal law also would force all companies to invest equally in security, says Bruce Schneier, founder and chief technology officer of Counterpane Internet Security Inc. "Federal regulation would even the [security-investment] playing field for all companies," Schneier says, so companies that do spend on security won't be at a financial disadvantage to those that don't.

-- George V. Hulme

Divided Over E-Health Records
While the federal government is investigating ways for most Americans to have electronic medical records within 10 years, a new survey indicates that Americans are sharply divided over whether the benefits of E-health records outweigh privacy risks. The findings were revealed in testimony last week by a privacy expert before the National Committee on Vital and Health Statistics of the U.S. Department of Health and Human Services, as part of government hearings on "Privacy and Health Information Technology."

Alan Westin, professor of public law and government emeritus at Columbia University and director of a new program on IT, health records, and privacy at nonprofit think tank Center for Social and Legal Research, told the committee that 48% of American adults believe the benefits to patients and society of a digital patient-record system outweigh risks to privacy. However, nearly the same percentage--47%--say privacy risks outweigh expected benefits. Four percent say they aren't sure.

The phone survey of 1,012 adults, conducted by Harris Interactive in early February, was commissioned by Westin for his testimony before the committee. Westin, the author of two books on privacy, was asked to appear at the hearings to discuss public attitudes toward health care and privacy in the context of IT applications and programs to develop a national electronic medical-record system. Only 29% of survey respondents were even aware there was a national electronic health-record program under way.

Westin says he isn't surprised that more Americans haven't heard of the national effort to build electronic medical records. "So far it's been loosey-goosey, something that's expected to unfold in 10 years," he says. Also, the subject hasn't been spotlighted yet in the national media, despite President Bush's mention of the effort in his last two State Of The Union addresses.

In his testimony, Westin said the survey also found that two-thirds of adults are worried that sensitive health information could leak out because of weak data security, that there could be more sharing of patients' medical information without their knowledge, and that computerized records could increase rather than decrease medical errors.

-- Marianne Kolbasuk McGee

Feds Seek Privacy Advice
The Department of Homeland Security is tapping the private sector for advice on data privacy. The department named 20 members last week to the newly formed Data Privacy and Integrity Advisory Committee, which will advise secretary Michael Chertoff and chief privacy officer Nuala O'Connor Kelly on policy, operations, and technology issues that could affect data collection, data integrity, and data interoperability.

Panel members come from private industry, such as Kirk Herath, chief privacy officer and associate general counsel at Nationwide Mutual Insurance Co. They also come from tech vendors Computer Associates, IBM, Intel, and Oracle, as well as academia and nonprofit organizations. They're expected to help the department with data-protection, openness, and national-security issues. "The diversity of experience and perspectives represented by this committee will play an important role in advancing the national discourse on privacy and homeland security," O'Connor Kelly said in a statement.

The department raised media eyebrows by appointing the chief privacy officer from Claria Corp., which was founded in 1998 as The Gator Corp., an adware company that settled a lawsuit in 2003 with some of the largest newspaper publishers over claims it wrongly delivered pop-up ads on their sites.

Advisory committee meetings will be held quarterly, with the first meeting April 6 in Washington. Some of the proceedings and information generated from the panel's activities may be kept private because of classification and information-protection laws.

-- Eric Chabrow

FBI Warns Of Worm
The FBI added its voice last week to antivirus companies warning of the Sober.k worm, advising Americans to ignore the E-mail missives that sometimes pose as a tell-us-or-else message from the federal law-enforcement agency.

Sober.k, which also arrives as file attachments to messages offering free access to X-rated videos of heiress Paris Hilton and as security alerts from Microsoft, can appear with a variety of FBI-like addresses, including "[email protected]" and "[email protected]" The text of such messages reads: "Dear Sir/Madam, we have logged your IP-address on more than 40 illegal Websites. Important: Please answer our questions! The list of questions are attached. Yours faithfully, M. John Stellford ++-++ Federal Bureau of Investigation -FBI- ++-++ 935 Pennsylvania Avenue, NW, Room 2130 ++-++ Washington, DC 20535 ++-++ (202) 324-3000"

Not likely. "These E-mails did not come from the FBI," the agency said in a statement. "Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited E-mails to the public in this manner."

Earlier this month, the FBI shut down an E-mail system it used to communicate with the public because of a possible security breach.

-- TechWeb News

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
More Insights
Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service